Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"sweetpacks" malware, stij.exe, possible streaming issue [Clos

Started by trusty , Feb 19 2014 02:12 AM

  • This topic is locked This topic is locked

#1
trusty
Posted 19 February 2014 - 02:12 AM

trusty

    Member

  • Member
  • PipPip
  • 12 posts
Hi everyone! Thanks for taking the time to help in advance.

I've been having this url in my homepage and new-tabs I create in firefox and chrome browsers:
" http://www.sweetpack...23&src=95&st=23 "

Even after changing my homepage, tab url, the sweetpacks url continues to popup.

My second problem, I always have a process by the name of "stij.exe" and "stij.exe*32" running. Every time I end the process it reopens.

Lastly and most recently, I've been having an issue with streaming videos on websites. When I reboot my computer and immediately open a browser to play streams, it loads without problems. I am able to click and browse anywhere on the timeline and streaming is flawless. However, after a few moments, the video player will pause and cease responding. From that moment on, every streaming player I find will no longer respond. The players range from flash based, jwplayer, or divx. This problem excludes mainstream websites like youtube, vimeo, vine, etc. I understand this may not be a malware problem but I figured i'd ask, any help is appreciated!

I'm attaching the OTL text file and here is the copy for quick browsing:

OTL logfile created on: 2/19/2014 2:45:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 49.66% Memory free
7.99 Gb Paging File | 5.37 Gb Available in Paging File | 67.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 410.53 Gb Free Space | 44.08% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/19 02:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL (2).exe
PRC - [2014/02/03 16:40:07 | 002,552,856 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2014/01/08 12:59:52 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/08 12:59:52 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013/12/29 05:12:42 | 000,943,408 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/03 16:40:07 | 002,552,856 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/02/01 18:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/08 12:59:52 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013/12/29 05:12:44 | 001,150,256 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/12/29 05:12:42 | 000,943,408 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/29 05:12:40 | 001,833,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/02/14 22:00:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/04 19:08:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2014/01/08 12:59:52 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 00:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/02/08 23:09:27 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/14 22:31:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/03/26 08:28:58 | 005,404,472 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/12/03 21:58:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/03 01:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/11/25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/10 13:23:24 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/05/19 14:50:28 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/19 00:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 00:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/01/26 00:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/04/26 21:25:18 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2010/04/26 21:25:18 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2010/04/07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/09 09:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/07/02 15:01:03 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-50E54930AC42}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-50E54930AC42}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 0A 66 94 30 D7 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-06 12:54:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-50E54930AC42}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.3: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://mysearch.swee...st=23&st=23&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "ww.google.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: " http://www.google.co...ogle Search&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/17 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/08 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2013/12/02 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions
[2011/11/11 20:25:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar
[2013/11/05 19:51:09 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]
[2013/12/02 17:16:17 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\plugins
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\userCode
[2012/12/11 23:29:41 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/19 14:50:32 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/10/27 23:56:11 | 000,001,726 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Bing.xml
[2013/09/24 10:23:33 | 000,002,115 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart Search.xml
[2013/06/17 19:20:17 | 000,002,100 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart.xml
[2013/05/19 14:50:06 | 000,001,720 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\sweetim.xml
[2013/12/31 16:09:56 | 000,001,624 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Sweetpacks Search.xml
[2014/02/14 22:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 22:00:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 22:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 22:00:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 22:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.sweetpa...A-50E54930AC42}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: SiteChat = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlbhoebcjponkmlmoeinojjcggbnk\0.3.70_0\
CHR - Extension: SiteChat = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlbhoebcjponkmlmoeinojjcggbnk\0.3.70_0\~
CHR - Extension: Angry Birds = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Updater By SweetPacks = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.583_0\
CHR - Extension: AdBlock = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: [bleep] of Sand = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaafclnkndleaafooaoicagokdpggla\1.1.1_0\
CHR - Extension: We-Care.com Reminder = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.40_0\
CHR - Extension: Skype Click to Call = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Plants vs Zombies = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: HD Facebook Video Downloader = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg\1.0_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [WLAN Optimizer] C:\Users\Dave\Desktop\New folder\WLAN Optimizer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BCE307D-1850-4244-9201-4DD0D2F9BB25}: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96EEC8F-A6F8-4EB9-B74C-33798C07F3E5}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 23:55:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2014/02/18 23:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2014/02/18 23:36:03 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/18 23:35:56 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/02/18 23:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/02/18 23:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/02/18 23:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/18 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/02/18 23:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/18 23:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\SearchProtect
[2014/02/14 22:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/23 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Image-Line
[2014/01/23 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2014/01/23 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2014/01/23 17:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\FlowStone
[2014/01/23 17:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2014/01/22 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Blizzard
[2014/01/22 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014/01/22 22:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2014/01/22 21:23:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Blizzard Entertainment
[2014/01/22 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Battle.net
[2014/01/22 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Battle.net
[2014/01/22 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/01/22 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/19 02:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/19 02:40:30 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/19 02:40:30 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/19 02:37:23 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/19 02:37:23 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/19 02:37:23 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/19 02:33:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 02:33:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/19 02:33:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/02/19 02:32:59 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/19 02:32:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/19 02:32:56 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/19 02:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/19 01:57:34 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000UA.job
[2014/02/18 23:57:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000Core.job
[2014/02/18 23:35:38 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/02/18 23:35:16 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/17 21:03:13 | 000,000,849 | ---- | M] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2014/02/17 21:03:13 | 000,000,829 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/13 03:13:52 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/03 01:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/02/03 00:52:37 | 000,000,132 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/02/01 15:36:39 | 000,052,177 | ---- | M] () -- C:\Users\Dave\Desktop\MvUKKoA.jpg
[2014/01/29 23:55:12 | 000,105,331 | ---- | M] () -- C:\Users\Dave\Desktop\BfKljMXIcAA9tSK.jpg
[2014/01/27 00:28:12 | 001,675,259 | ---- | M] () -- C:\Users\Dave\Desktop\the way we used to.wma
[2014/01/23 18:12:50 | 000,354,592 | ---- | M] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/01/23 17:37:04 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2014/01/22 22:36:39 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/01/22 21:23:18 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/18 23:35:16 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/17 21:03:13 | 000,000,849 | ---- | C] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2014/02/01 15:36:38 | 000,052,177 | ---- | C] () -- C:\Users\Dave\Desktop\MvUKKoA.jpg
[2014/01/29 23:55:11 | 000,105,331 | ---- | C] () -- C:\Users\Dave\Desktop\BfKljMXIcAA9tSK.jpg
[2014/01/27 00:25:52 | 001,675,259 | ---- | C] () -- C:\Users\Dave\Desktop\the way we used to.wma
[2014/01/23 17:37:04 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2014/01/23 17:36:38 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2014/01/22 22:36:39 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/01/22 21:23:18 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2013/07/12 20:48:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/26 12:29:53 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/25 21:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/12/13 00:01:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/21 08:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 14:31:37 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2012/07/02 15:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/03/31 19:56:35 | 000,000,132 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/03 18:25:37 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll

========== ZeroAccess Check ==========

[2012/07/15 16:13:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\U
[2012/07/15 16:09:08 | 000,002,048 | -HS- | M] () -- C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/15 22:54:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.minecraft
[2013/03/29 08:48:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.mono
[2012/11/04 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Avanti
[2012/10/06 11:54:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013
[2014/01/22 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Battle.net
[2012/04/10 09:06:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/19 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DAEMON Tools Ultra
[2012/07/09 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Deckadance19
[2012/04/04 11:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Digiarty
[2012/02/05 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DVDVideoSoft
[2012/02/05 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/03/12 21:19:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2014/01/23 17:36:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FlowStone
[2014/01/23 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Image-Line
[2011/10/02 16:01:54 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient
[2012/05/23 10:21:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient2
[2012/09/14 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\mjusbsp
[2012/06/04 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Motorola
[2013/11/27 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MultiBit
[2013/07/13 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Natural Selection 2
[2014/02/18 23:35:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenCandy
[2013/05/19 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerISO
[2011/12/21 22:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\REAPER
[2012/08/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SilvestriRN5e
[2013/01/20 22:36:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\skyz
[2012/07/09 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SongManager
[2014/02/18 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spotify
[2012/08/22 23:11:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Stardock
[2014/02/18 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2012/10/06 11:54:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
[2012/10/06 23:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\USMA
[2014/02/19 02:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/19 21:50:37 | 000,053,431 | ---- | M] ()(C:\Users\Dave\Desktop\?p????????.rtf) -- C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf
[2013/09/19 21:50:23 | 000,053,431 | ---- | C] ()(C:\Users\Dave\Desktop\?p????????.rtf) -- C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf

< End of report >

Attached Files

  • Attached File  OTL.Txt   111.62KB   203 downloads

  • 0

Advertisements

#2
godawgs
Posted 19 February 2014 - 11:36 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
HelloDave, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (C:\Users\Dave\Downloads). Please post the contents of that file.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
If you have decide to clean this maching:
1. The aswMBR.txt log
2. The Extras.txt log
  • 0

#3
trusty
Posted 19 February 2014 - 11:59 AM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay! Here's my extras text:

OTL Extras logfile created on: 2/19/2014 2:45:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 49.66% Memory free
7.99 Gb Paging File | 5.37 Gb Available in Paging File | 67.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 410.53 Gb Free Space | 44.08% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23886FB6-5009-4F22-AA2A-2E2FEABEDBA8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34B1CBB0-675E-45F9-B2DE-4C268FDC46BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E871738-93D3-4A5C-B0AE-F7C225050D70}" = lport=2869 | protocol=6 | dir=in | app=system |
"{434825D5-CDB3-4424-892E-2A277820E13A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DBE087D-7453-4D05-8A1B-732CD92C1A96}" = rport=139 | protocol=6 | dir=out | app=system |
"{5ED80D53-732E-40CC-9FF5-1EE59D8F1438}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62E84F03-D340-47DA-B08E-3DB99782D48D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{69AFF134-8F22-472D-9205-6C0E8F2BD80C}" = lport=138 | protocol=17 | dir=in | app=system |
"{73EAE76F-1CED-4EA0-9AC2-1BFF509823E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8579DA7E-3D6D-4C70-9C97-3318B09EB716}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F4F26EE-76B8-4E4F-B9FD-E32D5D1C80A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8FD3BA64-9D48-4755-A194-EBFE4CEF6AEC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9867A49C-E99B-4E1D-9CF8-E3B60BE48552}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A32FA7E7-3771-4E82-AD17-D96279E4ACA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE0BD3B8-1684-4680-84C6-FF54C776F09D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BF54B0B3-0494-44C6-8B01-E31A13B2BBFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0F05D58-5685-4DF0-A9BF-77851EA43BB7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C758AC40-04B5-491F-AE7B-8CAB40B24E03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1E31C35-65FE-46E8-A92C-5A8F850F31BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA10A693-19CE-4717-AE27-A4F48CE0511F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB4AF9AC-2569-4E22-8025-CFD05EC767F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB6D9DB5-A69E-41B0-8B29-84D0BEDF3EC5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F02FF8F6-4244-4624-BCBF-66E34351244C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9EB149E-3DD4-43E6-B63E-ACD15C526E78}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CDBBB-D8D7-4DA2-9732-A550E9168F6D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{012DC738-643C-4940-A08A-CC55C8D24820}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{02D26F0A-CE18-4585-B01A-518536C6BDF1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{045DB973-8F58-4DA5-A49F-19913824D211}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{04CC63B2-9D5C-4621-9FE0-EC478D492256}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{09A14A5D-0851-491B-A3FE-1FCB7F5AA97F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{0B6AD95B-0D58-40AE-BF45-FC6E6C33C2E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E43EF42-3CC2-400A-B70F-35C14E35740B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0EE40957-349E-4CF2-8953-DEEA4DD29609}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0EE662E6-AC8C-4865-8BA1-980F679FC569}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1121DFC3-67C5-403B-A915-3BFBCA073F98}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{1339F38D-ECA6-4143-B88A-D0FEDB4D085D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{13D81A16-3E7C-4BF8-AB7C-E8EB0BA2577F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{163B5939-249F-4934-A908-C3908E6170AA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1784D807-A2CA-4A42-B653-D51F90E287EA}" = protocol=58 | dir=out | [email protected],-28546 |
"{19CACAB6-7826-4097-A814-88024132A429}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{1AC4A75F-EAEC-4E8F-8160-394640B2B047}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1C62A064-F9D9-404A-8530-37C86122A023}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{1CB1E551-9887-4BDE-8A0F-FCF756A12EEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF5D74A-8AE0-4A33-9E10-5FAEE86F267A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1DEE950F-CDAC-433D-B930-1067F506E56A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1F4DDCE9-BA29-433B-95C2-A46CC2C8CB4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{1F64EBC2-F119-41A4-BAAD-AF1708122CD4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1F76D5E5-1D75-4955-9930-603F8702235A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{24FAB8CC-C3AC-4A47-9F62-A9C2B02EE68E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{26FA6C29-6533-4068-A90C-EAD3CBBCE89C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{291E1F14-71AE-40F4-B808-BCCC4BB761D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2C921546-1C80-4A1D-9B61-FEE49F9FCD80}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2D26E619-64E1-436C-B796-0409D41D9D49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{2EB309BF-E2F8-4D6F-B11B-E7CEA6535164}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{2FDBF2BE-509C-4AF9-A548-E49FCAF42DB2}" = protocol=6 | dir=in | app=c:\program files (x86)\webcamxp 5\wlite.exe |
"{300D9A3D-685B-4824-9E3C-DA1034A040B1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{332CFFB0-D126-4715-8F58-FDACFA4A6760}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{3467A43E-9B08-4C4D-AE51-E1BCB839DAF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{38A71B9F-4F23-4510-B273-B6FE1C33F78E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{38DFCFAA-BBDD-4BF7-A65E-F9837EEFE8D4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{393B1CE5-2BCF-461E-A215-EEC22DB5F51C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{39D9B5CB-30EC-45BE-A92D-F1B6A30944E1}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{3C5D71A8-9A93-4D70-9476-7DAD1D2014D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{3E545C2D-6835-4684-8F11-DDF5252A194B}" = protocol=6 | dir=out | app=system |
"{3F5A4EEC-CB38-4BB1-B577-C77096D67289}" = protocol=6 | dir=in | app=c:\program files (x86)\webcamxp 5\wservice.exe |
"{41662FC4-C0E8-479B-8847-7B6FFD348975}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{41F55A81-8104-4F72-BF29-56997D11EDA4}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{41FF1955-B5CC-43CB-9830-068889BB902C}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{42808D81-8AD4-47FC-8B06-E23197F0229B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{44AA045D-C0F2-43B2-8ADD-C5AD2407DD3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe |
"{47E162EB-0EC4-4750-87F3-DCCEB769C42F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48C934AC-1954-4905-AC10-6235A2BD1C6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{498F8E47-9E75-41DE-9934-1BDB5C1E4729}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{49EC938F-10F2-450D-A4F0-ABAF56B22F57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B2C662F-6896-483F-A3A4-E2BAEB9F3FC1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{4EE769F0-B39B-408F-A440-C3877AEEA854}" = protocol=1 | dir=in | [email protected],-28543 |
"{4F3F60DB-BEB7-499A-A14C-B5B42B5616B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{4FC624EF-AB93-4D80-9EF6-7E492133251B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
"{51E95AD1-4000-43E2-83E8-DB232070F16D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{526895DD-071C-497C-9A70-89E490C1AC0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{52B7E8D3-E85B-427A-AD41-85D1EE6F933E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{54CA5C66-B1F0-413A-B295-830748E2DFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{573EFFD8-732A-4D85-B37E-D0721BEA4644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{58B7E2C6-0B90-4ED7-B2C4-4DCCE010F329}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{5A3DBA7B-BBCD-46EB-B639-574DCCA3AAE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{5B41DD02-17BB-47F7-BAE2-B9A2BBD7DC56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5BE7694C-1518-4147-A156-E67F9EF76F34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{5E05583B-EDB6-4644-9054-C3E12C551A5A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{63EC82B7-257E-4DCD-9799-3A0843FC8729}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{6515CA92-EEED-4F77-B807-FC478F5BB37E}" = protocol=17 | dir=in | app=c:\program files (x86)\webcamxp 5\wlite.exe |
"{6522E91A-7FCD-475B-8C1B-45AC854F9AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65FD1AA9-925D-4490-9F19-3B07AC9E5896}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{661C8BDE-DFD9-4C79-A8B7-3575F0BBB524}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{680FF5E2-D348-4249-AEA3-CFEF2677FCA4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6BE6CB9F-B702-463E-90BB-BEE39AB5ED6D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6CCD8364-BCDD-4E97-81EB-7CFA8D9B8368}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6D187035-5893-4BC9-8263-7CA0D58604C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\source sdk base 2007\hl2.exe |
"{6DA3C755-A588-4EEC-A6D0-1E9CCA7F5EB8}" = protocol=58 | dir=in | [email protected],-28545 |
"{6ECD3776-C015-4824-8231-A88A4A150135}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6FF59225-0626-41E3-8F70-B37FF4447895}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{7222E69E-35ED-445E-A95F-AB539925EBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\webcamxp 5\wservice.exe |
"{72DB70C6-CC37-46B9-91D9-D67B3415A4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7557A022-0E56-4EB7-B555-D414829D5447}" = protocol=1 | dir=out | [email protected],-28544 |
"{77134703-A199-4B8B-82CE-0FED746E99B1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{787C74C4-F29C-4427-9980-E3654FED2BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{78C1AB09-60A4-4EF3-91AE-E3248C1CB008}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
"{79D05B20-9A7B-4359-8DF6-34E7A9F203F4}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7AC1FA11-4946-429D-B36F-2AC5929DA3BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E908582-958F-4FAF-B600-A3E18E047FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7FF44CF2-4946-4872-8703-4CA876BEA55A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{86C7EAB3-54DC-4F9C-900E-614490F45397}" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\utorrent\utorrent.exe |
"{871E6B27-B810-487F-B961-7F4183B73746}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{8903DAB9-078A-45A0-9CEA-86E013C63464}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8A8ED4EC-50B9-412F-A0F8-A13271361D03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8B07A5BD-0CDC-41E2-AAE5-1987943748A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8B3AA876-DC37-437D-8327-D995ED83566B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{8C8C502A-721F-4A70-AB28-3ECAE26025AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{8F16E5AC-F496-4310-A51B-1E81CFCD380D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{93C947C5-6AAA-4964-BA05-22BB2F9E0D73}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{93E8FB80-A92A-459B-ACD1-4C14CABB9B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{9469697F-637F-4F3A-946B-D1BE93CE4426}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{95A00A5C-B765-490C-9828-D4F088228291}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{95DCA56F-1299-4339-A46A-C5DE92C5201D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{96488076-F103-4A42-AC4A-9750B0DFC756}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{99F1D62E-D813-4F23-89B7-A53232BE3906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{9B8E7CC3-2687-4849-8EDE-433256A72E8D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{9F2CA27E-277C-4360-9037-C09A1336C81A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F7AB40B-C476-4621-8CCA-2FBFDDD72C1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8B2268-867A-4801-B37B-328B71616DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A18E1E62-D653-4D1F-B8F3-4D28BC62948E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{A25FC55B-BCB0-4B2D-91EF-E9BD926BC151}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A484A022-ECD0-48A9-9724-A68E98E8D3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe |
"{A90F7A27-B9EF-44CC-8FB2-DE7240EA85F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{AB388BB9-B35E-4E56-818C-DE3E450A2B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{AB9B1BA6-281D-4894-B864-3F20A553CCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF643C67-5C8C-4B02-8663-164AF8333A45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFA2D945-A600-4AA5-B4E9-D29CFA31C2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{B02DB588-9AAC-42C2-AB79-ECC3DAE183AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe |
"{B0B64816-3782-43CB-B86C-A03AF2414761}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{B12B39CA-5810-48E2-94AF-BC4878AD67D1}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{B285991C-2F1B-46DE-B4F5-F66B14F22380}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{B3BE6B2F-0315-4E9F-B611-DD68A6803D1D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{B45F036B-D8DA-408D-9745-404EB4CF6654}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B478DFFB-E6A1-4FFE-8981-2441CF867B27}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAE062B6-F938-4169-A8D2-2C28E444F9B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBA271A9-4190-4EAA-BE76-F4E2B231DBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{BBDFE003-657D-472E-8B0F-818CFA1D7474}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BCD994C6-FD90-41BB-9B66-7391AE23D097}" = dir=in | name=mitchribarytube |
"{BF2691DC-17BB-488E-B0D3-C530F73DC4F1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C004DBAF-ACA6-4ED9-87E0-584C5BF35432}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C05BAFD2-3F6F-433E-9E7E-F0DEA6397572}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{C0B9EA04-AAC4-468C-B103-B79F84BFBB80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{C213CC5A-A48A-4D5B-B91B-1803965BFB26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C65324DD-DE12-4906-AE8A-DCF9427A8D43}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C696CFB3-A3C8-402E-904E-74363F538C2B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C7C92DD4-64D7-487B-9C76-D324C69A00F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{C92E8BEA-4AE2-4B5E-B4B3-CA0D309CF25C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{CA1C2663-DDD2-4EE5-AC75-0B75E876D005}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CA902922-519A-4CE1-9A49-8F76BC121B97}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CACC2582-F909-44CB-8F44-69FD4F0B5349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CE7BFFA5-F1C1-4CC9-9624-EB80301AF2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D09F47B6-CEA5-4802-B9DE-08D842692022}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D1825053-5889-47DF-B6AC-99556EF2A6E9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{D323126A-C03B-40E9-8C03-EE5B678B6E51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe |
"{DBC53872-4E5D-4BCC-ADB4-FA8350C21448}" = dir=in | app=c:\users\dave\appdata\local\microsoft\skydrive\skydrive.exe |
"{DD93CEAC-830A-418A-B3D9-544469CAF2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{DDBB46CC-6702-4AF8-A6A5-045BE029D8AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{DE04860C-B30E-48AA-97C5-5014B106B41A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE0F33A0-12C6-4344-B96A-17F46FC1BCE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B3FB92-5631-4121-B608-281382979D02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1D56548-ED54-4F36-9ED9-0F5D6FC72A41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E321F750-08B4-413E-8308-95D579555BC7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E4D71A34-4582-407B-BEF4-14D39B4DFD5E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4F9A30A-3E4F-417F-AD16-83E933248BB0}" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\utorrent\utorrent.exe |
"{E588A3C4-7C67-425B-A633-B96E3ECF69A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E6918BE1-3FD6-40D5-A0F1-948A1C2F9BF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\source sdk base 2007\hl2.exe |
"{E8F55B01-2ADC-485F-B801-1A3322D6D7F2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EA6DB102-F3C8-47C3-91CE-ED39BAA8FD07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{EB179747-89CF-458B-A6C7-42C39A475FCD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{EE259555-7971-4DE8-8338-09F02608DEAF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F002D624-01B5-4F1C-A934-A075713AF2A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F121CB3D-BFC0-40B6-8FDB-4C2001CEE24D}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{F1B59A30-1B4B-44E3-8E34-A1F6CFB788FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F2DF662C-F6D1-49FD-A5FF-5F0BFD590E53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F4074F22-FC51-4D0D-96BB-90895460BB79}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F4BAF9F9-A6DA-4A00-9058-2655E8478D42}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F7A5DDD0-AC3F-4974-A0E4-FCACCCAC612E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{F7C67744-14B9-4628-892B-BB78A1FB9EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7CD5896-6411-40BC-9349-529706A2BDB9}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FB27341C-76C5-4B4C-9552-56CCEF177E02}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{FDD0970C-260F-42D7-89AA-2836A42CB006}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{0DB52AEA-83E6-432C-B816-AD2317248FA9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{1AA1DDFB-DD15-48B7-BA12-D1CAA02411E1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{1AAA25C9-9604-438F-9B14-24986443CC2A}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"TCP Query User{208EA194-AFCA-44C4-8B1A-4D3FCD54A125}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{25817A85-192C-4732-B090-93953659EF2A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2738FA61-9C02-44DE-8797-45B0B807BC93}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2A27A2CE-842C-4671-8D70-881997FA385B}C:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"TCP Query User{3938236C-236B-46F6-A784-7BB1B1E5CD1A}C:\users\dave\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\temp\gw2.exe |
"TCP Query User{4C56A935-D0D2-465A-876D-A71C852A1FD9}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{4E677F4F-71E5-46B8-9969-317DF3269140}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{53B15EC1-F40E-4727-AB65-B6535B5E9DB9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{56D8F90B-3946-4E04-87C3-710AB489C543}C:\users\dave\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\dave\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{68A5DE94-E513-432B-A453-1FEAD6B03F24}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{73E3743F-B1CC-49B4-8484-1A8DF25359C4}C:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe |
"TCP Query User{7E01C7EB-FBEB-43AE-A30D-959D76B4C13E}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{9344C07D-4AEE-4AFE-8260-E23F4EC3A1E4}C:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"TCP Query User{9DC30DC1-CCE5-4F95-8637-597FC177B239}C:\program files (x86)\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"TCP Query User{AE63B2C2-770C-4E68-9D32-D8FFBC673449}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B5767C75-A53D-4C57-A32D-BAEC4E3F2EE7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{C1054D8A-EAB9-49CE-8394-011D97A1AA92}C:\program files (x86)\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\total war rome ii\rome2.exe |
"TCP Query User{C2753B6D-CC72-440C-A16E-412B3108D998}C:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"TCP Query User{C43E37A4-CC49-45AC-81FE-67A179E070E3}C:\users\dave\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{D2F41955-4585-49A2-B29B-3AA3704327A0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{D3ECF211-0E13-417C-B409-D3DC44F81E39}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"TCP Query User{DA1889F1-572B-4399-8698-889FAFA561FF}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{E2A9B033-91AC-495D-BE77-1E9314788D37}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe |
"TCP Query User{FDCC83E3-53EB-4DF5-B2B6-304CA1C30079}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{058E9993-44E0-409D-880E-34269368172E}C:\program files (x86)\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\total war rome ii\rome2.exe |
"UDP Query User{0A95B23D-0A2F-4D4B-8B2B-37EDEF15D439}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{1AB38EB4-0B97-458C-BAA2-89965558C0CE}C:\users\dave\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\temp\gw2.exe |
"UDP Query User{281DE054-49D0-4A6C-B141-0737ACAF7FBE}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{2F5CB6CC-4109-4439-B5B0-1BC30E9ABFDE}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"UDP Query User{42313AD7-4051-44C9-81A0-C79F6ED56598}C:\program files (x86)\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"UDP Query User{49240B1C-6F77-480F-B7D3-F38BA8F38427}C:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"UDP Query User{4971E959-75D3-4AFF-846A-0FA9D8BC04E2}C:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe |
"UDP Query User{498DF339-8B11-4982-903C-3EC3CECFC720}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe |
"UDP Query User{4D5E0E77-B43D-467F-B3C4-F87304E8F3EA}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{581329DA-1691-45CA-8FBE-244F6D8F921E}C:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"UDP Query User{75B9637F-65EF-4B78-8498-9B0257205A93}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{971A4DB3-5488-4EA0-AC23-31F9A4554F54}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{A1757A22-4B1E-4807-9097-E80DE3D75B0B}C:\users\dave\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{B2AC7BBE-49D0-402C-9684-52E21D77D297}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B492D927-66F0-4226-8694-177A2AE565A7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{BA7532FB-EF11-4D7B-BE2A-96D00840D9A8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{C0393291-179A-4048-9126-3AD665D05E9C}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{CED94C2A-150C-4DBD-8C27-24C741BB4FC0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{CF198AD4-C620-4ED7-AA41-BF070B2C604A}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{CF32A5CC-02EB-4323-86E2-82847781C206}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{E31E5A96-E26B-47D3-810A-663084ADA028}C:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"UDP Query User{E4CA8A51-F1A8-45B1-85F8-9F73A0AD985A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{E84282D9-3023-4D6A-97C7-1324ED465A89}C:\users\dave\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\dave\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{E9F824F1-A189-4619-9CE1-3FF3A373499A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{F93934A6-3B53-4761-9D94-809D0AD264B7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{FA2C1236-D773-41D0-B03D-D971752D158D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB3AFCA5-A2BB-4F31-8FEC-0295DB7BF928}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.583
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F71946E2-5B8E-4AB2-A4FE-73FE12B2F2AC}" = AVG 2013
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"REAPER" = REAPER (x64)
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3FA25137-514F-4616-9232-E4C9472CF89A}" = Avanti!
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DF5621C-5071-4F68-B623-69FD2D36DA3C}" = LaserCat
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{790412BB-B6CE-459B-9E17-7DA7C20FC98C}" = DayZ Commander
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88A47643-0A80-4FA8-A568-E9A63AAA98F4}" = Google SketchUp Pro 8
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = ASPCA Reminder by We-Care.com v4.0.19.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{EAC93E1D-4807-43E2-B39A-8170B731B7D0}" = RSDLite
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}" = IP Camera Adapter
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Android SDK Tools" = Android SDK Tools
"ASIO4ALL" = ASIO4ALL
"AVG Secure Search" = AVG Security Toolbar
"Battle.net" = Battle.net
"BattlEye for OA" = BattlEye for OA Uninstall
"BioShock Infinite_is1" = BioShock Infinite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Deckadance" = Deckadance
"Desura" = Desura
"Desura_32053340930064" = Desura: Firearms: Source
"Desura_51346334023696" = Desura: WWI Source
"Doxillion" = Doxillion Document Converter
"FileZilla Client" = FileZilla Client 3.6.0.2
"FL Studio 10" = FL Studio 10
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GameStop App" = GameStop App
"GoldWave v5.67" = GoldWave v5.67
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hearthstone" = Hearthstone
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiBit 0.5.15" = MultiBit 0.5.15
"Native Instruments Battery 3" = Native Instruments Battery 3
"NCLEX-RN 3500 - Individual Version" = NCLEX-RN 3500 - Individual Version
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"PowerISO" = PowerISO
"PureLeads" = PureLeads
"Quick PDF Converter v4.1" = Quick PDF Converter v4.1
"SilvestriRN5e" = SilvestriRN5e
"Sins of a Solar Empire Rebellion © Stardock_is1" = Sins of a Solar Empire Rebellion © Stardock version 1
"StarCraft II" = StarCraft II
"Steam App 203850" = Microsoft Flight
"Steam App 209080" = Guns of Icarus Online
"Steam App 218" = Source SDK Base 2007
"Steam App 218620" = PAYDAY 2
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 220" = Half-Life 2
"Steam App 220200" = Kerbal Space Program
"Steam App 222730" = Reus
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33900" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 440" = Team Fortress 2
"Steam App 4920" = Natural Selection 2
"Steam App 550" = Left 4 Dead 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8930" = Sid Meier's Civilization V
"Uplay" = Uplay
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"WebClient" = WebClient
"West Point Bridge Designer 2012 (2nd Edition)" = West Point Bridge Designer 2012 (2nd Edition) (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.21.0
"wLite" = webcamXP 5
"WNLT" = IB Updater Service
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-C:/Users/Dave/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2013 11:38:49 AM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2013 7:23:59 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/29/2013 5:41:58 PM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2013 8:58:09 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ffxiv.exe, version: 1.0.0.0, time stamp:
0x521be282 Faulting module name: ffxiv.exe, version: 1.0.0.0, time stamp: 0x521be282
Exception
code: 0xc0000005 Fault offset: 0x006b27b9 Faulting process id: 0x21d0 Faulting application
start time: 0x01cea518d4748fe6 Faulting application path: C:\Program Files (x86)\SquareEnix\FINAL
FANTASY XIV - A Realm Reborn\game\ffxiv.exe Faulting module path: C:\Program Files
(x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exe Report Id: 3c25794d-110f-11e3-935e-50e54930ac42

Error - 8/30/2013 12:12:31 PM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2013 2:16:23 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/30/2013 3:56:33 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/31/2013 11:50:37 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 3.10.0.246,
time stamp: 0x520d4875 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x3d30 Faulting application start time: 0x01cea65ed79b0fdb Faulting application path:
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.240\deploy\League
of Legends.exe Faulting module path: unknown Report Id: 1403eee5-1255-11e3-8d04-50e54930ac42

Error - 9/1/2013 4:21:19 PM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2013 11:33:21 AM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/17/2014 2:20:19 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/17/2014 2:22:21 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/17/2014 2:22:21 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/18/2014 5:50:15 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/18/2014 3:36:51 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/18/2014 3:36:51 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/19/2014 3:31:50 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/19/2014 3:33:07 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/19/2014 3:35:12 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/19/2014 3:35:12 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >



aswMBR text:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-19 12:55:02
-----------------------------
12:55:02.259 OS Version: Windows x64 6.1.7601 Service Pack 1
12:55:02.259 Number of processors: 6 586 0xA00
12:55:02.259 ComputerName: DAVE-PC UserName: Dave
12:55:06.765 Initialize success
12:56:45.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
12:56:45.768 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 3
12:56:45.882 Disk 0 MBR read successfully
12:56:45.887 Disk 0 MBR scan
12:56:45.892 Disk 0 Windows 7 default MBR code
12:56:45.901 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:56:45.916 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 206848
12:56:45.943 Disk 0 scanning C:\Windows\system32\drivers
12:56:54.289 Service scanning
12:57:10.421 Modules scanning
12:57:10.425 Disk 0 trace - called modules:
12:57:10.432 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:57:10.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5a060]
12:57:10.437 3 CLASSPNP.SYS[fffff8800181c43f] -> nt!IofCallDriver -> [0xfffffa8003af2580]
12:57:10.469 5 ACPI.sys[fffff88000f807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8003af1060]
12:57:10.472 Scan finished successfully
12:57:46.487 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\New folder\MBR.dat"
12:57:46.490 The log file has been saved successfully to "C:\Users\Dave\Desktop\New folder\aswMBR.txt"

Edited by trusty, 19 February 2014 - 12:00 PM.

  • 0

#4
godawgs
Posted 19 February 2014 - 02:09 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. Let's get started.

You have the following Peer-to-Peer program(s) installed:

utorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware, viruses or out of date programs and must be deleted, along with the corresponding folders and files in red.


Step-1.

Malicious program uninstalls and Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

PureLeads
IB Updater Service
AVG Secure Search
uTorrent

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\Dave\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2014/01/08 12:59:52 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/08 12:59:52 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013/12/29 05:12:42 | 000,943,408 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2014/02/03 16:40:07 | 002,552,856 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/01/08 12:59:52 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013/12/29 05:12:44 | 001,150,256 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/12/29 05:12:42 | 000,943,408 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
SRV:64bit: - [2013/12/29 05:12:40 | 001,833,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2014/01/08 12:59:52 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-50E54930AC42}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-50E54930AC42}
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-06 12:54:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-50E54930AC42}
FF - prefs.js..keyword.URL: "http://mysearch.swee...st=23&st=23&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/17 19:20:08 | 000,000,000 | ---D | M]
[2011/11/11 20:25:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar
[2013/11/05 19:51:09 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]
[2013/12/02 17:16:17 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\plugins
[2013/11/05 19:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\userCode
[2012/12/11 23:29:41 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/19 14:50:32 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/09/24 10:23:33 | 000,002,115 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart Search.xml
[2013/06/17 19:20:17 | 000,002,100 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart.xml
[2013/05/19 14:50:06 | 000,001,720 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\sweetim.xml
[2013/12/31 16:09:56 | 000,001,624 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Sweetpacks Search.xml
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [WLAN Optimizer] C:\Users\Dave\Desktop\New folder\WLAN Optimizer.exe File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O33 - MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\Shell - "" = AutoRun
O33 - MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2014/02/18 23:36:03 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/02/18 23:35:56 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/02/18 23:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/02/18 23:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/02/18 23:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/18 23:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\SearchProtect
[2014/02/19 02:33:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/19 02:33:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/09/19 21:50:37 | 000,053,431 | ---- | M] ()(C:\Users\Dave\Desktop\?p????????.rtf) -- C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf
[2013/09/19 21:50:23 | 000,053,431 | ---- | C] ()(C:\Users\Dave\Desktop\?p????????.rtf) -- C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CDBBB-D8D7-4DA2-9732-A550E9168F6D}" = -
"{163B5939-249F-4934-A908-C3908E6170AA}" = -

:FILES
ipconfig /flushdns /c
C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832}
C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG Secure Search

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

OR

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you had any problems with the uninstalls
2. The OTL fixes log
3. the TDSSKiller log
4. The new OTL.txt log
  • 0

#5
trusty
Posted 20 February 2014 - 01:15 PM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hm, the forum stated my post was too long, I'll post the logs in different replies.

OTL Fixes
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named PureLeadsSvc.exe was found!
No active process named plsapp.exe was found!
No active process named PureLeads.Service.exe was found!
Process ToolbarUpdater.exe killed successfully!
Process loggingserver.exe killed successfully!
No active process named stij.exe was found!
Error: No service named IBUpdaterService was found to stop!
Service\Driver key IBUpdaterService not found.
File C:\Windows\SysNative\dmwu.exe not found.
Error: No service named PlsvcV1 was found to stop!
Service\Driver key PlsvcV1 not found.
File C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe not found.
Error: No service named plsapp was found to stop!
Service\Driver key plsapp not found.
File C:\Program Files (x86)\PureLeads\plsapp.exe not found.
Error: No service named PlsvcV2 was found to stop!
Service\Driver key PlsvcV2 not found.
File C:\Program Files (x86)\PureLeads\PureLeads.Service.exe not found.
Service vToolbarUpdater17.3.0 stopped successfully!
Service vToolbarUpdater17.3.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "http://mysearch.swee...st=23&st=23&q=" removed from keyword.URL
Prefs.js: "AVG Secure Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "Google" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll scheduled to be moved on reboot.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\modules\skin folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\modules folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\locale\en-US folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\locale folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\components\FF4 folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\components folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar\chrome folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\avg@toolbar folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\userCode folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\plugins folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\chrome\content\core folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\chrome\content\api folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected] folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\META-INF folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\defaults\preferences folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\defaults folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\components folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\chrome\logo folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan\chrome folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\wecarereminder@bryan folder moved successfully.
Folder C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\ not found.
Folder C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\plugins\ not found.
Folder C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\[email protected]\extensionData\userCode\ not found.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\MyStart.xml moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Sweetpacks Search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ deleted successfully.
C:\Program Files\Updater By SweetPacks\Extension64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PureLeads Tray not found.
File C:\Program Files (x86)\PureLeads\PureLeadsTray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WLAN Optimizer deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c31548b9-eca7-11e0-9784-50e54930ac42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31548b9-eca7-11e0-9784-50e54930ac42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c31548b9-eca7-11e0-9784-50e54930ac42}\ not found.
File G:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0f0bd5e-3cf5-11e1-a924-50e54930ac42}\ not found.
File G:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddc1d058-7f58-11e2-a55c-50e54930ac42}\ not found.
File E:\LaunchU3.exe -a not found.
C:\Windows\SysNative\plsapp64.dll moved successfully.
File C:\Windows\SysWow64\plsapp.dll not found.
Folder C:\ProgramData\PureLeads\ not found.
Folder C:\Program Files (x86)\PureLeads\ not found.
C:\Program Files (x86)\SearchProtect\Main\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\Dave\AppData\Local\SearchProtect\Logs folder moved successfully.
C:\Users\Dave\AppData\Local\SearchProtect folder moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job moved successfully.
C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf moved successfully.
File C:\Users\Dave\Desktop\Ἀποκάλυψις.rtf not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{001CDBBB-D8D7-4DA2-9732-A550E9168F6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{001CDBBB-D8D7-4DA2-9732-A550E9168F6D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{163B5939-249F-4934-A908-C3908E6170AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{163B5939-249F-4934-A908-C3908E6170AA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dave\Downloads\cmd.bat deleted successfully.
C:\Users\Dave\Downloads\cmd.txt deleted successfully.
C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\U folder moved successfully.
C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832} folder moved successfully.
C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\U folder moved successfully.
C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\L folder moved successfully.
C:\Users\Dave\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832} folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6 folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.1.2 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.5.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.4.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller\12.2.6 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\PostInstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Licenses folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Nation toolbar folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\ChromeGuardRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\zh_TW folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\zh_CN folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\tr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\sr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\sk folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ru folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pt_PT folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pt_BR folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\pl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\nl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ko folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\ja folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\it folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\id folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\hu folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\fr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\es_419 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\es folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\en folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\de folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\da folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales\cs folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\_locales folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\lib folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\js folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content\css folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.3.0.49 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.2.0.38 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.1.2.1 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.0.1.12 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\17.0.0.9 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.5.0.2 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.4.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.3.0.11 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\15.2.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.2.0.1 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.1.0.10 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\14.0.2.14 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\zh_TW folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\zh_CN folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\tr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\sr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\sk folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ru folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pt_PT folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pt_BR folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\pl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\nl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ko folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\ja folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\it folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\id folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\hu folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\fr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\es_419 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\es folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\en folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\de folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\da folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales\cs folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\_locales folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\lib folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\js folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content\css folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\13.2.0.5 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\zh_TW folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\zh_CN folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\tr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\sr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\sk folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\ru folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\pt_PT folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\pt_BR folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\pl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\nl folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\ko folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\ja folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\it folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\id folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\hu folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\fr folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\es_419 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\es folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\en folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\de folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\da folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales\cs folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\_locales folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\content\lib folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\content\js folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\content\css folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\12.2.5.34 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 5270456960 bytes
->Temporary Internet Files folder emptied: 569172314 bytes
->Java cache emptied: 13806796 bytes
->FireFox cache emptied: 68691340 bytes
->Google Chrome cache emptied: 355972070 bytes
->Flash cache emptied: 42306 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2531546254 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63114660 bytes
RecycleBin emptied: 20340828913 bytes

