Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU usage - winrscmde


  • This topic is locked This topic is locked
21 replies to this topic

#1 Hikerace

Hikerace

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 March 2013 - 05:09 AM

I have high cpu usage from winrcsmde. From other posts I have read this could be malware but not sure. Would like assistance checking this issue out and steps to remove if needed.

 

Thank you.

 

Below is the DDS.txt info;

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Rose at 1:38:28 on 2013-03-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.1109 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SelectionLinksBHO Class: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Epson Stylus NX510(Network)] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_SEACB.tmp" /EF "HKCU"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Rose\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D611E530-62DA-47AB-B75B-DDC24C92F5F1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D611E530-62DA-47AB-B75B-DDC24C92F5F1}\7425343454D607C6F697565675962756C6563737 : DHCPNameServer = 10.18.0.67
TCP: Interfaces\{D611E530-62DA-47AB-B75B-DDC24C92F5F1}\84F4D454D213332483 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-10-30 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-13 1388120]
R1 ccHP;Symantec Hash Provider;C:\windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130301.002\IDSviA64.sys [2013-3-2 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2010-10-30 14112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-6-19 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-6-19 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-19 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-28 1255736]
.
=============== Created Last 30 ================
.
2013-03-05 08:54:56 -------- d-----w- C:\Users\Rose\AppData\Roaming\Tific
2013-03-04 02:35:58 20480 ----a-w- C:\windows\svchost.exe
2013-03-04 02:33:17 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CAD8.tmp
2013-03-04 02:33:17 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CAC8.tmp
2013-02-14 13:14:03 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-02-14 13:14:02 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-02-14 13:14:02 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-02-14 13:14:02 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-02-14 13:14:02 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-02-14 13:14:01 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-02-14 05:13:00 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 05:13:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:31:59 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-02-14 02:31:57 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-02-14 02:31:56 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:31:55 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:28:19 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-02-14 02:28:18 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M  ====================
.
2013-02-27 12:21:21 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 12:21:21 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
.
============= FINISH:  1:40:33.41 ===============

 

Attached File  attach.txt   11.66KB   0 downloads
 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:24 PM

Posted 05 March 2013 - 06:09 AM

Hello Hikerace ! Welcome to BleepingComputer Forums:welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL4. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Regards,
Georgi

 


cXfZ4wS.png


#3 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 March 2013 - 11:59 AM

Hi Georgi, Thank you for assisting me. Here is the report you requested;

 