Total Files Cleaned = 27,861.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02202014_011220

Files\Folders moved on Reboot...
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll not found!
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\AVG Secure Search scheduled to be moved on reboot.
File\Folder C:\Users\Dave\AppData\Local\Temp\etilqs_JXz6I4j8zhlbTec not found!
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\5149eg5r.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




TDSS Killer



01:28:21.0862 0x1698 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
01:28:24.0935 0x1698 ============================================================
01:28:24.0935 0x1698 Current date / time: 2014/02/20 01:28:24.0935
01:28:24.0935 0x1698 SystemInfo:
01:28:24.0935 0x1698
01:28:24.0936 0x1698 OS Version: 6.1.7601 ServicePack: 1.0
01:28:24.0936 0x1698 Product type: Workstation
01:28:24.0936 0x1698 ComputerName: DAVE-PC
01:28:24.0936 0x1698 UserName: Dave
01:28:24.0936 0x1698 Windows directory: C:\Windows
01:28:24.0936 0x1698 System windows directory: C:\Windows
01:28:24.0936 0x1698 Running under WOW64
01:28:24.0936 0x1698 Processor architecture: Intel x64
01:28:24.0936 0x1698 Number of processors: 6
01:28:24.0936 0x1698 Page size: 0x1000
01:28:24.0936 0x1698 Boot type: Normal boot
01:28:24.0936 0x1698 ============================================================
01:28:33.0381 0x1698 KLMD registered as C:\Windows\system32\drivers\64234278.sys
01:28:33.0574 0x1698 System UUID: {4E8023E8-9E25-84ED-CCFA-7C7F2DE1D386}
01:28:34.0369 0x1698 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
01:28:34.0372 0x1698 ============================================================
01:28:34.0372 0x1698 \Device\Harddisk0\DR0:
01:28:34.0372 0x1698 MBR partitions:
01:28:34.0372 0x1698 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:28:34.0372 0x1698 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
01:28:34.0372 0x1698 ============================================================
01:28:34.0407 0x1698 C: <-> \Device\Harddisk0\DR0\Partition2
01:28:34.0407 0x1698 ============================================================
01:28:34.0407 0x1698 Initialize success
01:28:34.0407 0x1698 ============================================================
01:29:08.0010 0x1758 ============================================================
01:29:08.0010 0x1758 Scan started
01:29:08.0010 0x1758 Mode: Manual; SigCheck; TDLFS;
01:29:08.0010 0x1758 ============================================================
01:29:08.0010 0x1758 KSN ping started
01:29:10.0831 0x1758 KSN ping finished: true
01:29:11.0645 0x1758 ================ Scan system memory ========================
01:29:11.0645 0x1758 System memory - ok
01:29:11.0646 0x1758 ================ Scan services =============================
01:29:11.0770 0x1758 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:29:11.0901 0x1758 1394ohci - ok
01:29:11.0925 0x1758 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:29:11.0939 0x1758 ACPI - ok
01:29:11.0971 0x1758 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:29:12.0066 0x1758 AcpiPmi - ok
01:29:12.0249 0x1758 [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:29:12.0277 0x1758 AdobeARMservice - ok
01:29:12.0400 0x1758 [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:29:12.0429 0x1758 AdobeFlashPlayerUpdateSvc - ok
01:29:12.0465 0x1758 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:29:12.0487 0x1758 adp94xx - ok
01:29:12.0535 0x1758 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:29:12.0550 0x1758 adpahci - ok
01:29:12.0563 0x1758 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:29:12.0575 0x1758 adpu320 - ok
01:29:12.0605 0x1758 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:29:12.0749 0x1758 AeLookupSvc - ok
01:29:12.0822 0x1758 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
01:29:12.0884 0x1758 AFD - ok
01:29:12.0906 0x1758 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
01:29:12.0919 0x1758 agp440 - ok
01:29:12.0940 0x1758 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
01:29:12.0983 0x1758 ALG - ok
01:29:13.0021 0x1758 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
01:29:13.0051 0x1758 aliide - ok
01:29:13.0069 0x1758 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
01:29:13.0080 0x1758 amdide - ok
01:29:13.0112 0x1758 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:29:13.0162 0x1758 AmdK8 - ok
01:29:13.0182 0x1758 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:29:13.0213 0x1758 AmdPPM - ok
01:29:13.0262 0x1758 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:29:13.0300 0x1758 amdsata - ok
01:29:13.0359 0x1758 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:29:13.0397 0x1758 amdsbs - ok
01:29:13.0411 0x1758 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:29:13.0419 0x1758 amdxata - ok
01:29:13.0443 0x1758 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
01:29:13.0483 0x1758 AppID - ok
01:29:13.0507 0x1758 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:29:13.0542 0x1758 AppIDSvc - ok
01:29:13.0568 0x1758 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
01:29:13.0615 0x1758 Appinfo - ok
01:29:13.0654 0x1758 [ 6BE11AD81D4527D299F0CB5F3731AABC, 9C01278D3336CD74B9672A2A9EF7AF836CB0E7F2EA5BC310E9ADDD1238B92229 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
01:29:13.0684 0x1758 AppleCharger - ok
01:29:13.0695 0x1758 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
01:29:13.0705 0x1758 AppleChargerSrv - ok
01:29:13.0726 0x1758 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
01:29:13.0739 0x1758 arc - ok
01:29:13.0757 0x1758 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:29:13.0771 0x1758 arcsas - ok
01:29:13.0863 0x1758 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:29:13.0949 0x1758 aspnet_state - ok
01:29:13.0984 0x1758 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:29:14.0059 0x1758 AsyncMac - ok
01:29:14.0078 0x1758 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
01:29:14.0086 0x1758 atapi - ok
01:29:14.0129 0x1758 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:29:14.0178 0x1758 AudioEndpointBuilder - ok
01:29:14.0194 0x1758 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:29:14.0230 0x1758 AudioSrv - ok
01:29:14.0440 0x1758 [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
01:29:14.0538 0x1758 AVGIDSAgent - ok
01:29:14.0594 0x1758 [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:29:14.0620 0x1758 AVGIDSDriver - ok
01:29:14.0653 0x1758 [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
01:29:14.0664 0x1758 AVGIDSHA - ok
01:29:14.0682 0x1758 [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
01:29:14.0697 0x1758 Avgldx64 - ok
01:29:14.0767 0x1758 [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
01:29:14.0799 0x1758 Avgloga - ok
01:29:14.0829 0x1758 [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
01:29:14.0842 0x1758 Avgmfx64 - ok
01:29:14.0849 0x1758 [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
01:29:14.0860 0x1758 Avgrkx64 - ok
01:29:14.0874 0x1758 [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
01:29:14.0887 0x1758 Avgtdia - ok
01:29:14.0913 0x1758 [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
01:29:14.0921 0x1758 avgtp - ok
01:29:14.0953 0x1758 [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
01:29:14.0965 0x1758 avgwd - ok
01:29:14.0996 0x1758 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:29:15.0067 0x1758 AxInstSV - ok
01:29:15.0120 0x1758 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:29:15.0175 0x1758 b06bdrv - ok
01:29:15.0207 0x1758 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:29:15.0251 0x1758 b57nd60a - ok
01:29:15.0312 0x1758 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
01:29:15.0354 0x1758 BDESVC - ok
01:29:15.0372 0x1758 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
01:29:15.0438 0x1758 Beep - ok
01:29:15.0518 0x1758 [ 06C1E887BF34C0E31EB8E2C999E4842F, 3D6E84F2939B06ED7FD4F57D109B0B1402B7C21BFC801F36EEFC250DEBFE174C ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
01:29:15.0548 0x1758 BEService - detected UnsignedFile.Multi.Generic ( 1 )
01:29:18.0347 0x1758 BEService ( UnsignedFile.Multi.Generic ) - warning
01:29:32.0229 0x1758 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
01:29:32.0280 0x1758 BFE - ok
01:29:32.0348 0x1758 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
01:29:32.0407 0x1758 BITS - ok
01:29:32.0444 0x1758 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:29:32.0460 0x1758 blbdrive - ok
01:29:32.0498 0x1758 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:29:32.0535 0x1758 bowser - ok
01:29:32.0554 0x1758 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:29:32.0588 0x1758 BrFiltLo - ok
01:29:32.0607 0x1758 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:29:32.0621 0x1758 BrFiltUp - ok
01:29:32.0648 0x1758 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
01:29:32.0682 0x1758 Browser - ok
01:29:32.0714 0x1758 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:29:32.0780 0x1758 Brserid - ok
01:29:32.0798 0x1758 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:29:32.0823 0x1758 BrSerWdm - ok
01:29:32.0841 0x1758 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:29:32.0863 0x1758 BrUsbMdm - ok
01:29:32.0880 0x1758 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:29:32.0904 0x1758 BrUsbSer - ok
01:29:32.0918 0x1758 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:29:32.0934 0x1758 BTHMODEM - ok
01:29:32.0966 0x1758 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
01:29:33.0032 0x1758 bthserv - ok
01:29:33.0066 0x1758 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:29:33.0118 0x1758 cdfs - ok
01:29:33.0148 0x1758 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:29:33.0191 0x1758 cdrom - ok
01:29:33.0320 0x1758 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
01:29:33.0370 0x1758 CertPropSvc - ok
01:29:33.0401 0x1758 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
01:29:33.0422 0x1758 circlass - ok
01:29:33.0440 0x1758 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
01:29:33.0454 0x1758 CLFS - ok
01:29:33.0511 0x1758 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:29:33.0525 0x1758 clr_optimization_v2.0.50727_32 - ok
01:29:33.0560 0x1758 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:29:33.0573 0x1758 clr_optimization_v2.0.50727_64 - ok
01:29:33.0646 0x1758 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:29:33.0812 0x1758 clr_optimization_v4.0.30319_32 - ok
01:29:33.0862 0x1758 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:29:33.0893 0x1758 clr_optimization_v4.0.30319_64 - ok
01:29:33.0927 0x1758 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:29:33.0964 0x1758 CmBatt - ok
01:29:33.0985 0x1758 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:29:34.0002 0x1758 cmdide - ok
01:29:34.0049 0x1758 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
01:29:34.0085 0x1758 CNG - ok
01:29:34.0098 0x1758 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:29:34.0112 0x1758 Compbatt - ok
01:29:34.0136 0x1758 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:29:34.0200 0x1758 CompositeBus - ok
01:29:34.0209 0x1758 COMSysApp - ok
01:29:34.0233 0x1758 cpuz135 - ok
01:29:34.0248 0x1758 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:29:34.0257 0x1758 crcdisk - ok
01:29:34.0300 0x1758 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:29:34.0347 0x1758 CryptSvc - ok
01:29:34.0409 0x1758 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:29:34.0449 0x1758 DcomLaunch - ok
01:29:34.0481 0x1758 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
01:29:34.0512 0x1758 defragsvc - ok
01:29:34.0579 0x1758 [ 2B9A817DC1BDAD9CE5495099B6A7136A, 6D040069C6CD249A4113E4BDD16658D02685F6018F804654934A03F5E2D161A8 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
01:29:34.0603 0x1758 Desura Install Service - ok
01:29:34.0638 0x1758 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:29:34.0690 0x1758 DfsC - ok
01:29:34.0713 0x1758 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
01:29:34.0759 0x1758 Dhcp - ok
01:29:34.0848 0x1758 [ D6B0939B78C73E1396A9C58DCCBC1983, E675BC247222869B89EF39490B579E365542CE083C193DC6E22EDA1B344D4A8F ] Disc Soft Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
01:29:34.0881 0x1758 Disc Soft Bus Service - ok
01:29:34.0892 0x1758 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
01:29:34.0933 0x1758 discache - ok
01:29:34.0956 0x1758 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
01:29:34.0965 0x1758 Disk - ok
01:29:35.0002 0x1758 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:29:35.0037 0x1758 Dnscache - ok
01:29:35.0068 0x1758 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
01:29:35.0138 0x1758 dot3svc - ok
01:29:35.0168 0x1758 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
01:29:35.0218 0x1758 DPS - ok
01:29:35.0307 0x1758 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:29:35.0366 0x1758 drmkaud - ok
01:29:35.0397 0x1758 [ C9914A74045A6D23DB7252FA3985DE25, 0CB2655DDE564810B4F1449B0CB1C2AD18544197F7D061447399BBA98A40D3DF ] dtscsibus C:\Windows\system32\DRIVERS\dtscsibus.sys
01:29:35.0424 0x1758 dtscsibus - ok
01:29:35.0500 0x1758 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:29:35.0531 0x1758 DXGKrnl - ok
01:29:35.0567 0x1758 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
01:29:35.0600 0x1758 EapHost - ok
01:29:35.0747 0x1758 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:29:35.0836 0x1758 ebdrv - ok
01:29:35.0851 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
01:29:35.0875 0x1758 EFS - ok
01:29:35.0958 0x1758 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:29:36.0007 0x1758 ehRecvr - ok
01:29:36.0047 0x1758 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
01:29:36.0059 0x1758 ehSched - ok
01:29:36.0121 0x1758 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:29:36.0147 0x1758 elxstor - ok
01:29:36.0162 0x1758 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:29:36.0182 0x1758 ErrDev - ok
01:29:36.0229 0x1758 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
01:29:36.0250 0x1758 ES lite Service - ok
01:29:36.0263 0x1758 [ 6C17A702399B0205AB7836C2B45CD806, 54BACC652D905A31959031DE1F6116187D6E7961D05DBC2211904CB7EE7E9CFC ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
01:29:36.0286 0x1758 EtronHub3 - ok
01:29:36.0309 0x1758 [ B5348A55CC9541FFA930E30BB0CC8EF6, D20DC1B5BD6DB6AF621611ADE9CDA413587C58515B84814423339AC7BD89F775 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
01:29:36.0340 0x1758 EtronXHCI - ok
01:29:36.0411 0x1758 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
01:29:36.0462 0x1758 EventSystem - ok
01:29:36.0477 0x1758 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
01:29:36.0505 0x1758 exfat - ok
01:29:36.0528 0x1758 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:29:36.0568 0x1758 fastfat - ok
01:29:36.0629 0x1758 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
01:29:36.0688 0x1758 Fax - ok
01:29:36.0699 0x1758 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
01:29:36.0720 0x1758 fdc - ok
01:29:36.0753 0x1758 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
01:29:36.0826 0x1758 fdPHost - ok
01:29:36.0842 0x1758 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
01:29:36.0874 0x1758 FDResPub - ok
01:29:36.0901 0x1758 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:29:36.0910 0x1758 FileInfo - ok
01:29:36.0922 0x1758 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:29:36.0952 0x1758 Filetrace - ok
01:29:37.0082 0x1758 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:29:37.0129 0x1758 FLEXnet Licensing Service - ok
01:29:37.0145 0x1758 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:29:37.0161 0x1758 flpydisk - ok
01:29:37.0235 0x1758 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:29:37.0253 0x1758 FltMgr - ok
01:29:37.0427 0x1758 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
01:29:37.0474 0x1758 FontCache - ok
01:29:37.0537 0x1758 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:29:37.0565 0x1758 FontCache3.0.0.0 - ok
01:29:37.0588 0x1758 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:29:37.0616 0x1758 FsDepends - ok
01:29:37.0699 0x1758 [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:29:37.0761 0x1758 fssfltr - ok
01:29:37.0854 0x1758 [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:29:37.0897 0x1758 fsssvc - ok
01:29:37.0930 0x1758 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:29:37.0938 0x1758 Fs_Rec - ok
01:29:37.0994 0x1758 [ 79B4CDE2B69ED8BA4011859780A66A4D, D2572B737232F8FDD46A811FF69D8DAE4AAD4D2FA47507D78C0C54BF01C4CC4A ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
01:29:38.0020 0x1758 Futuremark SystemInfo Service - ok
01:29:38.0060 0x1758 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:29:38.0088 0x1758 fvevol - ok
01:29:38.0109 0x1758 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:29:38.0119 0x1758 gagp30kx - ok
01:29:38.0154 0x1758 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
01:29:38.0161 0x1758 gdrv - ok
01:29:38.0231 0x1758 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
01:29:38.0279 0x1758 gpsvc - ok
01:29:38.0370 0x1758 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:29:38.0401 0x1758 gupdate - ok
01:29:38.0436 0x1758 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:29:38.0462 0x1758 gupdatem - ok
01:29:38.0503 0x1758 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:29:38.0548 0x1758 hcw85cir - ok
01:29:38.0598 0x1758 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:29:38.0642 0x1758 HdAudAddService - ok
01:29:38.0665 0x1758 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:29:38.0696 0x1758 HDAudBus - ok
01:29:38.0714 0x1758 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:29:38.0726 0x1758 HidBatt - ok
01:29:38.0740 0x1758 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:29:38.0757 0x1758 HidBth - ok
01:29:38.0781 0x1758 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
01:29:38.0791 0x1758 HidIr - ok
01:29:38.0818 0x1758 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
01:29:38.0870 0x1758 hidserv - ok
01:29:38.0913 0x1758 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:29:38.0943 0x1758 HidUsb - ok
01:29:38.0967 0x1758 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:29:39.0018 0x1758 hkmsvc - ok
01:29:39.0035 0x1758 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:29:39.0068 0x1758 HomeGroupListener - ok
01:29:39.0094 0x1758 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:29:39.0117 0x1758 HomeGroupProvider - ok
01:29:39.0148 0x1758 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:29:39.0180 0x1758 HpSAMD - ok
01:29:39.0275 0x1758 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:29:39.0325 0x1758 HTTP - ok
01:29:39.0338 0x1758 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:29:39.0346 0x1758 hwpolicy - ok
01:29:39.0362 0x1758 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:29:39.0373 0x1758 i8042prt - ok
01:29:39.0399 0x1758 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:29:39.0415 0x1758 iaStorV - ok
01:29:39.0487 0x1758 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:29:39.0518 0x1758 idsvc - ok
01:29:39.0559 0x1758 IEEtwCollectorService - ok
01:29:39.0592 0x1758 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:29:39.0637 0x1758 iirsp - ok
01:29:39.0704 0x1758 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
01:29:39.0747 0x1758 IKEEXT - ok
01:29:39.0875 0x1758 [ DAB7318CCFA8081200D5B7B486793F74, 1D0833352D125D7C46F51401C8DE66DB92E3104003917BAEFE4A21218531C330 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:29:39.0927 0x1758 IntcAzAudAddService - ok
01:29:39.0956 0x1758 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
01:29:39.0964 0x1758 intelide - ok
01:29:39.0995 0x1758 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
01:29:40.0005 0x1758 intelppm - ok
01:29:40.0025 0x1758 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:29:40.0064 0x1758 IPBusEnum - ok
01:29:40.0082 0x1758 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:29:40.0107 0x1758 IpFilterDriver - ok
01:29:40.0163 0x1758 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:29:40.0215 0x1758 iphlpsvc - ok
01:29:40.0248 0x1758 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:29:40.0273 0x1758 IPMIDRV - ok
01:29:40.0286 0x1758 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:29:40.0320 0x1758 IPNAT - ok
01:29:40.0339 0x1758 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:29:40.0351 0x1758 IRENUM - ok
01:29:40.0362 0x1758 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:29:40.0371 0x1758 isapnp - ok
01:29:40.0390 0x1758 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:29:40.0404 0x1758 iScsiPrt - ok
01:29:40.0419 0x1758 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:29:40.0428 0x1758 kbdclass - ok
01:29:40.0436 0x1758 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:29:40.0457 0x1758 kbdhid - ok
01:29:40.0470 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
01:29:40.0478 0x1758 KeyIso - ok
01:29:40.0508 0x1758 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:29:40.0517 0x1758 KSecDD - ok
01:29:40.0527 0x1758 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:29:40.0537 0x1758 KSecPkg - ok
01:29:40.0561 0x1758 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:29:40.0594 0x1758 ksthunk - ok
01:29:40.0642 0x1758 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
01:29:40.0684 0x1758 KtmRm - ok
01:29:40.0722 0x1758 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:29:40.0768 0x1758 LanmanServer - ok
01:29:40.0807 0x1758 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:29:40.0841 0x1758 LanmanWorkstation - ok
01:29:40.0872 0x1758 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:29:40.0904 0x1758 lltdsvc - ok
01:29:40.0916 0x1758 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:29:40.0940 0x1758 lmhosts - ok
01:29:40.0986 0x1758 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:29:41.0015 0x1758 LSI_FC - ok
01:29:41.0026 0x1758 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:29:41.0040 0x1758 LSI_SAS - ok
01:29:41.0056 0x1758 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:29:41.0065 0x1758 LSI_SAS2 - ok
01:29:41.0075 0x1758 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:29:41.0086 0x1758 LSI_SCSI - ok
01:29:41.0102 0x1758 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
01:29:41.0140 0x1758 luafv - ok
01:29:41.0172 0x1758 [ 922CBAC7B992B9614CAB7122F4BF9406, CD6FFA2DE518DFD92604F1C6E3D274566410BEE02B6F3D575F2218EA4E165321 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
01:29:41.0190 0x1758 ManyCam - ok
01:29:41.0275 0x1758 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:29:41.0293 0x1758 MBAMProtector - ok
01:29:41.0343 0x1758 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:29:41.0370 0x1758 MBAMScheduler - ok
01:29:41.0402 0x1758 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:29:41.0421 0x1758 MBAMService - ok
01:29:41.0454 0x1758 [ 34A42DD7CF525D0D2C5232916496E4B8, FC703E247FB5D88470F57BCC10890F830BDE782BF7D24B12B2EAAB2C5EC23223 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
01:29:41.0493 0x1758 mcaudrv_simple - ok
01:29:41.0521 0x1758 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:29:41.0542 0x1758 Mcx2Svc - ok
01:29:41.0556 0x1758 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
01:29:41.0564 0x1758 megasas - ok
01:29:41.0590 0x1758 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:29:41.0608 0x1758 MegaSR - ok
01:29:41.0644 0x1758 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
01:29:41.0698 0x1758 MMCSS - ok
01:29:41.0707 0x1758 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
01:29:41.0740 0x1758 Modem - ok
01:29:41.0767 0x1758 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:29:41.0788 0x1758 monitor - ok
01:29:41.0822 0x1758 [ D69F1E9A944A5F46A494AF901ED41118, 162F7EFA30BF687585A2F4CB612CFAA24F5B7B8BEAF1A9FB9FE3E4988682228D ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
01:29:41.0862 0x1758 motandroidusb - ok
01:29:41.0940 0x1758 [ 290750346F5937B02F62594B8EB03215, A676CF1C0F9B4B33B7D1AA8D9C97F144B644F841C9637F57308B436F1AFE5B95 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
01:29:41.0961 0x1758 MotoHelper - ok
01:29:41.0976 0x1758 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:29:41.0985 0x1758 mouclass - ok
01:29:42.0018 0x1758 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:29:42.0038 0x1758 mouhid - ok
01:29:42.0056 0x1758 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:29:42.0065 0x1758 mountmgr - ok
01:29:42.0133 0x1758 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:29:42.0157 0x1758 MozillaMaintenance - ok
01:29:42.0173 0x1758 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
01:29:42.0186 0x1758 mpio - ok
01:29:42.0210 0x1758 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:29:42.0235 0x1758 mpsdrv - ok
01:29:42.0303 0x1758 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:29:42.0357 0x1758 MpsSvc - ok
01:29:42.0383 0x1758 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:29:42.0407 0x1758 MRxDAV - ok
01:29:42.0429 0x1758 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:29:42.0459 0x1758 mrxsmb - ok
01:29:42.0476 0x1758 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:29:42.0490 0x1758 mrxsmb10 - ok
01:29:42.0506 0x1758 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:29:42.0516 0x1758 mrxsmb20 - ok
01:29:42.0535 0x1758 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
01:29:42.0544 0x1758 msahci - ok
01:29:42.0607 0x1758 [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
01:29:42.0634 0x1758 MSCamSvc - ok
01:29:42.0662 0x1758 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:29:42.0677 0x1758 msdsm - ok
01:29:42.0710 0x1758 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
01:29:42.0722 0x1758 MSDTC - ok
01:29:42.0735 0x1758 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:29:42.0759 0x1758 Msfs - ok
01:29:42.0769 0x1758 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:29:42.0805 0x1758 mshidkmdf - ok
01:29:42.0819 0x1758 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:29:42.0826 0x1758 msisadrv - ok
01:29:42.0867 0x1758 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:29:42.0922 0x1758 MSiSCSI - ok
01:29:42.0925 0x1758 msiserver - ok
01:29:42.0946 0x1758 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:29:42.0984 0x1758 MSKSSRV - ok
01:29:42.0996 0x1758 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:29:43.0019 0x1758 MSPCLOCK - ok
01:29:43.0033 0x1758 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:29:43.0062 0x1758 MSPQM - ok
01:29:43.0090 0x1758 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:29:43.0104 0x1758 MsRPC - ok
01:29:43.0114 0x1758 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:29:43.0122 0x1758 mssmbios - ok
01:29:43.0125 0x1758 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:29:43.0159 0x1758 MSTEE - ok
01:29:43.0177 0x1758 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:29:43.0186 0x1758 MTConfig - ok
01:29:43.0202 0x1758 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
01:29:43.0210 0x1758 Mup - ok
01:29:43.0241 0x1758 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
01:29:43.0287 0x1758 napagent - ok
01:29:43.0353 0x1758 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:29:43.0403 0x1758 NativeWifiP - ok
01:29:43.0486 0x1758 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
01:29:43.0517 0x1758 NDIS - ok
01:29:43.0532 0x1758 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:29:43.0556 0x1758 NdisCap - ok
01:29:43.0585 0x1758 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:29:43.0636 0x1758 NdisTapi - ok
01:29:43.0647 0x1758 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:29:43.0671 0x1758 Ndisuio - ok
01:29:43.0682 0x1758 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:29:43.0721 0x1758 NdisWan - ok
01:29:43.0733 0x1758 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:29:43.0757 0x1758 NDProxy - ok
01:29:43.0776 0x1758 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:29:43.0809 0x1758 NetBIOS - ok
01:29:43.0823 0x1758 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:29:43.0852 0x1758 NetBT - ok
01:29:43.0861 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
01:29:43.0870 0x1758 Netlogon - ok
01:29:43.0903 0x1758 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
01:29:43.0944 0x1758 Netman - ok
01:29:43.0969 0x1758 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:29:44.0012 0x1758 NetMsmqActivator - ok
01:29:44.0031 0x1758 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:29:44.0043 0x1758 NetPipeActivator - ok
01:29:44.0078 0x1758 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
01:29:44.0128 0x1758 netprofm - ok
01:29:44.0139 0x1758 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:29:44.0147 0x1758 NetTcpActivator - ok
01:29:44.0155 0x1758 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:29:44.0164 0x1758 NetTcpPortSharing - ok
01:29:44.0186 0x1758 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:29:44.0196 0x1758 nfrd960 - ok
01:29:44.0228 0x1758 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:29:44.0252 0x1758 NlaSvc - ok
01:29:44.0263 0x1758 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:29:44.0287 0x1758 Npfs - ok
01:29:44.0311 0x1758 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
01:29:44.0335 0x1758 nsi - ok
01:29:44.0342 0x1758 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:29:44.0377 0x1758 nsiproxy - ok
01:29:44.0437 0x1758 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:29:44.0475 0x1758 Ntfs - ok
01:29:44.0500 0x1758 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
01:29:44.0523 0x1758 Null - ok
01:29:44.0555 0x1758 [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:29:44.0567 0x1758 NVHDA - ok
01:29:44.0864 0x1758 [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:29:45.0071 0x1758 nvlddmkm - ok
01:29:45.0130 0x1758 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:29:45.0157 0x1758 nvraid - ok
01:29:45.0165 0x1758 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:29:45.0181 0x1758 nvstor - ok
01:29:45.0284 0x1758 [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:29:45.0312 0x1758 nvsvc - ok
01:29:45.0365 0x1758 [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:29:45.0400 0x1758 nvUpdatusService - ok
01:29:45.0426 0x1758 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:29:45.0436 0x1758 nv_agp - ok
01:29:45.0450 0x1758 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:29:45.0460 0x1758 ohci1394 - ok
01:29:45.0537 0x1758 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:29:45.0557 0x1758 ose - ok
01:29:45.0770 0x1758 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:29:45.0887 0x1758 osppsvc - ok
01:29:45.0955 0x1758 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:29:46.0001 0x1758 p2pimsvc - ok
01:29:46.0021 0x1758 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
01:29:46.0047 0x1758 p2psvc - ok
01:29:46.0074 0x1758 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
01:29:46.0085 0x1758 Parport - ok
01:29:46.0110 0x1758 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:29:46.0119 0x1758 partmgr - ok
01:29:46.0136 0x1758 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
01:29:46.0159 0x1758 PcaSvc - ok
01:29:46.0172 0x1758 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
01:29:46.0183 0x1758 pci - ok
01:29:46.0212 0x1758 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
01:29:46.0220 0x1758 pciide - ok
01:29:46.0251 0x1758 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:29:46.0264 0x1758 pcmcia - ok
01:29:46.0278 0x1758 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
01:29:46.0287 0x1758 pcw - ok
01:29:46.0350 0x1758 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:29:46.0404 0x1758 PEAUTH - ok
01:29:46.0480 0x1758 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:29:46.0514 0x1758 PerfHost - ok
01:29:46.0577 0x1758 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
01:29:46.0636 0x1758 pla - ok
01:29:46.0687 0x1758 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:29:46.0740 0x1758 PlugPlay - ok
01:29:46.0754 0x1758 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:29:46.0776 0x1758 PNRPAutoReg - ok
01:29:46.0801 0x1758 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:29:46.0821 0x1758 PNRPsvc - ok
01:29:46.0852 0x1758 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:29:46.0901 0x1758 PolicyAgent - ok
01:29:46.0924 0x1758 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
01:29:46.0959 0x1758 Power - ok
01:29:47.0001 0x1758 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:29:47.0039 0x1758 PptpMiniport - ok
01:29:47.0052 0x1758 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
01:29:47.0074 0x1758 Processor - ok
01:29:47.0124 0x1758 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
01:29:47.0162 0x1758 ProfSvc - ok
01:29:47.0171 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:29:47.0182 0x1758 ProtectedStorage - ok
01:29:47.0217 0x1758 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:29:47.0297 0x1758 Psched - ok
01:29:47.0464 0x1758 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:29:47.0522 0x1758 ql2300 - ok
01:29:47.0540 0x1758 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:29:47.0551 0x1758 ql40xx - ok
01:29:47.0580 0x1758 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
01:29:47.0598 0x1758 QWAVE - ok
01:29:47.0619 0x1758 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:29:47.0639 0x1758 QWAVEdrv - ok
01:29:47.0661 0x1758 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:29:47.0691 0x1758 RasAcd - ok
01:29:47.0731 0x1758 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:29:47.0783 0x1758 RasAgileVpn - ok
01:29:47.0794 0x1758 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
01:29:47.0828 0x1758 RasAuto - ok
01:29:47.0846 0x1758 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:29:47.0872 0x1758 Rasl2tp - ok
01:29:47.0888 0x1758 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
01:29:47.0920 0x1758 RasMan - ok
01:29:47.0936 0x1758 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:29:47.0968 0x1758 RasPppoe - ok
01:29:47.0988 0x1758 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:29:48.0023 0x1758 RasSstp - ok
01:29:48.0039 0x1758 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:29:48.0068 0x1758 rdbss - ok
01:29:48.0081 0x1758 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:29:48.0100 0x1758 rdpbus - ok
01:29:48.0117 0x1758 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:29:48.0140 0x1758 RDPCDD - ok
01:29:48.0158 0x1758 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:29:48.0195 0x1758 RDPENCDD - ok
01:29:48.0200 0x1758 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:29:48.0223 0x1758 RDPREFMP - ok
01:29:48.0252 0x1758 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:29:48.0272 0x1758 RDPWD - ok
01:29:48.0319 0x1758 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:29:48.0339 0x1758 rdyboost - ok
01:29:48.0367 0x1758 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:29:48.0393 0x1758 RemoteAccess - ok
01:29:48.0418 0x1758 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:29:48.0446 0x1758 RemoteRegistry - ok
01:29:48.0472 0x1758 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:29:48.0508 0x1758 RpcEptMapper - ok
01:29:48.0519 0x1758 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
01:29:48.0528 0x1758 RpcLocator - ok
01:29:48.0545 0x1758 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
01:29:48.0578 0x1758 RpcSs - ok
01:29:48.0669 0x1758 [ 60EB8A87357CA5B088B422D1E55A2405, A4E8ACACB9EFB094D05EC24DFB65D969DBA14634EEB6B4DBEF500BDEA8D78DB5 ] rt61x64 C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys
01:29:48.0702 0x1758 rt61x64 - ok
01:29:48.0746 0x1758 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A, AB2615EB7313C02F6311143B27A426042A16925480ECBA6880448BE9818E9A39 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:29:48.0765 0x1758 RTL8167 - ok
01:29:48.0779 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
01:29:48.0788 0x1758 SamSs - ok
01:29:48.0815 0x1758 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:29:48.0826 0x1758 sbp2port - ok
01:29:48.0850 0x1758 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:29:48.0879 0x1758 SCardSvr - ok
01:29:48.0940 0x1758 [ D33BFF730B222D00A2F665F8F3E0A788, 371C7E62FD8F1628F6130E0A67A90FBDB34BBCADB3ADA1E41481EFE073ADDC65 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
01:29:48.0965 0x1758 SCDEmu - ok
01:29:48.0979 0x1758 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:29:49.0023 0x1758 scfilter - ok
01:29:49.0056 0x1758 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
01:29:49.0113 0x1758 Schedule - ok
01:29:49.0134 0x1758 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:29:49.0157 0x1758 SCPolicySvc - ok
01:29:49.0163 0x1758 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:29:49.0183 0x1758 SDRSVC - ok
01:29:49.0213 0x1758 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:29:49.0244 0x1758 secdrv - ok
01:29:49.0268 0x1758 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
01:29:49.0291 0x1758 seclogon - ok
01:29:49.0300 0x1758 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
01:29:49.0338 0x1758 SENS - ok
01:29:49.0361 0x1758 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:29:49.0376 0x1758 SensrSvc - ok
01:29:49.0385 0x1758 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:29:49.0405 0x1758 Serenum - ok
01:29:49.0422 0x1758 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:29:49.0432 0x1758 Serial - ok
01:29:49.0455 0x1758 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:29:49.0474 0x1758 sermouse - ok
01:29:49.0491 0x1758 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
01:29:49.0526 0x1758 SessionEnv - ok
01:29:49.0538 0x1758 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:29:49.0558 0x1758 sffdisk - ok
01:29:49.0587 0x1758 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:29:49.0620 0x1758 sffp_mmc - ok
01:29:49.0632 0x1758 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:29:49.0646 0x1758 sffp_sd - ok
01:29:49.0660 0x1758 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:29:49.0680 0x1758 sfloppy - ok
01:29:49.0712 0x1758 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:29:49.0758 0x1758 SharedAccess - ok
01:29:49.0793 0x1758 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:29:49.0823 0x1758 ShellHWDetection - ok
01:29:49.0839 0x1758 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:29:49.0847 0x1758 SiSRaid2 - ok
01:29:49.0861 0x1758 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:29:49.0871 0x1758 SiSRaid4 - ok
01:29:49.0945 0x1758 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:29:49.0985 0x1758 SkypeUpdate - ok
01:29:50.0006 0x1758 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:29:50.0041 0x1758 Smb - ok
01:29:50.0064 0x1758 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:29:50.0082 0x1758 SNMPTRAP - ok
01:29:50.0103 0x1758 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
01:29:50.0112 0x1758 spldr - ok
01:29:50.0153 0x1758 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
01:29:50.0178 0x1758 Spooler - ok
01:29:50.0263 0x1758 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
01:29:50.0385 0x1758 sppsvc - ok
01:29:50.0415 0x1758 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:29:50.0441 0x1758 sppuinotify - ok
01:29:50.0481 0x1758 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:29:50.0520 0x1758 srv - ok
01:29:50.0537 0x1758 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:29:50.0566 0x1758 srv2 - ok
01:29:50.0590 0x1758 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:29:50.0601 0x1758 srvnet - ok
01:29:50.0659 0x1758 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:29:50.0710 0x1758 SSDPSRV - ok
01:29:50.0723 0x1758 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:29:50.0748 0x1758 SstpSvc - ok
01:29:50.0830 0x1758 [ 5FFDA96330357A914A69D79BE1988A38, E2A03A8D108C210B1111E2466E3DD381F0FA440B95B5013DC728EAD9CFE448AF ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
01:29:50.0859 0x1758 Steam Client Service - ok
01:29:50.0909 0x1758 [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:29:50.0923 0x1758 Stereo Service - ok
01:29:50.0949 0x1758 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:29:50.0958 0x1758 stexstor - ok
01:29:50.0997 0x1758 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
01:29:51.0021 0x1758 stisvc - ok
01:29:51.0029 0x1758 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:29:51.0037 0x1758 swenum - ok
01:29:51.0125 0x1758 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:29:51.0158 0x1758 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
01:29:53.0988 0x1758 Detect skipped due to KSN trusted
01:29:53.0988 0x1758 SwitchBoard - ok
01:29:54.0050 0x1758 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
01:29:54.0105 0x1758 swprv - ok
01:29:54.0165 0x1758 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
01:29:54.0220 0x1758 SysMain - ok
01:29:54.0245 0x1758 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:29:54.0260 0x1758 TabletInputService - ok
01:29:54.0274 0x1758 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
01:29:54.0311 0x1758 TapiSrv - ok
01:29:54.0330 0x1758 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
01:29:54.0355 0x1758 TBS - ok
01:29:54.0449 0x1758 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:29:54.0491 0x1758 Tcpip - ok
01:29:54.0535 0x1758 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:29:54.0577 0x1758 TCPIP6 - ok
01:29:54.0612 0x1758 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:29:54.0621 0x1758 tcpipreg - ok
01:29:54.0653 0x1758 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:29:54.0696 0x1758 TDPIPE - ok
01:29:54.0721 0x1758 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:29:54.0749 0x1758 TDTCP - ok
01:29:54.0770 0x1758 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:29:54.0794 0x1758 tdx - ok
01:29:54.0802 0x1758 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:29:54.0811 0x1758 TermDD - ok
01:29:54.0855 0x1758 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
01:29:54.0906 0x1758 TermService - ok
01:29:54.0919 0x1758 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
01:29:54.0931 0x1758 Themes - ok
01:29:54.0958 0x1758 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
01:29:54.0983 0x1758 THREADORDER - ok
01:29:55.0004 0x1758 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
01:29:55.0043 0x1758 TrkWks - ok
01:29:55.0097 0x1758 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:29:55.0141 0x1758 TrustedInstaller - ok
01:29:55.0169 0x1758 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:29:55.0214 0x1758 tssecsrv - ok
01:29:55.0246 0x1758 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:29:55.0268 0x1758 TsUsbFlt - ok
01:29:55.0279 0x1758 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:29:55.0305 0x1758 TsUsbGD - ok
01:29:55.0320 0x1758 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:29:55.0353 0x1758 tunnel - ok
01:29:55.0366 0x1758 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:29:55.0375 0x1758 uagp35 - ok
01:29:55.0394 0x1758 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:29:55.0429 0x1758 udfs - ok
01:29:55.0450 0x1758 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:29:55.0461 0x1758 UI0Detect - ok
01:29:55.0474 0x1758 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:29:55.0483 0x1758 uliagpkx - ok
01:29:55.0515 0x1758 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:29:55.0535 0x1758 umbus - ok
01:29:55.0555 0x1758 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
01:29:55.0571 0x1758 UmPass - ok
01:29:55.0593 0x1758 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
01:29:55.0641 0x1758 upnphost - ok
01:29:55.0676 0x1758 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:29:55.0709 0x1758 usbaudio - ok
01:29:55.0737 0x1758 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:29:55.0768 0x1758 usbccgp - ok
01:29:55.0795 0x1758 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:29:55.0830 0x1758 usbcir - ok
01:29:55.0857 0x1758 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:29:55.0878 0x1758 usbehci - ok
01:29:55.0924 0x1758 [ 68BAD03835873D4BBBDE95CBB135A395, 2A448397EE3BDC27B423ECA6F86F676065B2E4BE9CEA929FD90B2BD5B046EC52 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
01:29:55.0954 0x1758 UsbFltr - ok
01:29:55.0992 0x1758 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:29:56.0022 0x1758 usbhub - ok
01:29:56.0041 0x1758 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:29:56.0057 0x1758 usbohci - ok
01:29:56.0081 0x1758 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:29:56.0100 0x1758 usbprint - ok
01:29:56.0119 0x1758 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:29:56.0143 0x1758 USBSTOR - ok
01:29:56.0164 0x1758 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:29:56.0172 0x1758 usbuhci - ok
01:29:56.0194 0x1758 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
01:29:56.0233 0x1758 UxSms - ok
01:29:56.0245 0x1758 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
01:29:56.0254 0x1758 VaultSvc - ok
01:29:56.0271 0x1758 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:29:56.0279 0x1758 vdrvroot - ok
01:29:56.0296 0x1758 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
01:29:56.0341 0x1758 vds - ok
01:29:56.0357 0x1758 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:29:56.0367 0x1758 vga - ok
01:29:56.0381 0x1758 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:29:56.0415 0x1758 VgaSave - ok
01:29:56.0429 0x1758 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:29:56.0441 0x1758 vhdmp - ok
01:29:56.0459 0x1758 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
01:29:56.0468 0x1758 viaide - ok
01:29:56.0503 0x1758 [ CCFA4BA3CE37DDF26A00313E1B6210E3, AC86CC8D651A2B12394613A4BB1AF1AE77B431E5AAF0D54F391F3C9D7C53C448 ] ViaUsbModemDriver C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys
01:29:56.0523 0x1758 ViaUsbModemDriver - ok
01:29:56.0558 0x1758 [ D81A7A4875CB431815C7E04046201208, 4A0A7FB2B2589B474FC8644E0373252A3B6B83DC17EB33FBADD854A0E65406C2 ] VIA_USB_ETS C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys
01:29:56.0593 0x1758 VIA_USB_ETS - ok
01:29:56.0646 0x1758 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:29:56.0672 0x1758 volmgr - ok
01:29:56.0689 0x1758 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:29:56.0703 0x1758 volmgrx - ok
01:29:56.0722 0x1758 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:29:56.0734 0x1758 volsnap - ok
01:29:56.0752 0x1758 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:29:56.0763 0x1758 vsmraid - ok
01:29:56.0823 0x1758 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
01:29:56.0899 0x1758 VSS - ok
01:29:56.0919 0x1758 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:29:56.0937 0x1758 vwifibus - ok
01:29:57.0151 0x1758 [ CE6C085771812D5EE863CC7EF93CAEF2, 40CBE5D2A88A1DB412ED22F15B68D0D5BF1090E909DCC65946178BB1AB782248 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
01:29:57.0214 0x1758 VX1000 - ok
01:29:57.0241 0x1758 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
01:29:57.0274 0x1758 W32Time - ok
01:29:57.0299 0x1758 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:29:57.0320 0x1758 WacomPen - ok
01:29:57.0342 0x1758 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:29:57.0376 0x1758 WANARP - ok
01:29:57.0380 0x1758 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:29:57.0403 0x1758 Wanarpv6 - ok
01:29:57.0491 0x1758 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:29:57.0531 0x1758 WatAdminSvc - ok
01:29:57.0574 0x1758 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
01:29:57.0645 0x1758 wbengine - ok
01:29:57.0664 0x1758 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:29:57.0681 0x1758 WbioSrvc - ok
01:29:57.0711 0x1758 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:29:57.0742 0x1758 wcncsvc - ok
01:29:57.0760 0x1758 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:29:57.0776 0x1758 WcsPlugInService - ok
01:29:57.0795 0x1758 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
01:29:57.0804 0x1758 Wd - ok
01:29:57.0844 0x1758 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:29:57.0867 0x1758 Wdf01000 - ok
01:29:57.0884 0x1758 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:29:57.0931 0x1758 WdiServiceHost - ok
01:29:57.0935 0x1758 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:29:57.0948 0x1758 WdiSystemHost - ok
01:29:57.0972 0x1758 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
01:29:57.0987 0x1758 WebClient - ok
01:29:58.0018 0x1758 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:29:58.0086 0x1758 Wecsvc - ok
01:29:58.0094 0x1758 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:29:58.0131 0x1758 wercplsupport - ok
01:29:58.0154 0x1758 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
01:29:58.0180 0x1758 WerSvc - ok
01:29:58.0214 0x1758 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:29:58.0245 0x1758 WfpLwf - ok
01:29:58.0260 0x1758 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:29:58.0268 0x1758 WIMMount - ok
01:29:58.0288 0x1758 WinDefend - ok
01:29:58.0301 0x1758 WinHttpAutoProxySvc - ok
01:29:58.0365 0x1758 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:29:58.0394 0x1758 Winmgmt - ok
01:29:58.0455 0x1758 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
01:29:58.0528 0x1758 WinRM - ok
01:29:58.0568 0x1758 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:29:58.0579 0x1758 WinUsb - ok
01:29:58.0608 0x1758 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:29:58.0652 0x1758 Wlansvc - ok
01:29:58.0832 0x1758 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:29:58.0890 0x1758 wlidsvc - ok
01:29:58.0912 0x1758 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:29:58.0927 0x1758 WmiAcpi - ok
01:29:58.0955 0x1758 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:29:58.0978 0x1758 wmiApSrv - ok
01:29:59.0013 0x1758 WMPNetworkSvc - ok
01:29:59.0039 0x1758 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:29:59.0069 0x1758 WPCSvc - ok
01:29:59.0081 0x1758 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:29:59.0093 0x1758 WPDBusEnum - ok
01:29:59.0115 0x1758 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:29:59.0149 0x1758 ws2ifsl - ok
01:29:59.0163 0x1758 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
01:29:59.0195 0x1758 wscsvc - ok
01:29:59.0198 0x1758 WSearch - ok
01:29:59.0324 0x1758 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
01:29:59.0398 0x1758 wuauserv - ok
01:29:59.0421 0x1758 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:29:59.0456 0x1758 WudfPf - ok
01:29:59.0468 0x1758 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:29:59.0491 0x1758 WUDFRd - ok
01:29:59.0513 0x1758 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:29:59.0535 0x1758 wudfsvc - ok
01:29:59.0565 0x1758 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
01:29:59.0586 0x1758 WwanSvc - ok
01:29:59.0614 0x1758 wxpSvc - ok
01:29:59.0648 0x1758 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
01:29:59.0682 0x1758 xusb21 - ok
01:29:59.0791 0x1758 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:29:59.0813 0x1758 YahooAUService - ok
01:29:59.0824 0x1758 ================ Scan global ===============================
01:29:59.0847 0x1758 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
01:29:59.0877 0x1758 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
01:29:59.0886 0x1758 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
01:29:59.0916 0x1758 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
01:29:59.0930 0x1758 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
01:29:59.0935 0x1758 [ Global ] - ok
01:29:59.0936 0x1758 ================ Scan MBR ==================================
01:29:59.0948 0x1758 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:30:00.0209 0x1758 \Device\Harddisk0\DR0 - ok
01:30:00.0209 0x1758 ================ Scan VBR ==================================
01:30:00.0212 0x1758 [ 0AE33EC8E51CD168A6A305CD6ABC2224 ] \Device\Harddisk0\DR0\Partition1
01:30:00.0245 0x1758 \Device\Harddisk0\DR0\Partition1 - ok
01:30:00.0269 0x1758 [ C4AF33452B4A9ADD3BCD1D29A941DDAB ] \Device\Harddisk0\DR0\Partition2
01:30:00.0369 0x1758 \Device\Harddisk0\DR0\Partition2 - ok
01:30:00.0370 0x1758 Waiting for KSN requests completion. In queue: 66
01:30:01.0370 0x1758 Waiting for KSN requests completion. In queue: 66
01:30:02.0370 0x1758 Waiting for KSN requests completion. In queue: 66
01:30:03.0426 0x1758 AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41000 ( enabled : updated )
01:30:03.0461 0x1758 Win FW state via NFP2: enabled
01:30:06.0275 0x1758 ============================================================
01:30:06.0275 0x1758 Scan finished
01:30:06.0275 0x1758 ============================================================
01:30:06.0297 0x1750 Detected object count: 1
01:30:06.0297 0x1750 Actual detected object count: 1
01:30:47.0854 0x1750 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
01:30:47.0854 0x1750 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:32:25.0878 0x14b0 ============================================================
01:32:25.0878 0x14b0 Scan started
01:32:25.0878 0x14b0 Mode: Manual; SigCheck; TDLFS;
01:32:25.0878 0x14b0 ============================================================
01:32:25.0879 0x14b0 KSN ping started
01:32:39.0689 0x14b0 KSN ping finished: true
01:32:40.0417 0x14b0 ================ Scan system memory ========================
01:32:40.0417 0x14b0 System memory - ok
01:32:40.0418 0x14b0 ================ Scan services =============================
01:32:40.0513 0x14b0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:32:40.0539 0x14b0 1394ohci - ok
01:32:40.0556 0x14b0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:32:40.0570 0x14b0 ACPI - ok
01:32:40.0585 0x14b0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:32:40.0595 0x14b0 AcpiPmi - ok
01:32:40.0656 0x14b0 [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:32:40.0684 0x14b0 AdobeARMservice - ok
01:32:40.0798 0x14b0 [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:32:40.0822 0x14b0 AdobeFlashPlayerUpdateSvc - ok
01:32:40.0843 0x14b0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:32:40.0860 0x14b0 adp94xx - ok
01:32:40.0891 0x14b0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:32:40.0905 0x14b0 adpahci - ok
01:32:40.0920 0x14b0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:32:40.0932 0x14b0 adpu320 - ok
01:32:40.0962 0x14b0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:32:40.0988 0x14b0 AeLookupSvc - ok
01:32:41.0024 0x14b0 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
01:32:41.0042 0x14b0 AFD - ok
01:32:41.0055 0x14b0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
01:32:41.0064 0x14b0 agp440 - ok
01:32:41.0080 0x14b0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
01:32:41.0092 0x14b0 ALG - ok
01:32:41.0119 0x14b0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
01:32:41.0129 0x14b0 aliide - ok
01:32:41.0168 0x14b0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
01:32:41.0177 0x14b0 amdide - ok
01:32:41.0226 0x14b0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:32:41.0237 0x14b0 AmdK8 - ok
01:32:41.0255 0x14b0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:32:41.0265 0x14b0 AmdPPM - ok
01:32:41.0366 0x14b0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:32:41.0377 0x14b0 amdsata - ok
01:32:41.0417 0x14b0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:32:41.0430 0x14b0 amdsbs - ok
01:32:41.0452 0x14b0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:32:41.0461 0x14b0 amdxata - ok
01:32:41.0484 0x14b0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
01:32:41.0511 0x14b0 AppID - ok
01:32:41.0557 0x14b0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:32:41.0583 0x14b0 AppIDSvc - ok
01:32:41.0625 0x14b0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
01:32:41.0636 0x14b0 Appinfo - ok
01:32:41.0669 0x14b0 [ 6BE11AD81D4527D299F0CB5F3731AABC, 9C01278D3336CD74B9672A2A9EF7AF836CB0E7F2EA5BC310E9ADDD1238B92229 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
01:32:41.0678 0x14b0 AppleCharger - ok
01:32:41.0703 0x14b0 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
01:32:41.0713 0x14b0 AppleChargerSrv - ok
01:32:41.0744 0x14b0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
01:32:41.0754 0x14b0 arc - ok
01:32:41.0773 0x14b0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:32:41.0784 0x14b0 arcsas - ok
01:32:41.0893 0x14b0 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:32:41.0902 0x14b0 aspnet_state - ok
01:32:41.0941 0x14b0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:32:41.0968 0x14b0 AsyncMac - ok
01:32:41.0994 0x14b0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
01:32:42.0002 0x14b0 atapi - ok
01:32:42.0036 0x14b0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:32:42.0074 0x14b0 AudioEndpointBuilder - ok
01:32:42.0092 0x14b0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:32:42.0129 0x14b0 AudioSrv - ok
01:32:42.0347 0x14b0 [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
01:32:42.0443 0x14b0 AVGIDSAgent - ok
01:32:42.0490 0x14b0 [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:32:42.0519 0x14b0 AVGIDSDriver - ok
01:32:42.0543 0x14b0 [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
01:32:42.0551 0x14b0 AVGIDSHA - ok
01:32:42.0572 0x14b0 [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
01:32:42.0583 0x14b0 Avgldx64 - ok
01:32:42.0610 0x14b0 [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
01:32:42.0623 0x14b0 Avgloga - ok
01:32:42.0665 0x14b0 [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
01:32:42.0694 0x14b0 Avgmfx64 - ok
01:32:42.0707 0x14b0 [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
01:32:42.0718 0x14b0 Avgrkx64 - ok
01:32:42.0730 0x14b0 [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
01:32:42.0742 0x14b0 Avgtdia - ok
01:32:42.0770 0x14b0 [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
01:32:42.0778 0x14b0 avgtp - ok
01:32:42.0810 0x14b0 [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
01:32:42.0823 0x14b0 avgwd - ok
01:32:42.0853 0x14b0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:32:42.0867 0x14b0 AxInstSV - ok
01:32:42.0895 0x14b0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:32:42.0912 0x14b0 b06bdrv - ok
01:32:42.0927 0x14b0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:32:42.0941 0x14b0 b57nd60a - ok
01:32:42.0956 0x14b0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
01:32:42.0966 0x14b0 BDESVC - ok
01:32:42.0979 0x14b0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
01:32:43.0003 0x14b0 Beep - ok
01:32:43.0067 0x14b0 [ 06C1E887BF34C0E31EB8E2C999E4842F, 3D6E84F2939B06ED7FD4F57D109B0B1402B7C21BFC801F36EEFC250DEBFE174C ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
01:32:43.0079 0x14b0 BEService - detected UnsignedFile.Multi.Generic ( 1 )
01:32:43.0080 0x14b0 BEService ( UnsignedFile.Multi.Generic ) - warning
01:32:45.0971 0x14b0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
01:32:46.0003 0x14b0 BFE - ok
01:32:46.0050 0x14b0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
01:32:46.0090 0x14b0 BITS - ok
01:32:46.0117 0x14b0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:32:46.0126 0x14b0 blbdrive - ok
01:32:46.0151 0x14b0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:32:46.0160 0x14b0 bowser - ok
01:32:46.0169 0x14b0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:32:46.0179 0x14b0 BrFiltLo - ok
01:32:46.0189 0x14b0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:32:46.0199 0x14b0 BrFiltUp - ok
01:32:46.0229 0x14b0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
01:32:46.0263 0x14b0 Browser - ok
01:32:46.0287 0x14b0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:32:46.0306 0x14b0 Brserid - ok
01:32:46.0322 0x14b0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:32:46.0332 0x14b0 BrSerWdm - ok
01:32:46.0347 0x14b0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:32:46.0357 0x14b0 BrUsbMdm - ok
01:32:46.0370 0x14b0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:32:46.0378 0x14b0 BrUsbSer - ok
01:32:46.0391 0x14b0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:32:46.0402 0x14b0 BTHMODEM - ok
01:32:46.0431 0x14b0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
01:32:46.0456 0x14b0 bthserv - ok
01:32:46.0469 0x14b0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:32:46.0494 0x14b0 cdfs - ok
01:32:46.0513 0x14b0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:32:46.0524 0x14b0 cdrom - ok
01:32:46.0540 0x14b0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
01:32:46.0564 0x14b0 CertPropSvc - ok
01:32:46.0574 0x14b0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
01:32:46.0585 0x14b0 circlass - ok
01:32:46.0605 0x14b0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
01:32:46.0619 0x14b0 CLFS - ok
01:32:46.0676 0x14b0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:32:46.0697 0x14b0 clr_optimization_v2.0.50727_32 - ok
01:32:46.0733 0x14b0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:32:46.0741 0x14b0 clr_optimization_v2.0.50727_64 - ok
01:32:46.0796 0x14b0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:46.0822 0x14b0 clr_optimization_v4.0.30319_32 - ok
01:32:46.0838 0x14b0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:32:46.0850 0x14b0 clr_optimization_v4.0.30319_64 - ok
01:32:46.0876 0x14b0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:32:46.0886 0x14b0 CmBatt - ok
01:32:46.0908 0x14b0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:32:46.0916 0x14b0 cmdide - ok
01:32:46.0978 0x14b0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
01:32:47.0007 0x14b0 CNG - ok
01:32:47.0021 0x14b0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:32:47.0029 0x14b0 Compbatt - ok
01:32:47.0042 0x14b0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:32:47.0054 0x14b0 CompositeBus - ok
01:32:47.0058 0x14b0 COMSysApp - ok
01:32:47.0073 0x14b0 cpuz135 - ok
01:32:47.0088 0x14b0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:32:47.0098 0x14b0 crcdisk - ok
01:32:47.0140 0x14b0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:32:47.0153 0x14b0 CryptSvc - ok
01:32:47.0194 0x14b0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:32:47.0229 0x14b0 DcomLaunch - ok
01:32:47.0263 0x14b0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
01:32:47.0319 0x14b0 defragsvc - ok
01:32:47.0375 0x14b0 [ 2B9A817DC1BDAD9CE5495099B6A7136A, 6D040069C6CD249A4113E4BDD16658D02685F6018F804654934A03F5E2D161A8 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
01:32:47.0386 0x14b0 Desura Install Service - ok
01:32:47.0410 0x14b0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:32:47.0442 0x14b0 DfsC - ok
01:32:47.0461 0x14b0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
01:32:47.0478 0x14b0 Dhcp - ok
01:32:47.0545 0x14b0 [ D6B0939B78C73E1396A9C58DCCBC1983, E675BC247222869B89EF39490B579E365542CE083C193DC6E22EDA1B344D4A8F ] Disc Soft Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
01:32:47.0565 0x14b0 Disc Soft Bus Service - ok
01:32:47.0582 0x14b0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
01:32:47.0612 0x14b0 discache - ok
01:32:47.0630 0x14b0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
01:32:47.0643 0x14b0 Disk - ok
01:32:47.0684 0x14b0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:32:47.0697 0x14b0 Dnscache - ok
01:32:47.0725 0x14b0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
01:32:47.0758 0x14b0 dot3svc - ok
01:32:47.0776 0x14b0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
01:32:47.0804 0x14b0 DPS - ok
01:32:47.0830 0x14b0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:32:47.0839 0x14b0 drmkaud - ok
01:32:47.0870 0x14b0 [ C9914A74045A6D23DB7252FA3985DE25, 0CB2655DDE564810B4F1449B0CB1C2AD18544197F7D061447399BBA98A40D3DF ] dtscsibus C:\Windows\system32\DRIVERS\dtscsibus.sys
01:32:47.0880 0x14b0 dtscsibus - ok
01:32:47.0933 0x14b0 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:32:47.0962 0x14b0 DXGKrnl - ok
01:32:47.0982 0x14b0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
01:32:48.0010 0x14b0 EapHost - ok
01:32:48.0107 0x14b0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:32:48.0189 0x14b0 ebdrv - ok
01:32:48.0227 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
01:32:48.0236 0x14b0 EFS - ok
01:32:48.0427 0x14b0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:32:48.0456 0x14b0 ehRecvr - ok
01:32:48.0535 0x14b0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
01:32:48.0572 0x14b0 ehSched - ok
01:32:48.0690 0x14b0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:32:48.0713 0x14b0 elxstor - ok
01:32:48.0753 0x14b0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:32:48.0781 0x14b0 ErrDev - ok
01:32:48.0861 0x14b0 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
01:32:48.0880 0x14b0 ES lite Service - ok
01:32:48.0902 0x14b0 [ 6C17A702399B0205AB7836C2B45CD806, 54BACC652D905A31959031DE1F6116187D6E7961D05DBC2211904CB7EE7E9CFC ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
01:32:48.0910 0x14b0 EtronHub3 - ok
01:32:48.0930 0x14b0 [ B5348A55CC9541FFA930E30BB0CC8EF6, D20DC1B5BD6DB6AF621611ADE9CDA413587C58515B84814423339AC7BD89F775 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
01:32:48.0937 0x14b0 EtronXHCI - ok
01:32:49.0017 0x14b0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
01:32:49.0059 0x14b0 EventSystem - ok
01:32:49.0075 0x14b0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
01:32:49.0103 0x14b0 exfat - ok
01:32:49.0127 0x14b0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:32:49.0155 0x14b0 fastfat - ok
01:32:49.0211 0x14b0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
01:32:49.0234 0x14b0 Fax - ok
01:32:49.0256 0x14b0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
01:32:49.0264 0x14b0 fdc - ok
01:32:49.0292 0x14b0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
01:32:49.0317 0x14b0 fdPHost - ok
01:32:49.0349 0x14b0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
01:32:49.0402 0x14b0 FDResPub - ok
01:32:49.0424 0x14b0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:32:49.0434 0x14b0 FileInfo - ok
01:32:49.0453 0x14b0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:32:49.0478 0x14b0 Filetrace - ok
01:32:49.0521 0x14b0 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:32:49.0540 0x14b0 FLEXnet Licensing Service - ok
01:32:49.0552 0x14b0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:32:49.0561 0x14b0 flpydisk - ok
01:32:49.0587 0x14b0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:32:49.0601 0x14b0 FltMgr - ok
01:32:49.0649 0x14b0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
01:32:49.0682 0x14b0 FontCache - ok
01:32:49.0733 0x14b0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:32:49.0740 0x14b0 FontCache3.0.0.0 - ok
01:32:49.0752 0x14b0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:32:49.0761 0x14b0 FsDepends - ok
01:32:49.0786 0x14b0 [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:32:49.0797 0x14b0 fssfltr - ok
01:32:49.0880 0x14b0 [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:32:49.0919 0x14b0 fsssvc - ok
01:32:49.0945 0x14b0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:32:49.0954 0x14b0 Fs_Rec - ok
01:32:49.0995 0x14b0 [ 79B4CDE2B69ED8BA4011859780A66A4D, D2572B737232F8FDD46A811FF69D8DAE4AAD4D2FA47507D78C0C54BF01C4CC4A ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
01:32:50.0005 0x14b0 Futuremark SystemInfo Service - ok
01:32:50.0031 0x14b0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:32:50.0050 0x14b0 fvevol - ok
01:32:50.0074 0x14b0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:32:50.0084 0x14b0 gagp30kx - ok
01:32:50.0127 0x14b0 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
01:32:50.0137 0x14b0 gdrv - ok
01:32:50.0188 0x14b0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
01:32:50.0235 0x14b0 gpsvc - ok
01:32:50.0279 0x14b0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:50.0292 0x14b0 gupdate - ok
01:32:50.0297 0x14b0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:50.0305 0x14b0 gupdatem - ok
01:32:50.0325 0x14b0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:32:50.0334 0x14b0 hcw85cir - ok
01:32:50.0382 0x14b0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:32:50.0400 0x14b0 HdAudAddService - ok
01:32:50.0421 0x14b0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:32:50.0433 0x14b0 HDAudBus - ok
01:32:50.0446 0x14b0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:32:50.0455 0x14b0 HidBatt - ok
01:32:50.0471 0x14b0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:32:50.0483 0x14b0 HidBth - ok
01:32:50.0512 0x14b0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
01:32:50.0523 0x14b0 HidIr - ok
01:32:50.0558 0x14b0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
01:32:50.0584 0x14b0 hidserv - ok
01:32:50.0618 0x14b0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:32:50.0627 0x14b0 HidUsb - ok
01:32:50.0657 0x14b0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:32:50.0680 0x14b0 hkmsvc - ok