08:30:02.0176 4068  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:30:04.0178 4068  ============================================================
08:30:04.0179 4068  Current date / time: 2013/03/05 08:30:04.0178
08:30:04.0179 4068  SystemInfo:
08:30:04.0179 4068 
08:30:04.0179 4068  OS Version: 6.1.7601 ServicePack: 1.0
08:30:04.0179 4068  Product type: Workstation
08:30:04.0179 4068  ComputerName: ROSE-LAPTOP
08:30:04.0180 4068  UserName: Rose
08:30:04.0180 4068  Windows directory: C:\windows
08:30:04.0180 4068  System windows directory: C:\windows
08:30:04.0180 4068  Running under WOW64
08:30:04.0180 4068  Processor architecture: Intel x64
08:30:04.0180 4068  Number of processors: 1
08:30:04.0180 4068  Page size: 0x1000
08:30:04.0180 4068  Boot type: Normal boot
08:30:04.0180 4068  ============================================================
08:30:06.0665 4068  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:30:06.0696 4068  ============================================================
08:30:06.0696 4068  \Device\Harddisk0\DR0:
08:30:06.0712 4068  MBR partitions:
08:30:06.0712 4068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800
08:30:06.0712 4068  ============================================================
08:30:06.0774 4068  C: <-> \Device\Harddisk0\DR0\Partition1
08:30:06.0774 4068  ============================================================
08:30:06.0774 4068  Initialize success
08:30:06.0774 4068  ============================================================
08:33:29.0850 4496  ============================================================
08:33:29.0850 4496  Scan started
08:33:29.0850 4496  Mode: Manual; SigCheck; TDLFS;
08:33:29.0850 4496  ============================================================
08:33:34.0998 4496  ================ Scan system memory ========================
08:33:34.0998 4496  System memory - ok
08:33:34.0998 4496  ================ Scan services =============================
08:33:42.0002 4496  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
08:33:52.0657 4496  1394ohci - ok
08:33:52.0751 4496  24696867 - ok
08:33:52.0876 4496  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
08:33:52.0922 4496  ACPI - ok
08:33:53.0047 4496  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
08:33:53.0656 4496  AcpiPmi - ok
08:33:56.0105 4496  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:33:56.0323 4496  AdobeFlashPlayerUpdateSvc - ok
08:33:56.0479 4496  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
08:33:56.0542 4496  adp94xx - ok
08:33:56.0635 4496  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
08:33:56.0682 4496  adpahci - ok
08:33:56.0854 4496  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
08:33:56.0900 4496  adpu320 - ok
08:33:57.0010 4496  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
08:33:57.0431 4496  AeLookupSvc - ok
08:33:57.0556 4496  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
08:33:57.0649 4496  AFD - ok
08:33:57.0743 4496  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
08:33:57.0790 4496  agp440 - ok
08:33:57.0914 4496  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
08:33:58.0070 4496  ALG - ok
08:33:58.0133 4496  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
08:33:58.0180 4496  aliide - ok
08:33:58.0226 4496  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
08:33:58.0242 4496  amdide - ok
08:33:58.0351 4496  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
08:33:58.0476 4496  AmdK8 - ok
08:33:58.0570 4496  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
08:33:58.0694 4496  AmdPPM - ok
08:33:58.0757 4496  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
08:33:58.0804 4496  amdsata - ok
08:33:58.0835 4496  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
08:33:58.0866 4496  amdsbs - ok
08:33:58.0882 4496  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
08:33:58.0913 4496  amdxata - ok
08:33:58.0960 4496  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
08:33:59.0209 4496  AppID - ok
08:33:59.0256 4496  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
08:33:59.0396 4496  AppIDSvc - ok
08:33:59.0521 4496  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
08:33:59.0599 4496  Appinfo - ok
08:33:59.0693 4496  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
08:33:59.0708 4496  arc - ok
08:33:59.0724 4496  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
08:33:59.0755 4496  arcsas - ok
08:33:59.0802 4496  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
08:33:59.0880 4496  AsyncMac - ok
08:33:59.0989 4496  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
08:34:00.0020 4496  atapi - ok
08:34:00.0145 4496  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\windows\system32\DRIVERS\athrx.sys
08:34:00.0239 4496  athr - ok
08:34:00.0520 4496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:34:00.0629 4496  AudioEndpointBuilder - ok
08:34:00.0769 4496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
08:34:00.0847 4496  AudioSrv - ok
08:34:00.0910 4496  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
08:34:01.0050 4496  AxInstSV - ok
08:34:01.0097 4496  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
08:34:01.0175 4496  b06bdrv - ok
08:34:01.0222 4496  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
08:34:01.0300 4496  b57nd60a - ok
08:34:01.0362 4496  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
08:34:01.0643 4496  BDESVC - ok
08:34:01.0690 4496  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
08:34:01.0783 4496  Beep - ok
08:34:01.0939 4496  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
08:34:02.0048 4496  BFE - ok
08:34:02.0485 4496  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
08:34:10.0223 4496  BHDrvx64 - ok
08:34:10.0769 4496  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
08:34:10.0909 4496  BITS - ok
08:34:11.0034 4496  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
08:34:11.0081 4496  blbdrive - ok
08:34:11.0143 4496  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
08:34:11.0268 4496  bowser - ok
08:34:11.0330 4496  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
08:34:11.0549 4496  BrFiltLo - ok
08:34:11.0580 4496  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
08:34:11.0627 4496  BrFiltUp - ok
08:34:11.0674 4496  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
08:34:11.0783 4496  Browser - ok
08:34:11.0861 4496  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
08:34:12.0001 4496  Brserid - ok
08:34:12.0048 4496  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
08:34:12.0126 4496  BrSerWdm - ok
08:34:12.0142 4496  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
08:34:12.0173 4496  BrUsbMdm - ok
08:34:12.0235 4496  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
08:34:12.0298 4496  BrUsbSer - ok
08:34:12.0376 4496  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
08:34:12.0438 4496  BTHMODEM - ok
08:34:12.0532 4496  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
08:34:12.0703 4496  bthserv - ok
08:34:13.0015 4496  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
08:34:13.0062 4496  ccHP - ok
08:34:13.0078 4496  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
08:34:13.0187 4496  cdfs - ok
08:34:13.0265 4496  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
08:34:13.0327 4496  cdrom - ok
08:34:13.0436 4496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
08:34:13.0561 4496  CertPropSvc - ok
08:34:13.0670 4496  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
08:34:13.0748 4496  circlass - ok
08:34:13.0795 4496  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
08:34:13.0842 4496  CLFS - ok
08:34:14.0154 4496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:14.0279 4496  clr_optimization_v2.0.50727_32 - ok
08:34:14.0528 4496  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:14.0575 4496  clr_optimization_v2.0.50727_64 - ok
08:34:14.0716 4496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:14.0762 4496  clr_optimization_v4.0.30319_32 - ok
08:34:14.0794 4496  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:14.0825 4496  clr_optimization_v4.0.30319_64 - ok
08:34:14.0872 4496  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
08:34:14.0903 4496  CmBatt - ok
08:34:14.0950 4496  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
08:34:14.0965 4496  cmdide - ok
08:34:15.0074 4496  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
08:34:15.0152 4496  CNG - ok
08:34:15.0402 4496  [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
08:34:30.0659 4496  CnxtHdAudService - ok
08:34:30.0706 4496  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
08:34:30.0721 4496  Compbatt - ok
08:34:30.0784 4496  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
08:34:30.0846 4496  CompositeBus - ok
08:34:30.0877 4496  COMSysApp - ok
08:34:30.0893 4496  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
08:34:30.0908 4496  crcdisk - ok
08:34:30.0971 4496  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
08:34:31.0049 4496  CryptSvc - ok
08:34:31.0111 4496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
08:34:31.0236 4496  DcomLaunch - ok
08:34:31.0298 4496  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
08:34:31.0423 4496  defragsvc - ok
08:34:31.0501 4496  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
08:34:31.0579 4496  DfsC - ok
08:34:31.0673 4496  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
08:34:31.0798 4496  Dhcp - ok
08:34:31.0844 4496  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
08:34:31.0969 4496  discache - ok
08:34:32.0050 4496  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
08:34:32.0073 4496  Disk - ok
08:34:32.0126 4496  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
08:34:32.0265 4496  Dnscache - ok
08:34:32.0308 4496  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
08:34:32.0411 4496  dot3svc - ok