01:32:50.0700 0x14b0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:32:50.0712 0x14b0 HomeGroupListener - ok
01:32:50.0743 0x14b0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:32:50.0755 0x14b0 HomeGroupProvider - ok
01:32:50.0771 0x14b0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:32:50.0780 0x14b0 HpSAMD - ok
01:32:50.0807 0x14b0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:32:50.0843 0x14b0 HTTP - ok
01:32:50.0853 0x14b0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:32:50.0861 0x14b0 hwpolicy - ok
01:32:50.0877 0x14b0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:32:50.0887 0x14b0 i8042prt - ok
01:32:50.0905 0x14b0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:32:50.0920 0x14b0 iaStorV - ok
01:32:50.0970 0x14b0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:32:50.0992 0x14b0 idsvc - ok
01:32:50.0996 0x14b0 IEEtwCollectorService - ok
01:32:51.0014 0x14b0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:32:51.0022 0x14b0 iirsp - ok
01:32:51.0064 0x14b0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
01:32:51.0089 0x14b0 IKEEXT - ok
01:32:51.0487 0x14b0 [ DAB7318CCFA8081200D5B7B486793F74, 1D0833352D125D7C46F51401C8DE66DB92E3104003917BAEFE4A21218531C330 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:32:51.0538 0x14b0 IntcAzAudAddService - ok
01:32:51.0562 0x14b0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
01:32:51.0571 0x14b0 intelide - ok
01:32:51.0593 0x14b0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
01:32:51.0602 0x14b0 intelppm - ok
01:32:51.0623 0x14b0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:32:51.0648 0x14b0 IPBusEnum - ok
01:32:51.0663 0x14b0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:32:51.0688 0x14b0 IpFilterDriver - ok
01:32:51.0749 0x14b0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:32:51.0776 0x14b0 iphlpsvc - ok
01:32:51.0787 0x14b0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:32:51.0797 0x14b0 IPMIDRV - ok
01:32:51.0808 0x14b0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:32:51.0833 0x14b0 IPNAT - ok
01:32:51.0846 0x14b0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:32:51.0857 0x14b0 IRENUM - ok
01:32:51.0869 0x14b0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:32:51.0877 0x14b0 isapnp - ok
01:32:51.0906 0x14b0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:32:51.0918 0x14b0 iScsiPrt - ok
01:32:51.0934 0x14b0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:32:51.0943 0x14b0 kbdclass - ok
01:32:51.0951 0x14b0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:32:51.0960 0x14b0 kbdhid - ok
01:32:51.0976 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
01:32:51.0985 0x14b0 KeyIso - ok
01:32:52.0014 0x14b0 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:32:52.0024 0x14b0 KSecDD - ok
01:32:52.0034 0x14b0 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:32:52.0044 0x14b0 KSecPkg - ok
01:32:52.0051 0x14b0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:32:52.0075 0x14b0 ksthunk - ok
01:32:52.0107 0x14b0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
01:32:52.0139 0x14b0 KtmRm - ok
01:32:52.0162 0x14b0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:32:52.0189 0x14b0 LanmanServer - ok
01:32:52.0214 0x14b0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:32:52.0239 0x14b0 LanmanWorkstation - ok
01:32:52.0262 0x14b0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:32:52.0292 0x14b0 lltdsvc - ok
01:32:52.0306 0x14b0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:32:52.0331 0x14b0 lmhosts - ok
01:32:52.0363 0x14b0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:32:52.0373 0x14b0 LSI_FC - ok
01:32:52.0382 0x14b0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:32:52.0392 0x14b0 LSI_SAS - ok
01:32:52.0404 0x14b0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:32:52.0413 0x14b0 LSI_SAS2 - ok
01:32:52.0424 0x14b0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:32:52.0433 0x14b0 LSI_SCSI - ok
01:32:52.0450 0x14b0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
01:32:52.0476 0x14b0 luafv - ok
01:32:52.0495 0x14b0 [ 922CBAC7B992B9614CAB7122F4BF9406, CD6FFA2DE518DFD92604F1C6E3D274566410BEE02B6F3D575F2218EA4E165321 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
01:32:52.0503 0x14b0 ManyCam - ok
01:32:52.0547 0x14b0 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:32:52.0555 0x14b0 MBAMProtector - ok
01:32:52.0602 0x14b0 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:32:52.0615 0x14b0 MBAMScheduler - ok
01:32:52.0642 0x14b0 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:32:52.0662 0x14b0 MBAMService - ok
01:32:52.0686 0x14b0 [ 34A42DD7CF525D0D2C5232916496E4B8, FC703E247FB5D88470F57BCC10890F830BDE782BF7D24B12B2EAAB2C5EC23223 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
01:32:52.0693 0x14b0 mcaudrv_simple - ok
01:32:52.0726 0x14b0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:32:52.0736 0x14b0 Mcx2Svc - ok
01:32:52.0746 0x14b0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
01:32:52.0754 0x14b0 megasas - ok
01:32:52.0779 0x14b0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:32:52.0792 0x14b0 MegaSR - ok
01:32:52.0822 0x14b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
01:32:52.0847 0x14b0 MMCSS - ok
01:32:52.0856 0x14b0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
01:32:52.0880 0x14b0 Modem - ok
01:32:52.0890 0x14b0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:32:52.0900 0x14b0 monitor - ok
01:32:52.0928 0x14b0 [ D69F1E9A944A5F46A494AF901ED41118, 162F7EFA30BF687585A2F4CB612CFAA24F5B7B8BEAF1A9FB9FE3E4988682228D ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
01:32:52.0937 0x14b0 motandroidusb - ok
01:32:52.0999 0x14b0 [ 290750346F5937B02F62594B8EB03215, A676CF1C0F9B4B33B7D1AA8D9C97F144B644F841C9637F57308B436F1AFE5B95 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
01:32:53.0024 0x14b0 MotoHelper - ok
01:32:53.0034 0x14b0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:32:53.0045 0x14b0 mouclass - ok
01:32:53.0058 0x14b0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:32:53.0067 0x14b0 mouhid - ok
01:32:53.0079 0x14b0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:32:53.0089 0x14b0 mountmgr - ok
01:32:53.0126 0x14b0 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:32:53.0158 0x14b0 MozillaMaintenance - ok
01:32:53.0188 0x14b0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
01:32:53.0202 0x14b0 mpio - ok
01:32:53.0225 0x14b0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:32:53.0250 0x14b0 mpsdrv - ok
01:32:53.0316 0x14b0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:32:53.0362 0x14b0 MpsSvc - ok
01:32:53.0390 0x14b0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:32:53.0400 0x14b0 MRxDAV - ok
01:32:53.0419 0x14b0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:32:53.0430 0x14b0 mrxsmb - ok
01:32:53.0442 0x14b0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:32:53.0455 0x14b0 mrxsmb10 - ok
01:32:53.0471 0x14b0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:32:53.0481 0x14b0 mrxsmb20 - ok
01:32:53.0500 0x14b0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
01:32:53.0508 0x14b0 msahci - ok
01:32:53.0569 0x14b0 [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
01:32:53.0594 0x14b0 MSCamSvc - ok
01:32:53.0610 0x14b0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:32:53.0621 0x14b0 msdsm - ok
01:32:53.0633 0x14b0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
01:32:53.0645 0x14b0 MSDTC - ok
01:32:53.0659 0x14b0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:32:53.0682 0x14b0 Msfs - ok
01:32:53.0710 0x14b0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:32:53.0732 0x14b0 mshidkmdf - ok
01:32:53.0742 0x14b0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:32:53.0750 0x14b0 msisadrv - ok
01:32:53.0782 0x14b0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:32:53.0808 0x14b0 MSiSCSI - ok
01:32:53.0811 0x14b0 msiserver - ok
01:32:53.0820 0x14b0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:32:53.0843 0x14b0 MSKSSRV - ok
01:32:53.0852 0x14b0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:32:53.0876 0x14b0 MSPCLOCK - ok
01:32:53.0898 0x14b0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:32:53.0921 0x14b0 MSPQM - ok
01:32:53.0946 0x14b0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:32:53.0961 0x14b0 MsRPC - ok
01:32:53.0987 0x14b0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:32:53.0996 0x14b0 mssmbios - ok
01:32:54.0015 0x14b0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:32:54.0038 0x14b0 MSTEE - ok
01:32:54.0051 0x14b0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:32:54.0059 0x14b0 MTConfig - ok
01:32:54.0075 0x14b0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
01:32:54.0084 0x14b0 Mup - ok
01:32:54.0114 0x14b0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
01:32:54.0147 0x14b0 napagent - ok
01:32:54.0179 0x14b0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:32:54.0197 0x14b0 NativeWifiP - ok
01:32:54.0241 0x14b0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
01:32:54.0265 0x14b0 NDIS - ok
01:32:54.0281 0x14b0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:32:54.0306 0x14b0 NdisCap - ok
01:32:54.0317 0x14b0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:32:54.0340 0x14b0 NdisTapi - ok
01:32:54.0353 0x14b0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:32:54.0377 0x14b0 Ndisuio - ok
01:32:54.0406 0x14b0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:32:54.0432 0x14b0 NdisWan - ok
01:32:54.0440 0x14b0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:32:54.0463 0x14b0 NDProxy - ok
01:32:54.0474 0x14b0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:32:54.0499 0x14b0 NetBIOS - ok
01:32:54.0513 0x14b0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:32:54.0542 0x14b0 NetBT - ok
01:32:54.0551 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
01:32:54.0560 0x14b0 Netlogon - ok
01:32:54.0593 0x14b0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
01:32:54.0626 0x14b0 Netman - ok
01:32:54.0650 0x14b0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:32:54.0659 0x14b0 NetMsmqActivator - ok
01:32:54.0664 0x14b0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:32:54.0673 0x14b0 NetPipeActivator - ok
01:32:54.0691 0x14b0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
01:32:54.0726 0x14b0 netprofm - ok
01:32:54.0732 0x14b0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:32:54.0741 0x14b0 NetTcpActivator - ok
01:32:54.0745 0x14b0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:32:54.0754 0x14b0 NetTcpPortSharing - ok
01:32:54.0768 0x14b0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:32:54.0777 0x14b0 nfrd960 - ok
01:32:54.0810 0x14b0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:32:54.0825 0x14b0 NlaSvc - ok
01:32:54.0853 0x14b0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:32:54.0881 0x14b0 Npfs - ok
01:32:54.0893 0x14b0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
01:32:54.0919 0x14b0 nsi - ok
01:32:54.0932 0x14b0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:32:54.0959 0x14b0 nsiproxy - ok
01:32:55.0044 0x14b0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:32:55.0084 0x14b0 Ntfs - ok
01:32:55.0107 0x14b0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
01:32:55.0131 0x14b0 Null - ok
01:32:55.0154 0x14b0 [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:32:55.0166 0x14b0 NVHDA - ok
01:32:55.0434 0x14b0 [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:32:55.0648 0x14b0 nvlddmkm - ok
01:32:55.0697 0x14b0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:32:55.0707 0x14b0 nvraid - ok
01:32:55.0714 0x14b0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:32:55.0725 0x14b0 nvstor - ok
01:32:55.0775 0x14b0 [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:32:55.0798 0x14b0 nvsvc - ok
01:32:55.0856 0x14b0 [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:32:55.0888 0x14b0 nvUpdatusService - ok
01:32:55.0907 0x14b0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:32:55.0918 0x14b0 nv_agp - ok
01:32:55.0931 0x14b0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:32:55.0941 0x14b0 ohci1394 - ok
01:32:56.0010 0x14b0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:32:56.0041 0x14b0 ose - ok
01:32:56.0226 0x14b0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:32:56.0325 0x14b0 osppsvc - ok
01:32:56.0363 0x14b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:32:56.0379 0x14b0 p2pimsvc - ok
01:32:56.0409 0x14b0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
01:32:56.0427 0x14b0 p2psvc - ok
01:32:56.0456 0x14b0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
01:32:56.0467 0x14b0 Parport - ok
01:32:56.0491 0x14b0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:32:56.0500 0x14b0 partmgr - ok
01:32:56.0517 0x14b0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
01:32:56.0533 0x14b0 PcaSvc - ok
01:32:56.0545 0x14b0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
01:32:56.0556 0x14b0 pci - ok
01:32:56.0576 0x14b0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
01:32:56.0584 0x14b0 pciide - ok
01:32:56.0599 0x14b0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:32:56.0611 0x14b0 pcmcia - ok
01:32:56.0625 0x14b0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
01:32:56.0634 0x14b0 pcw - ok
01:32:56.0674 0x14b0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:32:56.0712 0x14b0 PEAUTH - ok
01:32:56.0785 0x14b0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:32:56.0795 0x14b0 PerfHost - ok
01:32:56.0853 0x14b0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
01:32:56.0906 0x14b0 pla - ok
01:32:56.0946 0x14b0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:32:56.0963 0x14b0 PlugPlay - ok
01:32:56.0976 0x14b0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:32:56.0985 0x14b0 PNRPAutoReg - ok
01:32:57.0005 0x14b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:32:57.0020 0x14b0 PNRPsvc - ok
01:32:57.0056 0x14b0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:32:57.0090 0x14b0 PolicyAgent - ok
01:32:57.0121 0x14b0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
01:32:57.0149 0x14b0 Power - ok
01:32:57.0187 0x14b0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:32:57.0234 0x14b0 PptpMiniport - ok
01:32:57.0250 0x14b0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
01:32:57.0260 0x14b0 Processor - ok
01:32:57.0277 0x14b0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
01:32:57.0290 0x14b0 ProfSvc - ok
01:32:57.0301 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:32:57.0310 0x14b0 ProtectedStorage - ok
01:32:57.0334 0x14b0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:32:57.0360 0x14b0 Psched - ok
01:32:57.0407 0x14b0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:32:57.0442 0x14b0 ql2300 - ok
01:32:57.0463 0x14b0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:32:57.0473 0x14b0 ql40xx - ok
01:32:57.0504 0x14b0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
01:32:57.0520 0x14b0 QWAVE - ok
01:32:57.0533 0x14b0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:32:57.0545 0x14b0 QWAVEdrv - ok
01:32:57.0567 0x14b0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:32:57.0594 0x14b0 RasAcd - ok
01:32:57.0619 0x14b0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:32:57.0644 0x14b0 RasAgileVpn - ok
01:32:57.0658 0x14b0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
01:32:57.0684 0x14b0 RasAuto - ok
01:32:57.0702 0x14b0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:32:57.0726 0x14b0 Rasl2tp - ok
01:32:57.0744 0x14b0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
01:32:57.0774 0x14b0 RasMan - ok
01:32:57.0792 0x14b0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:32:57.0817 0x14b0 RasPppoe - ok
01:32:57.0827 0x14b0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:32:57.0852 0x14b0 RasSstp - ok
01:32:57.0870 0x14b0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:32:57.0899 0x14b0 rdbss - ok
01:32:57.0928 0x14b0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:32:57.0961 0x14b0 rdpbus - ok
01:32:57.0972 0x14b0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:32:58.0000 0x14b0 RDPCDD - ok
01:32:58.0006 0x14b0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:32:58.0029 0x14b0 RDPENCDD - ok
01:32:58.0033 0x14b0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:32:58.0057 0x14b0 RDPREFMP - ok
01:32:58.0091 0x14b0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:32:58.0103 0x14b0 RDPWD - ok
01:32:58.0124 0x14b0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:32:58.0135 0x14b0 rdyboost - ok
01:32:58.0165 0x14b0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:32:58.0190 0x14b0 RemoteAccess - ok
01:32:58.0216 0x14b0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:32:58.0243 0x14b0 RemoteRegistry - ok
01:32:58.0253 0x14b0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:32:58.0278 0x14b0 RpcEptMapper - ok
01:32:58.0291 0x14b0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
01:32:58.0300 0x14b0 RpcLocator - ok
01:32:58.0318 0x14b0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
01:32:58.0352 0x14b0 RpcSs - ok
01:32:58.0388 0x14b0 [ 60EB8A87357CA5B088B422D1E55A2405, A4E8ACACB9EFB094D05EC24DFB65D969DBA14634EEB6B4DBEF500BDEA8D78DB5 ] rt61x64 C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys
01:32:58.0402 0x14b0 rt61x64 - ok
01:32:58.0434 0x14b0 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A, AB2615EB7313C02F6311143B27A426042A16925480ECBA6880448BE9818E9A39 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:32:58.0448 0x14b0 RTL8167 - ok
01:32:58.0461 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
01:32:58.0470 0x14b0 SamSs - ok
01:32:58.0497 0x14b0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:32:58.0506 0x14b0 sbp2port - ok
01:32:58.0532 0x14b0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:32:58.0560 0x14b0 SCardSvr - ok
01:32:58.0593 0x14b0 [ D33BFF730B222D00A2F665F8F3E0A788, 371C7E62FD8F1628F6130E0A67A90FBDB34BBCADB3ADA1E41481EFE073ADDC65 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
01:32:58.0623 0x14b0 SCDEmu - ok
01:32:58.0636 0x14b0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:32:58.0662 0x14b0 scfilter - ok
01:32:58.0697 0x14b0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
01:32:58.0742 0x14b0 Schedule - ok
01:32:58.0765 0x14b0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:32:58.0789 0x14b0 SCPolicySvc - ok
01:32:58.0796 0x14b0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:32:58.0808 0x14b0 SDRSVC - ok
01:32:58.0828 0x14b0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:32:58.0852 0x14b0 secdrv - ok
01:32:58.0875 0x14b0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
01:32:58.0899 0x14b0 seclogon - ok
01:32:58.0906 0x14b0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
01:32:58.0932 0x14b0 SENS - ok
01:32:58.0943 0x14b0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:32:58.0952 0x14b0 SensrSvc - ok
01:32:58.0967 0x14b0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:32:58.0976 0x14b0 Serenum - ok
01:32:58.0987 0x14b0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:32:58.0997 0x14b0 Serial - ok
01:32:59.0012 0x14b0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:32:59.0021 0x14b0 sermouse - ok
01:32:59.0039 0x14b0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
01:32:59.0065 0x14b0 SessionEnv - ok
01:32:59.0078 0x14b0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:32:59.0088 0x14b0 sffdisk - ok
01:32:59.0110 0x14b0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:32:59.0120 0x14b0 sffp_mmc - ok
01:32:59.0130 0x14b0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:32:59.0140 0x14b0 sffp_sd - ok
01:32:59.0150 0x14b0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:32:59.0161 0x14b0 sfloppy - ok
01:32:59.0247 0x14b0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:32:59.0295 0x14b0 SharedAccess - ok
01:32:59.0325 0x14b0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:32:59.0355 0x14b0 ShellHWDetection - ok
01:32:59.0370 0x14b0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:32:59.0379 0x14b0 SiSRaid2 - ok
01:32:59.0393 0x14b0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:32:59.0402 0x14b0 SiSRaid4 - ok
01:32:59.0452 0x14b0 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:32:59.0465 0x14b0 SkypeUpdate - ok
01:32:59.0479 0x14b0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:32:59.0504 0x14b0 Smb - ok
01:32:59.0521 0x14b0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:32:59.0530 0x14b0 SNMPTRAP - ok
01:32:59.0544 0x14b0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
01:32:59.0552 0x14b0 spldr - ok
01:32:59.0641 0x14b0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
01:32:59.0668 0x14b0 Spooler - ok
01:32:59.0752 0x14b0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
01:32:59.0847 0x14b0 sppsvc - ok
01:32:59.0880 0x14b0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:32:59.0905 0x14b0 sppuinotify - ok
01:32:59.0937 0x14b0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:32:59.0955 0x14b0 srv - ok
01:32:59.0977 0x14b0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:32:59.0994 0x14b0 srv2 - ok
01:33:00.0004 0x14b0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:33:00.0015 0x14b0 srvnet - ok
01:33:00.0047 0x14b0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:33:00.0075 0x14b0 SSDPSRV - ok
01:33:00.0088 0x14b0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:33:00.0113 0x14b0 SstpSvc - ok
01:33:00.0183 0x14b0 [ 5FFDA96330357A914A69D79BE1988A38, E2A03A8D108C210B1111E2466E3DD381F0FA440B95B5013DC728EAD9CFE448AF ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
01:33:00.0206 0x14b0 Steam Client Service - ok
01:33:00.0238 0x14b0 [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:33:00.0252 0x14b0 Stereo Service - ok
01:33:00.0281 0x14b0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:33:00.0289 0x14b0 stexstor - ok
01:33:00.0320 0x14b0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
01:33:00.0344 0x14b0 stisvc - ok
01:33:00.0353 0x14b0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:33:00.0360 0x14b0 swenum - ok
01:33:00.0417 0x14b0 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:33:00.0434 0x14b0 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
01:33:00.0434 0x14b0 Detect skipped due to KSN trusted
01:33:00.0434 0x14b0 SwitchBoard - ok
01:33:00.0467 0x14b0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
01:33:00.0502 0x14b0 swprv - ok
01:33:00.0547 0x14b0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
01:33:00.0595 0x14b0 SysMain - ok
01:33:00.0627 0x14b0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:33:00.0664 0x14b0 TabletInputService - ok
01:33:00.0691 0x14b0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
01:33:00.0720 0x14b0 TapiSrv - ok
01:33:00.0728 0x14b0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
01:33:00.0754 0x14b0 TBS - ok
01:33:00.0817 0x14b0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:33:00.0860 0x14b0 Tcpip - ok
01:33:00.0902 0x14b0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:33:00.0943 0x14b0 TCPIP6 - ok
01:33:00.0969 0x14b0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:33:00.0978 0x14b0 tcpipreg - ok
01:33:01.0002 0x14b0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:33:01.0010 0x14b0 TDPIPE - ok
01:33:01.0028 0x14b0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:33:01.0036 0x14b0 TDTCP - ok
01:33:01.0051 0x14b0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:33:01.0076 0x14b0 tdx - ok
01:33:01.0084 0x14b0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:33:01.0093 0x14b0 TermDD - ok
01:33:01.0136 0x14b0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
01:33:01.0172 0x14b0 TermService - ok
01:33:01.0177 0x14b0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
01:33:01.0190 0x14b0 Themes - ok
01:33:01.0235 0x14b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
01:33:01.0284 0x14b0 THREADORDER - ok
01:33:01.0291 0x14b0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
01:33:01.0316 0x14b0 TrkWks - ok
01:33:01.0379 0x14b0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:33:01.0434 0x14b0 TrustedInstaller - ok
01:33:01.0459 0x14b0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:33:01.0467 0x14b0 tssecsrv - ok
01:33:01.0494 0x14b0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:33:01.0502 0x14b0 TsUsbFlt - ok
01:33:01.0511 0x14b0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:33:01.0519 0x14b0 TsUsbGD - ok
01:33:01.0535 0x14b0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:33:01.0559 0x14b0 tunnel - ok
01:33:01.0572 0x14b0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:33:01.0581 0x14b0 uagp35 - ok
01:33:01.0601 0x14b0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:33:01.0631 0x14b0 udfs - ok
01:33:01.0657 0x14b0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:33:01.0667 0x14b0 UI0Detect - ok
01:33:01.0680 0x14b0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:33:01.0689 0x14b0 uliagpkx - ok
01:33:01.0697 0x14b0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:33:01.0706 0x14b0 umbus - ok
01:33:01.0720 0x14b0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
01:33:01.0728 0x14b0 UmPass - ok
01:33:01.0750 0x14b0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
01:33:01.0781 0x14b0 upnphost - ok
01:33:01.0808 0x14b0 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:33:01.0817 0x14b0 usbaudio - ok
01:33:01.0844 0x14b0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:33:01.0854 0x14b0 usbccgp - ok
01:33:01.0877 0x14b0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:33:01.0886 0x14b0 usbcir - ok
01:33:01.0914 0x14b0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:33:01.0923 0x14b0 usbehci - ok
01:33:01.0947 0x14b0 [ 68BAD03835873D4BBBDE95CBB135A395, 2A448397EE3BDC27B423ECA6F86F676065B2E4BE9CEA929FD90B2BD5B046EC52 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
01:33:01.0954 0x14b0 UsbFltr - ok
01:33:01.0989 0x14b0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:33:02.0003 0x14b0 usbhub - ok
01:33:02.0031 0x14b0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:33:02.0040 0x14b0 usbohci - ok
01:33:02.0063 0x14b0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:33:02.0073 0x14b0 usbprint - ok
01:33:02.0101 0x14b0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:33:02.0110 0x14b0 USBSTOR - ok
01:33:02.0121 0x14b0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:33:02.0129 0x14b0 usbuhci - ok
01:33:02.0151 0x14b0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
01:33:02.0175 0x14b0 UxSms - ok
01:33:02.0186 0x14b0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
01:33:02.0195 0x14b0 VaultSvc - ok
01:33:02.0203 0x14b0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:33:02.0211 0x14b0 vdrvroot - ok
01:33:02.0228 0x14b0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
01:33:02.0262 0x14b0 vds - ok
01:33:02.0272 0x14b0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:33:02.0282 0x14b0 vga - ok
01:33:02.0296 0x14b0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:33:02.0321 0x14b0 VgaSave - ok
01:33:02.0344 0x14b0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:33:02.0355 0x14b0 vhdmp - ok
01:33:02.0374 0x14b0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
01:33:02.0382 0x14b0 viaide - ok
01:33:02.0410 0x14b0 [ CCFA4BA3CE37DDF26A00313E1B6210E3, AC86CC8D651A2B12394613A4BB1AF1AE77B431E5AAF0D54F391F3C9D7C53C448 ] ViaUsbModemDriver C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys
01:33:02.0418 0x14b0 ViaUsbModemDriver - ok
01:33:02.0432 0x14b0 [ D81A7A4875CB431815C7E04046201208, 4A0A7FB2B2589B474FC8644E0373252A3B6B83DC17EB33FBADD854A0E65406C2 ] VIA_USB_ETS C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys
01:33:02.0439 0x14b0 VIA_USB_ETS - ok
01:33:02.0449 0x14b0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:33:02.0458 0x14b0 volmgr - ok
01:33:02.0470 0x14b0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:33:02.0484 0x14b0 volmgrx - ok
01:33:02.0504 0x14b0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:33:02.0517 0x14b0 volsnap - ok
01:33:02.0533 0x14b0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:33:02.0543 0x14b0 vsmraid - ok
01:33:02.0588 0x14b0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
01:33:02.0644 0x14b0 VSS - ok
01:33:02.0659 0x14b0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:33:02.0669 0x14b0 vwifibus - ok
01:33:02.0787 0x14b0 [ CE6C085771812D5EE863CC7EF93CAEF2, 40CBE5D2A88A1DB412ED22F15B68D0D5BF1090E909DCC65946178BB1AB782248 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
01:33:02.0830 0x14b0 VX1000 - ok
01:33:02.0856 0x14b0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
01:33:02.0888 0x14b0 W32Time - ok
01:33:02.0914 0x14b0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:33:02.0923 0x14b0 WacomPen - ok
01:33:02.0940 0x14b0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:33:02.0964 0x14b0 WANARP - ok
01:33:02.0967 0x14b0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:33:02.0992 0x14b0 Wanarpv6 - ok
01:33:03.0038 0x14b0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:33:03.0069 0x14b0 WatAdminSvc - ok
01:33:03.0114 0x14b0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
01:33:03.0153 0x14b0 wbengine - ok
01:33:03.0170 0x14b0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:33:03.0186 0x14b0 WbioSrvc - ok
01:33:03.0270 0x14b0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:33:03.0304 0x14b0 wcncsvc - ok
01:33:03.0317 0x14b0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:33:03.0326 0x14b0 WcsPlugInService - ok
01:33:03.0352 0x14b0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
01:33:03.0360 0x14b0 Wd - ok
01:33:03.0400 0x14b0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:33:03.0423 0x14b0 Wdf01000 - ok
01:33:03.0432 0x14b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:33:03.0446 0x14b0 WdiServiceHost - ok
01:33:03.0450 0x14b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:33:03.0463 0x14b0 WdiSystemHost - ok
01:33:03.0487 0x14b0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
01:33:03.0501 0x14b0 WebClient - ok
01:33:03.0534 0x14b0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:33:03.0563 0x14b0 Wecsvc - ok
01:33:03.0576 0x14b0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:33:03.0601 0x14b0 wercplsupport - ok
01:33:03.0611 0x14b0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
01:33:03.0636 0x14b0 WerSvc - ok
01:33:03.0663 0x14b0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:33:03.0685 0x14b0 WfpLwf - ok
01:33:03.0700 0x14b0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:33:03.0708 0x14b0 WIMMount - ok
01:33:03.0728 0x14b0 WinDefend - ok
01:33:03.0733 0x14b0 WinHttpAutoProxySvc - ok
01:33:03.0800 0x14b0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:33:03.0850 0x14b0 Winmgmt - ok
01:33:03.0912 0x14b0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
01:33:03.0976 0x14b0 WinRM - ok
01:33:04.0000 0x14b0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:33:04.0011 0x14b0 WinUsb - ok
01:33:04.0040 0x14b0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:33:04.0070 0x14b0 Wlansvc - ok
01:33:04.0232 0x14b0 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:33:04.0280 0x14b0 wlidsvc - ok
01:33:04.0294 0x14b0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:33:04.0302 0x14b0 WmiAcpi - ok
01:33:04.0337 0x14b0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:33:04.0350 0x14b0 wmiApSrv - ok
01:33:04.0370 0x14b0 WMPNetworkSvc - ok
01:33:04.0395 0x14b0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:33:04.0404 0x14b0 WPCSvc - ok
01:33:04.0412 0x14b0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:33:04.0424 0x14b0 WPDBusEnum - ok
01:33:04.0447 0x14b0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:33:04.0471 0x14b0 ws2ifsl - ok
01:33:04.0487 0x14b0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
01:33:04.0501 0x14b0 wscsvc - ok
01:33:04.0503 0x14b0 WSearch - ok
01:33:04.0586 0x14b0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
01:33:04.0638 0x14b0 wuauserv - ok
01:33:04.0670 0x14b0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:33:04.0679 0x14b0 WudfPf - ok
01:33:04.0692 0x14b0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:33:04.0704 0x14b0 WUDFRd - ok
01:33:04.0719 0x14b0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:33:04.0730 0x14b0 wudfsvc - ok
01:33:04.0764 0x14b0 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
01:33:04.0777 0x14b0 WwanSvc - ok
01:33:04.0805 0x14b0 wxpSvc - ok
01:33:04.0826 0x14b0 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
01:33:04.0834 0x14b0 xusb21 - ok
01:33:04.0922 0x14b0 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:33:04.0944 0x14b0 YahooAUService - ok
01:33:04.0951 0x14b0 ================ Scan global ===============================
01:33:04.0979 0x14b0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
01:33:05.0009 0x14b0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
01:33:05.0019 0x14b0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
01:33:05.0048 0x14b0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
01:33:05.0062 0x14b0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
01:33:05.0067 0x14b0 [ Global ] - ok
01:33:05.0067 0x14b0 ================ Scan MBR ==================================
01:33:05.0079 0x14b0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:33:05.0324 0x14b0 \Device\Harddisk0\DR0 - ok
01:33:05.0325 0x14b0 ================ Scan VBR ==================================
01:33:05.0331 0x14b0 [ 0AE33EC8E51CD168A6A305CD6ABC2224 ] \Device\Harddisk0\DR0\Partition1
01:33:05.0360 0x14b0 \Device\Harddisk0\DR0\Partition1 - ok
01:33:05.0367 0x14b0 [ C4AF33452B4A9ADD3BCD1D29A941DDAB ] \Device\Harddisk0\DR0\Partition2
01:33:05.0400 0x14b0 \Device\Harddisk0\DR0\Partition2 - ok
01:33:05.0414 0x14b0 AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41000 ( enabled : updated )
01:33:05.0421 0x14b0 Win FW state via NFP2: enabled
01:33:08.0255 0x14b0 ============================================================
01:33:08.0255 0x14b0 Scan finished
01:33:08.0255 0x14b0 ============================================================
01:33:08.0269 0x14d4 Detected object count: 1
01:33:08.0269 0x14d4 Actual detected object count: 1
01:33:16.0001 0x14d4 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
01:33:16.0002 0x14d4 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
trusty
Posted 20 February 2014 - 01:16 PM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
New OTL log


OTL logfile created on: 2/20/2014 1:36:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.09% Memory free
7.99 Gb Paging File | 5.86 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 458.75 Gb Free Space | 49.25% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/19 02:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/15 15:45:33 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2012/11/29 16:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014/02/14 22:00:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/04 19:08:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 00:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/02/08 23:09:27 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/14 22:31:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/03/26 08:28:58 | 005,404,472 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/12/03 21:58:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/03 01:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/11/25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/10 13:23:24 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/05/19 14:50:28 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/19 00:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 00:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/01/26 00:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/04/26 21:25:18 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2010/04/26 21:25:18 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2010/04/07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/09 09:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/07/02 15:01:03 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 0A 66 94 30 D7 CD 01 [binary data]
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3113028246-842292649-213859181-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.3: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "ww.google.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: " http://www.google.co...ogle Search&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/17 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/08 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2014/02/20 01:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\extensions
[2013/10/27 23:56:11 | 000,001,726 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\searchplugins\Bing.xml
[2014/02/14 22:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 22:00:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 22:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 22:00:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 22:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.sweetpa...A-50E54930AC42}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: SiteChat = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlbhoebcjponkmlmoeinojjcggbnk\0.3.70_0\
CHR - Extension: SiteChat = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlbhoebcjponkmlmoeinojjcggbnk\0.3.70_0\~
CHR - Extension: Angry Birds = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Updater By SweetPacks = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.583_0\
CHR - Extension: AdBlock = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: [bleep] of Sand = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaafclnkndleaafooaoicagokdpggla\1.1.1_0\
CHR - Extension: We-Care.com Reminder = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.40_0\
CHR - Extension: Skype Click to Call = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Plants vs Zombies = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: HD Facebook Video Downloader = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg\1.0_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3113028246-842292649-213859181-1000..\Run: [Spotify Web Helper] C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3113028246-842292649-213859181-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BCE307D-1850-4244-9201-4DD0D2F9BB25}: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96EEC8F-A6F8-4EB9-B74C-33798C07F3E5}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2014/02/20 01:12:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/19 15:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Octodad Dadliest Catch
[2014/02/19 02:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New folder
[2014/02/18 23:55:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2014/02/18 23:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2014/02/18 23:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/18 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/02/14 22:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/13 03:02:48 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 03:01:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 03:01:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 03:01:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 03:01:46 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 03:01:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 03:01:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 03:01:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 03:01:44 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 03:01:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 03:01:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 03:01:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 03:01:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 03:01:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 03:01:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 03:01:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 03:01:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 03:01:41 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 03:01:41 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 03:01:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 03:01:41 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 03:01:39 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 03:01:38 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 03:01:35 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 16:51:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 16:51:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 16:51:39 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 16:51:39 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 16:51:39 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 16:51:39 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 16:51:39 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 16:51:39 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 16:51:39 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 16:51:38 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 16:51:38 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 16:51:38 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 16:51:38 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 16:51:38 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 16:51:38 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 16:51:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 16:51:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 16:51:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 16:51:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 16:51:33 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 16:51:33 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/04 19:08:08 | 005,556,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/01/23 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Image-Line
[2014/01/23 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2014/01/23 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2014/01/23 17:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\FlowStone
[2014/01/23 17:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2014/01/22 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Blizzard
[2014/01/22 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014/01/22 22:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2014/01/22 21:23:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Blizzard Entertainment
[2014/01/22 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Battle.net
[2014/01/22 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Battle.net
[2014/01/22 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/01/22 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net