08:34:32.0476 4496  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
08:34:32.0560 4496  DPS - ok
08:34:32.0710 4496  [ BB45013A0E6EC0F39BE4EF663FF2E993 ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
08:34:32.0760 4496  DragonSvc - ok
08:34:32.0829 4496  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
08:34:32.0902 4496  drmkaud - ok
08:34:32.0961 4496  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
08:34:33.0016 4496  DXGKrnl - ok
08:34:33.0064 4496  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
08:34:33.0135 4496  EapHost - ok
08:34:33.0452 4496  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
08:34:33.0631 4496  ebdrv - ok
08:34:33.0745 4496  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:35:15.0660 4496  eeCtrl - ok
08:35:15.0714 4496  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
08:35:15.0940 4496  EFS - ok
08:35:16.0195 4496  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
08:35:16.0427 4496  ehRecvr - ok
08:35:16.0529 4496  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
08:35:16.0753 4496  ehSched - ok
08:35:16.0819 4496  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
08:35:16.0880 4496  elxstor - ok
08:35:16.0947 4496  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
08:35:17.0026 4496  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
08:35:17.0026 4496  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
08:35:17.0099 4496  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:35:45.0671 4496  EraserUtilRebootDrv - ok
08:35:45.0702 4496  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
08:35:46.0155 4496  ErrDev - ok
08:35:46.0233 4496  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
08:35:46.0326 4496  EventSystem - ok
08:35:46.0373 4496  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
08:35:46.0436 4496  exfat - ok
08:35:46.0451 4496  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
08:35:46.0545 4496  fastfat - ok
08:35:46.0670 4496  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
08:35:46.0794 4496  Fax - ok
08:35:46.0841 4496  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
08:35:46.0872 4496  fdc - ok
08:35:46.0919 4496  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
08:35:46.0966 4496  fdPHost - ok
08:35:46.0982 4496  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
08:35:47.0060 4496  FDResPub - ok
08:35:47.0106 4496  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
08:35:47.0138 4496  FileInfo - ok
08:35:47.0153 4496  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
08:35:47.0247 4496  Filetrace - ok
08:35:47.0294 4496  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
08:35:47.0325 4496  flpydisk - ok
08:35:47.0403 4496  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
08:35:47.0434 4496  FltMgr - ok
08:35:47.0543 4496  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
08:35:47.0621 4496  FontCache - ok
08:35:47.0746 4496  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:35:47.0793 4496  FontCache3.0.0.0 - ok
08:35:47.0855 4496  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
08:35:47.0902 4496  FsDepends - ok
08:35:47.0918 4496  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
08:35:47.0949 4496  Fs_Rec - ok
08:35:48.0027 4496  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
08:35:48.0074 4496  fvevol - ok
08:35:48.0198 4496  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
08:35:48.0854 4496  FwLnk - ok
08:35:48.0947 4496  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
08:35:48.0978 4496  gagp30kx - ok
08:35:49.0088 4496  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:35:49.0119 4496  GEARAspiWDM - ok
08:35:49.0212 4496  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
08:35:49.0337 4496  gpsvc - ok
08:35:49.0602 4496  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:35:49.0634 4496  gupdate - ok
08:35:49.0696 4496  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:35:49.0743 4496  gupdatem - ok
08:35:49.0821 4496  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:35:50.0102 4496  gusvc - ok
08:35:50.0180 4496  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
08:35:50.0258 4496  hcw85cir - ok
08:35:50.0382 4496  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:35:50.0460 4496  HdAudAddService - ok
08:35:50.0507 4496  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
08:35:50.0585 4496  HDAudBus - ok
08:35:50.0632 4496  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
08:35:50.0663 4496  HidBatt - ok
08:35:50.0694 4496  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
08:35:50.0726 4496  HidBth - ok
08:35:50.0772 4496  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
08:35:50.0866 4496  HidIr - ok
08:35:50.0897 4496  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
08:35:50.0975 4496  hidserv - ok
08:35:51.0038 4496  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
08:35:51.0100 4496  HidUsb - ok
08:35:51.0162 4496  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
08:35:51.0287 4496  hkmsvc - ok
08:35:51.0365 4496  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:35:51.0443 4496  HomeGroupListener - ok
08:35:51.0506 4496  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:35:51.0552 4496  HomeGroupProvider - ok
08:35:51.0662 4496  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
08:35:51.0724 4496  HpSAMD - ok
08:35:51.0880 4496  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
08:35:51.0989 4496  HTTP - ok
08:35:52.0052 4496  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
08:35:52.0083 4496  hwpolicy - ok
08:35:52.0145 4496  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
08:35:52.0176 4496  i8042prt - ok
08:35:52.0286 4496  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
08:36:11.0630 4496  iaStor - ok
08:36:11.0786 4496  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
08:36:11.0973 4496  iaStorV - ok
08:36:12.0113 4496  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:36:12.0207 4496  IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:36:12.0207 4496  IDriverT - detected UnsignedFile.Multi.Generic (1)
08:36:12.0269 4496  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:36:12.0332 4496  idsvc - ok
08:36:12.0441 4496  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130301.002\IDSvia64.sys
08:36:32.0658 4496  IDSVia64 - ok
08:36:32.0939 4496  [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
08:36:33.0532 4496  igfx - ok
08:36:33.0579 4496  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
08:36:33.0594 4496  iirsp - ok
08:36:33.0672 4496  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
08:36:33.0828 4496  IKEEXT - ok
08:36:33.0860 4496  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
08:36:33.0875 4496  intelide - ok
08:36:33.0922 4496  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
08:36:34.0016 4496  intelppm - ok
08:36:34.0078 4496  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
08:36:34.0156 4496  IPBusEnum - ok
08:36:34.0203 4496  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
08:36:34.0281 4496  IpFilterDriver - ok
08:36:34.0343 4496  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
08:36:34.0452 4496  iphlpsvc - ok
08:36:34.0515 4496  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
08:36:34.0608 4496  IPMIDRV - ok
08:36:34.0671 4496  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
08:36:34.0827 4496  IPNAT - ok
08:36:34.0889 4496  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
08:36:35.0061 4496  IRENUM - ok
08:36:35.0092 4496  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
08:36:35.0123 4496  isapnp - ok
08:36:35.0186 4496  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
08:36:35.0217 4496  iScsiPrt - ok
08:36:35.0264 4496  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
08:36:35.0295 4496  kbdclass - ok
08:36:35.0342 4496  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
08:36:35.0388 4496  kbdhid - ok
08:36:35.0420 4496  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
08:36:35.0466 4496  KeyIso - ok
08:36:35.0513 4496  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
08:36:35.0560 4496  KSecDD - ok
08:36:35.0607 4496  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
08:36:35.0654 4496  KSecPkg - ok
08:36:35.0700 4496  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
08:36:35.0763 4496  ksthunk - ok
08:36:35.0810 4496  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
08:36:35.0997 4496  KtmRm - ok
08:36:36.0044 4496  [ 48686C29856F46443952A831424F8D6F ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
08:36:56.0612 4496  L1C - ok
08:36:56.0684 4496  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
08:36:56.0756 4496  LanmanServer - ok
08:36:56.0796 4496  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:36:56.0873 4496  LanmanWorkstation - ok
08:36:56.0934 4496  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
08:36:57.0003 4496  lltdio - ok
08:36:57.0051 4496  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
08:36:57.0141 4496  lltdsvc - ok
08:36:57.0168 4496  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
08:36:57.0221 4496  lmhosts - ok
08:36:57.0251 4496  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
08:36:57.0276 4496  LSI_FC - ok
08:36:57.0302 4496  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
08:36:57.0327 4496  LSI_SAS - ok
08:36:57.0349 4496  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
08:36:57.0374 4496  LSI_SAS2 - ok
08:36:57.0398 4496  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
08:36:57.0424 4496  LSI_SCSI - ok
08:36:57.0450 4496  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
08:36:57.0508 4496  luafv - ok
08:36:57.0560 4496  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
08:36:57.0660 4496  Mcx2Svc - ok
08:36:57.0695 4496  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
08:36:57.0718 4496  megasas - ok
08:36:57.0747 4496  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
08:36:57.0775 4496  MegaSR - ok
08:36:57.0850 4496  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
08:36:57.0914 4496  MMCSS - ok
08:36:57.0933 4496  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
08:36:57.0991 4496  Modem - ok
08:36:58.0035 4496  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
08:36:58.0069 4496  monitor - ok
08:36:58.0134 4496  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
08:36:58.0157 4496  mouclass - ok
08:36:58.0195 4496  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
08:36:58.0238 4496  mouhid - ok
08:36:58.0283 4496  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
08:36:58.0307 4496  mountmgr - ok
08:36:58.0357 4496  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
08:36:58.0388 4496  mpio - ok
08:36:58.0458 4496  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
08:36:58.0507 4496  mpsdrv - ok
08:36:58.0569 4496  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
08:36:58.0708 4496  MpsSvc - ok
08:36:58.0768 4496  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
08:36:58.0832 4496  MRxDAV - ok
08:36:58.0876 4496  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
08:36:58.0940 4496  mrxsmb - ok
08:36:58.0988 4496  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
08:36:59.0039 4496  mrxsmb10 - ok
08:36:59.0076 4496  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
08:36:59.0110 4496  mrxsmb20 - ok
08:36:59.0158 4496  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
08:36:59.0181 4496  msahci - ok
08:36:59.0202 4496  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
08:36:59.0235 4496  msdsm - ok
08:36:59.0274 4496  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
08:36:59.0325 4496  MSDTC - ok
08:36:59.0378 4496  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
08:36:59.0426 4496  Msfs - ok
08:36:59.0460 4496  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
08:36:59.0520 4496  mshidkmdf - ok
08:36:59.0564 4496  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
08:36:59.0586 4496  msisadrv - ok
08:36:59.0677 4496  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
08:36:59.0785 4496  MSiSCSI - ok
08:36:59.0801 4496  msiserver - ok
08:36:59.0864 4496  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
08:36:59.0927 4496  MSKSSRV - ok
08:36:59.0961 4496  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
08:37:00.0027 4496  MSPCLOCK - ok
08:37:00.0057 4496  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
08:37:00.0112 4496  MSPQM - ok
08:37:00.0161 4496  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
08:37:00.0193 4496  MsRPC - ok
08:37:00.0236 4496  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
08:37:00.0259 4496  mssmbios - ok
08:37:00.0291 4496  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
08:37:00.0352 4496  MSTEE - ok
08:37:00.0370 4496  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
08:37:00.0417 4496  MTConfig - ok
08:37:00.0457 4496  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
08:37:00.0486 4496  Mup - ok
08:37:00.0844 4496  [ B4187346F54E362DAFFE647B25A58D50 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
08:37:16.0630 4496  N360 - ok
08:37:16.0719 4496  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
08:37:16.0997 4496  napagent - ok
08:37:17.0101 4496  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
08:37:17.0171 4496  NativeWifiP - ok
08:37:17.0326 4496  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130304.048\ENG64.SYS
08:37:17.0370 4496  NAVENG - ok
08:37:17.0519 4496  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130304.048\EX64.SYS
08:37:17.0575 4496  NAVEX15 - ok
08:37:17.0755 4496  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
08:37:17.0842 4496  NDIS - ok
08:37:17.0915 4496  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
08:37:18.0162 4496  NdisCap - ok
08:37:18.0198 4496  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
08:37:18.0265 4496  NdisTapi - ok
08:37:18.0309 4496  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
08:37:18.0565 4496  Ndisuio - ok
08:37:18.0828 4496  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
08:37:19.0020 4496  NdisWan - ok
08:37:19.0069 4496  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
08:37:19.0161 4496  NDProxy - ok
08:37:19.0253 4496  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
08:37:19.0387 4496  NetBIOS - ok
08:37:19.0437 4496  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
08:37:19.0561 4496  NetBT - ok
08:37:19.0608 4496  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
08:37:19.0643 4496  Netlogon - ok
08:37:19.0686 4496  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
08:37:19.0815 4496  Netman - ok
08:37:19.0934 4496  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
08:37:20.0029 4496  netprofm - ok
08:37:20.0074 4496  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:37:25.0604 4496  NetTcpPortSharing - ok
08:37:25.0711 4496  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
08:37:25.0778 4496  nfrd960 - ok
08:37:25.0873 4496  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
08:37:26.0915 4496  NlaSvc - ok
08:37:26.0951 4496  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
08:37:27.0019 4496  Npfs - ok
08:37:27.0049 4496  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
08:37:27.0149 4496  nsi - ok
08:37:27.0204 4496  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
08:37:27.0383 4496  nsiproxy - ok
08:37:27.0500 4496  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
08:37:27.0707 4496  Ntfs - ok
08:37:27.0765 4496  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
08:37:27.0835 4496  Null - ok
08:37:27.0871 4496  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
08:37:27.0901 4496  nvraid - ok
08:37:27.0959 4496  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
08:37:27.0987 4496  nvstor - ok
08:37:28.0044 4496  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
08:37:28.0093 4496  nv_agp - ok
08:37:28.0120 4496  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
08:37:28.0159 4496  ohci1394 - ok
08:37:28.0350 4496  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:37:28.0429 4496  ose - ok
08:37:28.0652 4496  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:37:28.0871 4496  osppsvc - ok
08:37:28.0931 4496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
08:37:29.0013 4496  p2pimsvc - ok
08:37:29.0047 4496  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
08:37:29.0087 4496  p2psvc - ok
08:37:29.0119 4496  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
08:37:29.0151 4496  Parport - ok
08:37:29.0193 4496  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
08:37:29.0218 4496  partmgr - ok
08:37:29.0249 4496  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
08:37:29.0292 4496  PcaSvc - ok
08:37:29.0338 4496  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
08:37:29.0370 4496  pci - ok
08:37:29.0390 4496  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
08:37:29.0413 4496  pciide - ok
08:37:29.0445 4496  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
08:37:29.0474 4496  pcmcia - ok
08:37:29.0502 4496  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
08:37:29.0526 4496  pcw - ok
08:37:29.0549 4496  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
08:37:29.0626 4496  PEAUTH - ok
08:37:29.0710 4496  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
08:37:29.0842 4496  PerfHost - ok
08:37:29.0925 4496  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
08:37:30.0059 4496  pla - ok
08:37:30.0159 4496  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
08:37:30.0228 4496  PlugPlay - ok
08:37:30.0264 4496  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
08:37:30.0339 4496  PNRPAutoReg - ok
08:37:30.0365 4496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
08:37:30.0479 4496  PNRPsvc - ok
08:37:30.0530 4496  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
08:37:30.0729 4496  PolicyAgent - ok
08:37:30.0778 4496  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
08:37:30.0879 4496  Power - ok
08:37:30.0946 4496  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
08:37:31.0000 4496  PptpMiniport - ok
08:37:31.0033 4496  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
08:37:31.0096 4496  Processor - ok
08:37:31.0158 4496  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
08:37:31.0208 4496  ProfSvc - ok
08:37:31.0238 4496  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
08:37:31.0272 4496  ProtectedStorage - ok
08:37:31.0325 4496  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
08:37:31.0395 4496  Psched - ok
08:37:31.0456 4496  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
08:37:31.0509 4496  ql2300 - ok
08:37:31.0529 4496  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
08:37:31.0565 4496  ql40xx - ok
08:37:31.0604 4496  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
08:37:31.0669 4496  QWAVE - ok
08:37:31.0695 4496  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
08:37:31.0753 4496  QWAVEdrv - ok
08:37:31.0793 4496  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
08:37:31.0863 4496  RasAcd - ok
08:37:31.0898 4496  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
08:37:31.0954 4496  RasAgileVpn - ok
08:37:31.0986 4496  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
08:37:32.0144 4496  RasAuto - ok
08:37:32.0200 4496  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
08:37:32.0276 4496  Rasl2tp - ok
08:37:32.0327 4496  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
08:37:32.0421 4496  RasMan - ok
08:37:32.0466 4496  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
08:37:32.0622 4496  RasPppoe - ok
08:37:32.0678 4496  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
08:37:32.0751 4496  RasSstp - ok
08:37:32.0812 4496  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
08:37:32.0897 4496  rdbss - ok
08:37:32.0943 4496  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
08:37:32.0995 4496  rdpbus - ok
08:37:33.0029 4496  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
08:37:33.0084 4496  RDPCDD - ok
08:37:33.0135 4496  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
08:37:33.0202 4496  RDPENCDD - ok
08:37:33.0233 4496  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
08:37:33.0293 4496  RDPREFMP - ok
08:37:33.0334 4496  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
08:37:33.0400 4496  RDPWD - ok
08:37:33.0472 4496  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
08:37:33.0506 4496  rdyboost - ok
08:37:33.0554 4496  [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi            C:\windows\system32\drivers\regi.sys
08:37:33.0581 4496  regi - ok
08:37:33.0611 4496  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
08:37:33.0712 4496  RemoteAccess - ok
08:37:33.0744 4496  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
08:37:33.0846 4496  RemoteRegistry - ok
08:37:33.0877 4496  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
08:37:33.0954 4496  RpcEptMapper - ok
08:37:34.0000 4496  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
08:37:34.0082 4496  RpcLocator - ok
08:37:34.0169 4496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
08:37:34.0236 4496  RpcSs - ok
08:37:34.0327 4496  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
08:37:34.0468 4496  rspndr - ok
08:37:34.0542 4496  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
08:37:34.0570 4496  RSUSBSTOR - ok
08:37:34.0606 4496  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
08:37:34.0660 4496  SamSs - ok
08:37:34.0698 4496  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
08:37:34.0724 4496  sbp2port - ok
08:37:34.0757 4496  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
08:37:34.0841 4496  SCardSvr - ok
08:37:34.0885 4496  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
08:37:34.0953 4496  scfilter - ok
08:37:35.0016 4496  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
08:37:35.0127 4496  Schedule - ok
08:37:35.0169 4496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
08:37:35.0214 4496  SCPolicySvc - ok
08:37:35.0261 4496  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
08:37:35.0348 4496  SDRSVC - ok
08:37:35.0398 4496  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
08:37:35.0468 4496  secdrv - ok
08:37:35.0512 4496  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
08:37:35.0583 4496  seclogon - ok
08:37:35.0662 4496  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
08:37:41.0025 4496  SENS - ok
08:37:41.0075 4496  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
08:37:41.0165 4496  SensrSvc - ok
08:37:41.0199 4496  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
08:37:41.0239 4496  Serenum - ok
08:37:41.0278 4496  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
08:37:41.0342 4496  Serial - ok
08:37:41.0361 4496  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
08:37:41.0431 4496  sermouse - ok
08:37:41.0497 4496  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
08:37:41.0596 4496  SessionEnv - ok
08:37:41.0647 4496  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
08:37:41.0765 4496  sffdisk - ok
08:37:41.0790 4496  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
08:37:41.0827 4496  sffp_mmc - ok
08:37:41.0845 4496  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
08:37:41.0886 4496  sffp_sd - ok
08:37:41.0918 4496  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
08:37:41.0947 4496  sfloppy - ok
08:37:41.0990 4496  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
08:37:42.0067 4496  SharedAccess - ok
08:37:42.0114 4496  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:37:42.0186 4496  ShellHWDetection - ok
08:37:42.0224 4496  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
08:37:42.0248 4496  SiSRaid2 - ok
08:37:42.0291 4496  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
08:37:42.0315 4496  SiSRaid4 - ok
08:37:42.0340 4496  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
08:37:42.0390 4496  Smb - ok
08:37:42.0470 4496  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
08:37:42.0524 4496  SNMPTRAP - ok
08:37:42.0553 4496  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
08:37:42.0576 4496  spldr - ok
08:37:42.0635 4496  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
08:37:42.0721 4496  Spooler - ok
08:37:42.0825 4496  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
08:37:43.0087 4496  sppsvc - ok
08:37:43.0126 4496  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
08:37:43.0229 4496  sppuinotify - ok
08:37:43.0333 4496  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
08:37:43.0375 4496  SRTSP - ok
08:37:43.0431 4496  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
08:37:43.0451 4496  SRTSPX - ok
08:37:43.0509 4496  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
08:37:43.0573 4496  srv - ok
08:37:43.0645 4496  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
08:37:43.0692 4496  srv2 - ok
08:37:43.0717 4496  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
08:37:43.0758 4496  srvnet - ok
08:37:43.0796 4496  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
08:37:43.0887 4496  SSDPSRV - ok
08:37:43.0922 4496  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
08:37:43.0971 4496  SstpSvc - ok
08:37:44.0013 4496  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
08:37:44.0041 4496  stexstor - ok
08:37:44.0093 4496  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
08:37:44.0170 4496  stisvc - ok
08:37:44.0220 4496  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
08:37:44.0247 4496  swenum - ok
08:37:44.0287 4496  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
08:37:44.0395 4496  swprv - ok
08:37:44.0459 4496  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
08:37:44.0517 4496  SymDS - ok
08:37:44.0585 4496  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
08:37:44.0703 4496  SymEFA - ok
08:37:44.0787 4496  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
08:37:44.0809 4496  SymEvent - ok
08:37:44.0870 4496  [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM           C:\windows\system32\DRIVERS\SymIMv.sys
08:37:44.0889 4496  SymIM - ok
08:37:44.0952 4496  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
08:37:44.0974 4496  SymIRON - ok
08:37:44.0999 4496  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
08:37:45.0028 4496  SYMTDIv - ok
08:37:45.0089 4496  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
08:37:45.0121 4496  SynTP - ok
08:37:45.0200 4496  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
08:37:45.0341 4496  SysMain - ok
08:37:45.0388 4496  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
08:37:45.0447 4496  TabletInputService - ok
08:37:45.0473 4496  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
08:37:45.0641 4496  TapiSrv - ok
08:37:45.0676 4496  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
08:37:45.0724 4496  TBS - ok
08:37:45.0812 4496  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
08:37:45.0874 4496  Tcpip - ok
08:37:45.0926 4496  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
08:37:45.0982 4496  TCPIP6 - ok
08:37:46.0043 4496  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
08:37:46.0084 4496  tcpipreg - ok
08:37:46.0145 4496  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
08:37:46.0166 4496  tdcmdpst - ok
08:37:46.0196 4496  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
08:37:46.0264 4496  TDPIPE - ok
08:37:46.0297 4496  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
08:37:46.0335 4496  TDTCP - ok
08:37:46.0401 4496  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
08:37:46.0456 4496  tdx - ok
08:37:46.0498 4496  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
08:37:46.0521 4496  TermDD - ok
08:37:46.0567 4496  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
08:37:46.0643 4496  TermService - ok
08:37:46.0694 4496  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
08:37:46.0735 4496  Themes - ok
08:37:46.0780 4496  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
08:37:46.0834 4496  THREADORDER - ok
08:37:46.0952 4496  [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:37:47.0004 4496  TMachInfo - ok
08:37:47.0037 4496  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
08:37:47.0061 4496  TODDSrv - ok
08:37:47.0156 4496  [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:37:47.0195 4496  TosCoSrv - ok
08:37:47.0268 4496  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:37:47.0295 4496  TOSHIBA HDD SSD Alert Service - ok
08:37:47.0338 4496  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
08:37:47.0367 4496  tos_sps64 - ok
08:37:47.0420 4496  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
08:37:47.0493 4496  TrkWks - ok
08:37:47.0584 4496  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:37:47.0656 4496  TrustedInstaller - ok
08:37:47.0710 4496  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
08:37:47.0768 4496  tssecsrv - ok
08:37:47.0834 4496  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
08:37:47.0875 4496  TsUsbFlt - ok
08:37:47.0944 4496  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
08:37:48.0011 4496  tunnel - ok
08:37:48.0058 4496  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:37:48.0093 4496  TVALZ - ok
08:37:48.0126 4496  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
08:37:48.0150 4496  uagp35 - ok
08:37:48.0199 4496  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
08:37:48.0324 4496  udfs - ok
08:37:48.0378 4496  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
08:37:48.0432 4496  UI0Detect - ok
08:37:48.0479 4496  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
08:37:48.0503 4496  uliagpkx - ok
08:37:48.0575 4496  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
08:37:48.0631 4496  umbus - ok
08:37:48.0694 4496  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
08:37:48.0730 4496  UmPass - ok
08:37:48.0801 4496  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
08:37:49.0056 4496  upnphost - ok
08:37:49.0090 4496  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
08:37:49.0153 4496  usbccgp - ok
08:37:49.0215 4496  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
08:37:49.0263 4496  usbcir - ok
08:37:49.0293 4496  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
08:37:49.0328 4496  usbehci - ok
08:37:49.0355 4496  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
08:37:49.0414 4496  usbhub - ok
08:37:49.0439 4496  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
08:37:49.0463 4496  usbohci - ok
08:37:49.0501 4496  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
08:37:49.0544 4496  usbprint - ok
08:37:49.0570 4496  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
08:37:49.0650 4496  USBSTOR - ok
08:37:49.0706 4496  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
08:37:49.0762 4496  usbuhci - ok
08:37:49.0805 4496  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
08:37:49.0834 4496  usbvideo - ok
08:37:49.0867 4496  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
08:37:49.0935 4496  UxSms - ok
08:37:49.0962 4496  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
08:37:50.0024 4496  VaultSvc - ok
08:37:50.0052 4496  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
08:37:50.0077 4496  vdrvroot - ok
08:37:50.0135 4496  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
08:37:50.0250 4496  vds - ok
08:37:50.0287 4496  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
08:37:50.0315 4496  vga - ok
08:37:50.0342 4496  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
08:37:50.0414 4496  VgaSave - ok
08:37:50.0465 4496  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
08:37:50.0497 4496  vhdmp - ok
08:37:50.0545 4496  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
08:37:50.0570 4496  viaide - ok
08:37:50.0628 4496  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
08:37:50.0666 4496  volmgr - ok
08:37:50.0721 4496  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
08:37:50.0764 4496  volmgrx - ok
08:37:50.0790 4496  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
08:37:50.0829 4496  volsnap - ok
08:37:50.0875 4496  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
08:37:50.0901 4496  vsmraid - ok
08:37:50.0965 4496  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
08:37:51.0071 4496  VSS - ok
08:37:51.0096 4496  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
08:37:51.0137 4496  vwifibus - ok
08:37:51.0185 4496  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
08:37:51.0215 4496  vwififlt - ok
08:37:51.0259 4496  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
08:37:51.0325 4496  W32Time - ok
08:37:51.0369 4496  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
08:37:51.0413 4496  WacomPen - ok
08:37:51.0478 4496  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
08:37:51.0563 4496  WANARP - ok
08:37:51.0578 4496  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
08:37:51.0646 4496  Wanarpv6 - ok
08:37:51.0755 4496  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
08:37:51.0830 4496  WatAdminSvc - ok
08:37:51.0900 4496  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
08:37:52.0014 4496  wbengine - ok
08:37:52.0052 4496  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
08:37:52.0108 4496  WbioSrvc - ok
08:37:52.0158 4496  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
08:37:52.0220 4496  wcncsvc - ok
08:37:52.0247 4496  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:37:52.0287 4496  WcsPlugInService - ok
08:37:52.0325 4496  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
08:37:52.0358 4496  Wd - ok
08:37:52.0421 4496  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
08:37:52.0482 4496  Wdf01000 - ok
08:37:52.0514 4496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
08:37:52.0604 4496  WdiServiceHost - ok
08:37:52.0615 4496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
08:37:52.0651 4496  WdiSystemHost - ok
08:37:52.0702 4496  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
08:37:52.0754 4496  WebClient - ok
08:37:52.0800 4496  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
08:37:52.0882 4496  Wecsvc - ok
08:37:52.0910 4496  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
08:37:52.0977 4496  wercplsupport - ok
08:37:53.0030 4496  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
08:37:53.0086 4496  WerSvc - ok
08:37:53.0126 4496  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
08:37:53.0173 4496  WfpLwf - ok
08:37:53.0216 4496  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
08:37:53.0238 4496  WIMMount - ok
08:37:53.0261 4496  WinDefend - ok
08:37:53.0274 4496  WinHttpAutoProxySvc - ok
08:37:53.0328 4496  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
08:37:53.0428 4496  Winmgmt - ok
08:37:53.0518 4496  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
08:37:53.0640 4496  WinRM - ok
08:37:53.0728 4496  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
08:37:53.0839 4496  Wlansvc - ok
08:37:53.0965 4496  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:37:54.0035 4496  wlidsvc - ok
08:37:54.0075 4496  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
08:37:54.0137 4496  WmiAcpi - ok
08:37:54.0186 4496  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
08:37:54.0291 4496  wmiApSrv - ok
08:37:54.0323 4496  WMPNetworkSvc - ok
08:37:54.0361 4496  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
08:37:54.0465 4496  WPCSvc - ok
08:37:54.0516 4496  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
08:37:54.0550 4496  WPDBusEnum - ok
08:37:54.0580 4496  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
08:37:54.0646 4496  ws2ifsl - ok
08:37:54.0686 4496  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
08:37:54.0743 4496  wscsvc - ok
08:37:54.0754 4496  WSearch - ok
08:37:54.0848 4496  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
08:37:54.0928 4496  wuauserv - ok
08:37:54.0982 4496  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
08:37:55.0033 4496  WudfPf - ok
08:37:55.0075 4496  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
08:37:55.0121 4496  WUDFRd - ok
08:37:55.0171 4496  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
08:37:55.0211 4496  wudfsvc - ok
08:37:55.0250 4496  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
08:37:55.0325 4496  WwanSvc - ok
08:37:55.0361 4496  ================ Scan global ===============================
08:37:55.0410 4496  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
08:37:55.0474 4496  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
08:37:55.0518 4496  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
08:37:55.0556 4496  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
08:37:55.0646 4496  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
08:37:55.0652 4496  [Global] - ok
08:37:55.0655 4496  ================ Scan MBR ==================================
08:37:55.0669 4496  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
08:37:55.0670 4496  Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:37:55.0724 4496  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:37:55.0724 4496  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:37:55.0768 4496  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:37:55.0769 4496  \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:37:55.0773 4496  ================ Scan VBR ==================================
08:37:55.0802 4496  [ 12ED94B2A4568D7A52620F742AD8B077 ] \Device\Harddisk0\DR0\Partition1
08:37:55.0803 4496  \Device\Harddisk0\DR0\Partition1 - ok
08:37:55.0807 4496  ================ Scan active images ========================
08:37:55.0807 4496  ============================================================
08:37:55.0807 4496  Scan finished
08:37:55.0807 4496  ============================================================
08:37:55.0825 5952  Detected object count: 4
08:37:55.0825 5952  Actual detected object count: 4
08:41:10.0050 5952  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
08:41:10.0050 5952  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:41:10.0050 5952  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:41:10.0050 5952  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:41:11.0110 5952  \Device\Harddisk0\DR0\# - copied to quarantine
08:41:11.0110 5952  \Device\Harddisk0\DR0 - copied to quarantine
08:41:11.0157 5952  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:41:12.0078 5952  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:41:12.0109 5952  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:41:12.0124 5952  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:41:12.0733 5952  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:41:12.0733 5952  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:41:12.0748 5952  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:41:12.0748 5952  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:41:13.0372 5952  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:41:13.0778 5952  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:41:13.0778 5952  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:41:13.0794 5952  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:41:13.0903 5952  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:41:13.0903 5952  \Device\Harddisk0\DR0 - ok
08:41:14.0121 5952  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:41:14.0121 5952  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:41:14.0121 5952  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:42:28.0032 0576  Deinitialize success

 



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:24 PM

Posted 05 March 2013 - 06:14 PM

Hello Hikerace,

 

 

Nicely done! Please re-run TDSSKiller with the settings as before and post the log file.

Also please do the following:

 

 

STEP 1

 

  • Also please download ListParts64.exe to your Desktop.
  • Double click ListParts64.exe to launch the program.
  • Put check mark on List BCD.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

 

 

STEP 2

 

 

Please follow the instructions below:

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the textbox.
  • Don't copy the word "quote"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    /md5start
    scecli.dll
    netlogon.dll
    cngaudit.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 


Regards,

Georgi


cXfZ4wS.png


#5 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 05:33 AM

Hi Georgi, thanks for getting back to me again. I was at work (I work evenings) when you replied so had to wait to get home to execute your steps. I went thru this once but I guess it took too long and the forum lost my reply. I re-pasted everything again and I think it got back correctly.

 

I guess I need to post each report in a seperate replies as I am having trouble getting them all in one reply. You will see a reply for each report you requested.
 



#6 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 05:38 AM

I am having trouble replying by posting text into this. I am able to get the results log here.
 

Here is Results log.

 

ListParts by Farbar Version: 04-03-2013
Ran by Rose (administrator) on 06-03-2013 at 01:11:19
Windows 7 (X64)
Running From: C:\Users\Rose\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 45%
Total physical RAM: 3963.98 MB
Available physical RAM: 2150.59 MB
Total Pagefile: 7926.14 MB
Available Pagefile: 6382.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (TI105847W0F) (Fixed) (Total:222.47 GB) (Free:119.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 249AAA6F

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            222 GB  1501 MB
  Partition 3    Primary              8 GB   223 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System       NTFS   Partition   1500 MB  Healthy    Hidden 

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI105847W0F  NTFS   Partition    222 GB  Healthy    Boot   

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {2f6ccb7d-7b87-11df-b1f2-919c8dcec02c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {2f6ccb7f-7b87-11df-b1f2-919c8dcec02c}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {2f6ccb7d-7b87-11df-b1f2-919c8dcec02c}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {2f6ccb7f-7b87-11df-b1f2-919c8dcec02c}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2f6ccb80-7b87-11df-b1f2-919c8dcec02c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2f6ccb80-7b87-11df-b1f2-919c8dcec02c}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {2f6ccb7d-7b87-11df-b1f2-919c8dcec02c}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {2f6ccb80-7b87-11df-b1f2-919c8dcec02c}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


****** End Of Log ******


Edited by Hikerace, 06 March 2013 - 05:45 AM.


#7 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 05:48 AM

I apparently am having file size problems. Here is the extras.txt report.

 

OTL Extras logfile created on: 3/6/2013 1:19:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 64.10% Memory free
7.74 Gb Paging File | 6.38 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.47 Gb Total Space | 119.42 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
 
Computer Name: ROSE-LAPTOP | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034417BF-2B77-4C98-A549-9851D0A6A6FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07922117-2BC1-48FF-9AA5-4877F3A903EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09987511-A9DC-4D3E-B7E7-024C7072B154}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17290429-99D5-45D6-A218-58CA3F16A2C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{21D1CCD6-C01C-4B43-BCDA-D98F94264CB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21DED525-647D-4508-81CF-F5A198B02423}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F42B4D6-63DE-41C4-9600-4487A06B66E0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2FB36367-560E-478A-83B2-0C50AE319BB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34FD49BF-DAA8-49F1-B3C5-EF7AD0130888}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F7AF143-5AA0-4178-B2FE-47C9BECF2278}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{452761D7-EE31-48E4-931D-F4546A6B7820}" = lport=2869 | protocol=6 | dir=in | app=system |
"{459A552D-1AB4-48AB-BDA1-5944D95F398F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46D1762E-9732-4AA0-9FB2-D754E831D883}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{664493B3-218D-4CE3-9F4F-7E147375821A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68B9B977-AA2A-444B-AD7B-ED083DCB609F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC640AB-DE2E-4472-8D2E-7E05A884F783}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6E01942B-B0AD-4513-B36C-F216E57309E4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7272B13B-0A25-4663-AB50-F80441B13B0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F00DF35-658D-442F-97B1-ACCC60017F3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89CA6A2E-A5BB-4872-B8F6-0B495EAD6136}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99068545-461A-4E8D-BC33-8D8FFAB4ACD5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{995DFDF9-CC32-40F1-9EDD-452F90EEAC4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EF0BE9A-5F15-469C-A403-ECD479018F49}" = rport=139 | protocol=6 | dir=out | app=system |
"{A18254C9-5DF7-4C55-97D6-6706DA3A7B85}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{AC5C3E86-D925-4404-BF53-1181555DBA38}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE8B6D22-799B-480A-9065-A492D52FA7B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2EE02EA-9060-4A04-BF09-E2EA227D0E83}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6840121-6D5D-4C53-AD13-0DA3E83D816A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAD9BBEE-890D-45A6-9209-349B5635F5CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BC64A0D5-BEB6-410B-9EBB-BB7FB33B6015}" = rport=137 | protocol=17 | dir=out | app=system |
"{C26CF3DC-DC6B-4F43-B662-C841EC94D5C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6837124-D0D1-4EEC-BCC3-C8070C5FA0C2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C9868CEF-1FC5-4F4D-878C-95CC7BCBD1CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D179B4E2-6896-4650-A906-81F602C59988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DC505550-A7B2-44F3-8280-AB913DA7B1BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E2580207-CC33-4348-A63B-BDA9B3F5AB4A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4D0A582-D17E-4BE9-A281-65054A1BD004}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B062990-A6E9-4C74-B63D-A82F260D3264}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0C687DAE-6731-42D6-8CA5-C7DDF1977938}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{0DDF1ADA-5FAC-496C-BA8C-18DF6D8FE25F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0E2CBD9C-347A-4F4F-B101-43D8EF23057E}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{16F6ADF4-3CD9-4469-848C-CB858003B17C}" = protocol=17 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{1DA09A18-4013-4697-9BB3-E41E5ABFD06B}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{359C94BB-6388-427E-B3B9-C3A6DB7D349B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{408C5C0A-75DA-4BAE-B3A6-FE19449C525D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{42A07AE2-8A45-4E73-9FB3-F29ABDC063E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{440DFB86-41A5-4230-9135-D4F36B657782}" = protocol=6 | dir=out | app=system |
"{45EC3FFD-3152-4097-ACDA-97C7C55DA2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\electric quilt company\eq6\eq6.exe |
"{4D87FEA1-13C1-4C2F-8A7E-CFB703FC8483}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85A5DC1F-C96C-4EB0-B6E2-BFB0EC67E9DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9050F0FC-FCEF-4534-9323-15032D4F9B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95D58BFD-FB70-441C-8185-D0229CE9D2E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97473D67-DD03-4069-96FA-FA114BBEFBB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{986E54C9-14BF-4C9E-A555-62F95DB6F3E3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A49AAE01-2518-42CE-9E8C-AE08677F11D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB9F7E17-61B3-47E5-9390-3B7CBDBA3D3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABB0EA4E-D8CB-476C-9FEB-252922E8E94C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B05645F8-7B19-4D04-B8BA-D486DC300A47}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{B8C11077-81EB-4D62-839E-7343D8756479}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BCB698EF-A3FC-46F1-ABD5-33783FB21339}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C06E8AA6-E3A4-4064-A8C5-2162ABC440FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6549842-370B-4A8F-BA48-7022D6C0F033}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C89FB16E-A5DC-4E85-A91E-65B6B716C6DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D73F4001-A140-44C6-9531-4A036ED6CCB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFDC45F3-199E-4F28-978B-0148098E4E5F}" = dir=in | app=c:\program files (x86)\norton security suite\engine\4.3.0.5\ccsvchst.exe |
"{E4A2E423-D3C3-4F82-9918-ADA35D74AEDC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4AEDE46-0025-4D6D-957D-3AFCA97D833B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E8DD5518-41FA-432A-A4EA-02034471D64C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EF7C2B59-A10A-4BA1-B5CD-E789C7E691BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F53EBD45-6FEE-405E-BAC9-84E1B494E7CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FE4249F7-2513-4330-BF65-FB215FDA43E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{B27E1459-9CD1-4FAA-AAD2-F3779FC030F3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{671F639C-3133-4BBE-9976-5046A9414A20}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"5354-7805-5584-7014" = PrintMaster 2012 Platinum
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Best Buy Software Installer" = Best Buy Software Installer
"Coupon Companion Plugin" = Coupon Companion Plugin
"Digital Editions" = Adobe Digital Editions
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}" = EQ6
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"N360" = Norton Security Suite
"Office14.SingleImage" = Microsoft Office Professional 2010
"sl-dlc" = SelectionLinks
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/5/2013 3:56:47 AM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
Error - 3/5/2013 4:27:57 AM | Computer Name = Rose-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c5  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x4db17035  Faulting process id: 0x390  Faulting application
 start time: 0x01ce197602e450ef  Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
 module path: unknown  Report Id: 94dd13ef-856e-11e2-8baf-00266c546b69
 
Error - 3/5/2013 4:33:32 AM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
Error - 3/5/2013 5:00:56 AM | Computer Name = Rose-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c5  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0xf2a46a70  Faulting process id: 0x2288  Faulting application
 start time: 0x01ce197bf61b47f7  Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
 module path: unknown  Report Id: 30996466-8573-11e2-8baf-00266c546b69
 
Error - 3/5/2013 5:25:54 AM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
Error - 3/5/2013 5:47:12 AM | Computer Name = Rose-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c5  Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
 stamp: 0x50ec9c0f  Exception code: 0xc0000005  Fault offset: 0x003fec6f  Faulting process
 id: 0x1fdc  Faulting application start time: 0x01ce1980493c7679  Faulting application
 path: \\.\globalroot\systemroot\svchost.exe  Faulting module path: C:\windows\system32\MSHTML.dll
Report
 Id: a7459a52-8579-11e2-8baf-00266c546b69
 
Error - 3/5/2013 11:19:07 AM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
Error - 3/5/2013 11:30:37 AM | Computer Name = Rose-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c5  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x3c991773  Faulting process id: 0xb60  Faulting application
 start time: 0x01ce19b15a0569ce  Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
 module path: unknown  Report Id: a0462b2f-85a9-11e2-b778-00266c546b69
 
Error - 3/5/2013 11:37:39 AM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
Error - 3/5/2013 12:03:36 PM | Computer Name = Rose-Laptop | Source = MsiInstaller | ID = 11706
Description =
 
[ System Events ]
Error - 3/5/2013 2:39:55 PM | Computer Name = Rose-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 3/6/2013 4:47:21 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Peer
 Networking Identity Manager service to connect.
 
Error - 3/6/2013 4:47:21 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7000
Description = The Peer Networking Identity Manager service failed to start due to
 the following error:   %%1053
 
Error - 3/6/2013 4:47:21 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Networking
 Identity Manager service which failed to start because of the following error:
  %%1053
 
Error - 3/6/2013 4:47:21 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Name Resolution Protocol service depends on the Peer Networking
 Identity Manager service which failed to start because of the following error:
  %%1053
 
Error - 3/6/2013 4:50:50 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 3/6/2013 4:59:41 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7022
Description = The Peer Name Resolution Protocol service hung on starting.
 
Error - 3/6/2013 4:59:41 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1070
 
Error - 3/6/2013 5:00:59 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Office
 Software Protection Platform service to connect.
 
Error - 3/6/2013