========== Files - Modified Within 30 Days ==========

[2014/02/20 01:32:20 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/20 01:32:20 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/20 01:29:22 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/20 01:29:22 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/20 01:29:22 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/20 01:26:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/20 01:25:05 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/20 01:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/20 01:24:58 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/20 00:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000UA.job
[2014/02/20 00:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/20 00:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/19 23:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113028246-842292649-213859181-1000Core.job
[2014/02/18 23:35:38 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/02/18 23:35:16 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/17 21:03:13 | 000,000,849 | ---- | M] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2014/02/17 21:03:13 | 000,000,829 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/13 03:13:52 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/04 19:08:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/04 19:08:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/04 19:08:08 | 005,556,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/03 01:45:22 | 000,129,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/02/03 00:52:37 | 000,000,132 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/02/01 15:36:39 | 000,052,177 | ---- | M] () -- C:\Users\Dave\Desktop\MvUKKoA.jpg
[2014/01/29 23:55:12 | 000,105,331 | ---- | M] () -- C:\Users\Dave\Desktop\BfKljMXIcAA9tSK.jpg
[2014/01/27 00:28:12 | 001,675,259 | ---- | M] () -- C:\Users\Dave\Desktop\the way we used to.wma
[2014/01/23 17:37:04 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2014/01/22 22:36:39 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/01/22 21:23:18 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk

========== Files Created - No Company Name ==========

[2014/02/18 23:35:16 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/17 21:03:13 | 000,000,849 | ---- | C] () -- C:\Users\Dave\Desktop\µTorrent.lnk
[2014/02/01 15:36:38 | 000,052,177 | ---- | C] () -- C:\Users\Dave\Desktop\MvUKKoA.jpg
[2014/01/29 23:55:11 | 000,105,331 | ---- | C] () -- C:\Users\Dave\Desktop\BfKljMXIcAA9tSK.jpg
[2014/01/27 00:25:52 | 001,675,259 | ---- | C] () -- C:\Users\Dave\Desktop\the way we used to.wma
[2014/01/23 17:37:04 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2014/01/23 17:36:38 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2014/01/22 22:36:39 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/01/22 21:23:18 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2013/07/12 20:48:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/26 12:29:53 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/25 21:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/12/13 00:01:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/21 08:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/18 14:31:37 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2012/07/02 15:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/03/31 19:56:35 | 000,000,132 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/03 18:25:37 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/15 22:54:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.minecraft
[2013/03/29 08:48:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.mono
[2012/11/04 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Avanti
[2012/10/06 11:54:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013
[2014/01/22 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Battle.net
[2012/04/10 09:06:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/19 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DAEMON Tools Ultra
[2012/07/09 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Deckadance19
[2012/04/04 11:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Digiarty
[2012/02/05 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DVDVideoSoft
[2012/02/05 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/03/12 21:19:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2014/01/23 17:36:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FlowStone
[2014/01/23 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Image-Line
[2011/10/02 16:01:54 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient
[2012/05/23 10:21:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LolClient2
[2012/09/14 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\mjusbsp
[2012/06/04 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Motorola
[2013/11/27 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MultiBit
[2013/07/13 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Natural Selection 2
[2014/02/18 23:35:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenCandy
[2013/05/19 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerISO
[2011/12/21 22:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\REAPER
[2012/08/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SilvestriRN5e
[2013/01/20 22:36:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\skyz
[2012/07/09 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SongManager
[2014/02/19 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spotify
[2012/08/22 23:11:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Stardock
[2014/02/18 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
[2012/10/06 11:54:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
[2012/10/06 23:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\USMA
[2014/02/20 01:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
[2012/10/13 08:31:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 08:31:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\System32\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows.old\Windows\System32\rpcss.dll
[2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2011/09/05 12:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Windows.old\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows.old\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2012/04/26 14:54:58 | 000,109,895 | ---- | M] () MD5=27C527CBCA5F2A406A8705400A044C5C -- C:\Program Files (x86)\Android\android-sdk\docs\guide\topics\fundamentals\services.html

< MD5 for: SERVICES.JAVA >
[2012/04/26 14:59:21 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\Program Files (x86)\Android\android-sdk\sources\android-15\org\apache\harmony\security\fortress\Services.java

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/27 13:22:58 | 000,000,313 | ---- | M] () MD5=A82A4B4C99E97378641AE32069971198 -- C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XZTCD2YA\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is A8E9-0212
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC
01/23/2014 05:36 PM <SYMLINKD> Downloaded [C:\Users\Dave\Documents\Image-Line\Data\fpc\]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Harmor
01/23/2014 05:36 PM <SYMLINKD> Downloaded [C:\Users\Dave\Documents\Image-Line\Data\Harmor\]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun
01/23/2014 05:36 PM <SYMLINKD> Downloaded [C:\Users\Dave\Documents\Image-Line\Data\ogun\]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dave
10/01/2011 05:20 PM <JUNCTION> Application Data [C:\Users\Dave\AppData\Roaming]
10/01/2011 05:20 PM <JUNCTION> Cookies [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies]
10/01/2011 05:20 PM <JUNCTION> Local Settings [C:\Users\Dave\AppData\Local]
10/01/2011 05:20 PM <JUNCTION> My Documents [C:\Users\Dave\Documents]
10/01/2011 05:20 PM <JUNCTION> NetHood [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/01/2011 05:20 PM <JUNCTION> PrintHood [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/01/2011 05:20 PM <JUNCTION> Recent [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Recent]
10/01/2011 05:20 PM <JUNCTION> SendTo [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\SendTo]
10/01/2011 05:20 PM <JUNCTION> Start Menu [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu]
10/01/2011 05:20 PM <JUNCTION> Templates [C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dave\AppData\Local
10/01/2011 05:20 PM <JUNCTION> Application Data [C:\Users\Dave\AppData\Local]
10/01/2011 05:20 PM <JUNCTION> History [C:\Users\Dave\AppData\Local\Microsoft\Windows\History]
10/01/2011 05:20 PM <JUNCTION> Temporary Internet Files [C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dave\Documents
10/01/2011 05:20 PM <JUNCTION> My Music [C:\Users\Dave\Music]
10/01/2011 05:20 PM <JUNCTION> My Pictures [C:\Users\Dave\Pictures]
10/01/2011 05:20 PM <JUNCTION> My Videos [C:\Users\Dave\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
10/01/2011 05:34 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
10/01/2011 05:34 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
10/01/2011 05:34 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
10/01/2011 05:34 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
10/01/2011 05:34 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/01/2011 05:34 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/01/2011 05:34 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
10/01/2011 05:34 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
10/01/2011 05:34 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
10/01/2011 05:34 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
10/01/2011 05:34 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
10/01/2011 05:34 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
10/01/2011 05:34 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
10/01/2011 05:34 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
10/01/2011 05:34 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
10/01/2011 05:34 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Windows.old\Users]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Windows.old\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [.]
07/14/2009 12:08 AM <JUNCTION> Favorites [.]
07/14/2009 12:08 AM <JUNCTION> Start Menu [.]
07/14/2009 12:08 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Roaming]
09/30/2011 05:06 PM <JUNCTION> Cookies [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies]
09/30/2011 05:06 PM <JUNCTION> Local Settings [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> My Documents [C:\Windows.old\Users\Dave\Documents]
09/30/2011 05:06 PM <JUNCTION> NetHood [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/30/2011 05:06 PM <JUNCTION> PrintHood [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/30/2011 05:06 PM <JUNCTION> Recent [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Recent]
09/30/2011 05:06 PM <JUNCTION> SendTo [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\SendTo]
09/30/2011 05:06 PM <JUNCTION> Start Menu [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu]
09/30/2011 05:06 PM <JUNCTION> Templates [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [.]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Documents
09/30/2011 05:06 PM <JUNCTION> My Music [C:\Windows.old\Users\Dave\Music]
09/30/2011 05:06 PM <JUNCTION> My Pictures [C:\Windows.old\Users\Dave\Pictures]
09/30/2011 05:06 PM <JUNCTION> My Videos [C:\Windows.old\Users\Dave\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [.]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Dave\My Documents
09/30/2011 05:06 PM <JUNCTION> My Music [C:\Windows.old\Users\Dave\Music]
09/30/2011 05:06 PM <JUNCTION> My Pictures [C:\Windows.old\Users\Dave\Pictures]
09/30/2011 05:06 PM <JUNCTION> My Videos [C:\Windows.old\Users\Dave\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Windows.old\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\My Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Windows.old\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [.]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default User\My Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Roaming]
08/30/2011 07:00 PM <JUNCTION> Cookies [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
08/30/2011 07:00 PM <JUNCTION> Local Settings [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> My Documents [C:\Windows.old\Users\UpdatusUser\Documents]
08/30/2011 07:00 PM <JUNCTION> NetHood [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/30/2011 07:00 PM <JUNCTION> PrintHood [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/30/2011 07:00 PM <JUNCTION> Recent [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
08/30/2011 07:00 PM <JUNCTION> SendTo [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
08/30/2011 07:00 PM <JUNCTION> Start Menu [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
08/30/2011 07:00 PM <JUNCTION> Templates [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [.]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Documents
08/30/2011 07:00 PM <JUNCTION> My Music [C:\Windows.old\Users\UpdatusUser\Music]
08/30/2011 07:00 PM <JUNCTION> My Pictures [C:\Windows.old\Users\UpdatusUser\Pictures]
08/30/2011 07:00 PM <JUNCTION> My Videos [C:\Windows.old\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [.]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\UpdatusUser\My Documents
08/30/2011 07:00 PM <JUNCTION> My Music [C:\Windows.old\Users\UpdatusUser\Music]
08/30/2011 07:00 PM <JUNCTION> My Pictures [C:\Windows.old\Users\UpdatusUser\Pictures]
08/30/2011 07:00 PM <JUNCTION> My Videos [C:\Windows.old\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Windows.old\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Windows.old\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Windows.old\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Windows.old\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [.]
07/14/2009 12:08 AM <JUNCTION> Favorites [.]
07/14/2009 12:08 AM <JUNCTION> Start Menu [.]
07/14/2009 12:08 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Application Data\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Roaming]
09/30/2011 05:06 PM <JUNCTION> Cookies [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies]
09/30/2011 05:06 PM <JUNCTION> Local Settings [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> My Documents [C:\Windows.old\Users\Dave\Documents]
09/30/2011 05:06 PM <JUNCTION> NetHood [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/30/2011 05:06 PM <JUNCTION> PrintHood [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/30/2011 05:06 PM <JUNCTION> Recent [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Recent]
09/30/2011 05:06 PM <JUNCTION> SendTo [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\SendTo]
09/30/2011 05:06 PM <JUNCTION> Start Menu [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu]
09/30/2011 05:06 PM <JUNCTION> Templates [C:\Windows.old\Users\Dave\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [.]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Documents
09/30/2011 05:06 PM <JUNCTION> My Music [C:\Windows.old\Users\Dave\Music]
09/30/2011 05:06 PM <JUNCTION> My Pictures [C:\Windows.old\Users\Dave\Pictures]
09/30/2011 05:06 PM <JUNCTION> My Videos [C:\Windows.old\Users\Dave\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [C:\Windows.old\Users\Dave\AppData\Local]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
09/30/2011 05:06 PM <JUNCTION> Application Data [.]
09/30/2011 05:06 PM <JUNCTION> History [C:\Windows.old\Users\Dave\AppData\Local\Microsoft\Windows\History]
09/30/2011 05:06 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Dave\My Documents
09/30/2011 05:06 PM <JUNCTION> My Music [C:\Windows.old\Users\Dave\Music]
09/30/2011 05:06 PM <JUNCTION> My Pictures [C:\Windows.old\Users\Dave\Pictures]
09/30/2011 05:06 PM <JUNCTION> My Videos [C:\Windows.old\Users\Dave\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Windows.old\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\My Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Windows.old\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Windows.old\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:08 AM <JUNCTION> Application Data [.]
07/14/2009 12:08 AM <JUNCTION> History [.]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\My Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Windows.old\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Windows.old\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Windows.old\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Roaming]
08/30/2011 07:00 PM <JUNCTION> Cookies [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
08/30/2011 07:00 PM <JUNCTION> Local Settings [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> My Documents [C:\Windows.old\Users\UpdatusUser\Documents]
08/30/2011 07:00 PM <JUNCTION> NetHood [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/30/2011 07:00 PM <JUNCTION> PrintHood [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/30/2011 07:00 PM <JUNCTION> Recent [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
08/30/2011 07:00 PM <JUNCTION> SendTo [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
08/30/2011 07:00 PM <JUNCTION> Start Menu [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
08/30/2011 07:00 PM <JUNCTION> Templates [C:\Windows.old\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [.]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Documents
08/30/2011 07:00 PM <JUNCTION> My Music [C:\Windows.old\Users\UpdatusUser\Music]
08/30/2011 07:00 PM <JUNCTION> My Pictures [C:\Windows.old\Users\UpdatusUser\Pictures]
08/30/2011 07:00 PM <JUNCTION> My Videos [C:\Windows.old\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [C:\Windows.old\Users\UpdatusUser\AppData\Local]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
08/30/2011 07:00 PM <JUNCTION> Application Data [.]
08/30/2011 07:00 PM <JUNCTION> History [C:\Windows.old\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
08/30/2011 07:00 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\UpdatusUser\My Documents
08/30/2011 07:00 PM <JUNCTION> My Music [C:\Windows.old\Users\UpdatusUser\Music]
08/30/2011 07:00 PM <JUNCTION> My Pictures [C:\Windows.old\Users\UpdatusUser\Pictures]
08/30/2011 07:00 PM <JUNCTION> My Videos [C:\Windows.old\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
1168 Dir(s) 492,257,185,792 bytes free

< End of report >
  • 0

#7
godawgs
Posted 21 February 2014 - 12:37 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Well that cleared the main zero access infection and a bunch of other rubbish. Let's continue on.


Step-1.

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "ww.google.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: " http://www.google.co...ogle Search&q="
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/17 19:20:08 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • When the Show Home button checkbox is selected, a web address appears below it.
  • Click Change link and change the sweetpacks entry to a new address, like http://www.google.com.
  • Finally, once you are satisfied with your new setting, click on the OK button.

Delete a Google Chrome extension:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any of the following entries, or any variation:
    Updater By SweetPacks
    We-Care.com Reminder
    AVG Security Toolbar
  • If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please Don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you had any problems uninstalling Sidebar or resetting the chrome entries
2. The OTL fixes log
3. The AdwCleaner[R0].txt log
4. The FSS.txt log
  • 0

#8
trusty
Posted 21 February 2014 - 01:57 PM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, there were no issues removing the windows sidebar, but after setting the google chrome homepage to http://www.google.com/, my homepage is still the sweetpacks search. Not only that, but instead of 1 opening tab on start up, it opened 5 tabs:

2 start.speetpack tabs(http://start.sweetpa...?barid=&src=10)

1 avg search (http://isearch.avg.c...avg&sg=0&sap=hp)

2 home.sweetim tabs (http://home.sweetim....?barid=&src=10)

OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "ww.google.com" removed from browser.startup.homepage
Prefs.js: " http://www.google.co...ogle Search&q=" removed from sweetim.toolbar.previous.keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dave\Downloads\cmd.bat deleted successfully.
C:\Users\Dave\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 32433 bytes
->Temporary Internet Files folder emptied: 2774863 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4318372 bytes
->Google Chrome cache emptied: 16801914 bytes
->Flash cache emptied: 597 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02212014_143236

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


AdwCleaner


# AdwCleaner v3.019 - Report created 21/02/2014 at 14:43:55
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\user.js
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files (x86)\Coupon Companion
Folder Found C:\Program Files (x86)\NCH Software
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\Program Files\Updater By SweetPacks
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Users\Dave\AppData\Local\apn
Folder Found C:\Users\Dave\AppData\Local\AVG Secure Search
Folder Found C:\Users\Dave\AppData\Local\Coupon Companion
Folder Found C:\Users\Dave\AppData\Local\PackageAware
Folder Found C:\Users\Dave\AppData\Local\TempDir
Folder Found C:\Users\Dave\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Dave\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\Dave\AppData\Roaming\NCH Software
Folder Found C:\Users\Dave\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\wnlt
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\wnlt
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.sweetpacks-search.com/?barid=&src=97&crg=3.5000006.10043&st=23&st=23");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", " hxxp://www.google.co.in/search?btnG=Google+Search&q=");
Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={4A6880D0-C0BD-11E2-8BDA-50E54930AC42}");
Line Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10814 octets] - [21/02/2014 14:43:02]
AdwCleaner[R1].txt - [10657 octets] - [21/02/2014 14:43:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10718 octets] ##########


Farbar Service Scanner


Farbar Service Scanner Version: 16-02-2014
Ran by Dave (administrator) on 21-02-2014 at 14:50:03
Running from "C:\Users\Dave\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#9
godawgs
Posted 21 February 2014 - 10:32 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the information. Let's see what this does. Let me know how the computer is behaving after this round.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Before running Steps 3 and 4 please disable any screen saver you have running.


Step-3.

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step-4.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-5.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The MalwareBytes log
4. The ESET scan log (IF ot found anything). If it didn't just let me know.
5. The checkup.txt log
  • 0

#10
trusty
Posted 25 February 2014 - 12:10 PM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Just posting in here to keep this thread active, the malware bytes scan and the eset scan take a huge chunk of time and my computer kept going to sleep. I got malwarebytes scan completed so now i'm just waiting on eset scan!
  • 0

Advertisements

#11
godawgs
Posted 01 March 2014 - 12:20 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
godawgs
Posted 04 March 2014 - 10:18 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#13
trusty
Posted 05 March 2014 - 10:34 AM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
# AdwCleaner v3.019 - Report created 24/02/2014 at 21:43:26
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Coupon Companion
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Dave\AppData\Local\apn
Folder Deleted : C:\Users\Dave\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dave\AppData\Local\Coupon Companion
Folder Deleted : C:\Users\Dave\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dave\AppData\Local\TempDir
Folder Deleted : C:\Users\Dave\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dave\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Dave\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Dave\AppData\Roaming\OpenCandy
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\5149eg5r.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.sweetpacks-search.com/?barid=&src=97&crg=3.5000006.10043&st=23&st=23");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", " hxxp://www.google.co.in/search?btnG=Google+Search&q=");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={4A6880D0-C0BD-11E2-8BDA-50E54930AC42}");
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10814 octets] - [21/02/2014 14:43:02]
AdwCleaner[R1].txt - [10875 octets] - [21/02/2014 14:43:55]
AdwCleaner[R2].txt - [10936 octets] - [24/02/2014 21:42:48]
AdwCleaner[S0].txt - [10801 octets] - [24/02/2014 21:43:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10862 octets] ##########


JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dave on Mon 02/24/2014 at 21:47:05.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3113028246-842292649-213859181-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\Dave\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{D1161C40-E193-4F29-BC77-B5824508DFF9}



~~~ FireFox

Emptied folder: C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\5149eg5r.default\minidumps [471 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/24/2014 at 21:52:03.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


MBAM



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Dave :: DAVE-PC [administrator]

2/24/2014 10:56:47 PM
mbam-log-2014-02-24 (22-56-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 736553
Time elapsed: 2 hour(s), 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Dave\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Dave\Downloads\PowerISO5-x64.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)


ESET Scan

C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillion.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v1.11.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\uninst.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\vpsetup_v2.41.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Roaming\OpenCandy\5A40596387C945568F56B241B02A6B8D\OCBrowserHelper_1.0.3.85.dll.vir a variant of Win32/OpenCandy.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Roaming\OpenCandy\5A40596387C945568F56B241B02A6B8D\WeCare_ASPCA_ALL_p27v2.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application
C:\Program Files (x86)\Sins of a Solar Empire Rebellion\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Program Files (x86)\Ubisoft\Assassin's Creed III\ubiorbitapi_r2_loader.dll a variant of Win32/Packed.VMProtect.AAD trojan
C:\Users\Dave\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\Users\Dave\Downloads\PowerISO5-x64.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\Users\Dave\Downloads\FL Studio Producer Edition 11.0.0 Final - R2R [ChingLiu]\flstudio_11.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dave\Downloads\Sins.of.a.Solar.Empire.Rebellion-RELOADED\rld-soaser.iso a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application
  • 0

#14
trusty
Posted 05 March 2014 - 10:39 AM

trusty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
checkup txt

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
JavaFX 2.0.3 SDK
Java 7 Update 25
Java™ SE Development Kit 7 Update 3
Java version out of Date!
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#15
godawgs
Posted 05 March 2014 - 11:44 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Please let me know if the Chrome browser is still opening up to Sweetpacks and if there are still 5 tabs opening up.
Also, has the stij.exe process gone away. Has the issue with streaming videos gotten any better?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP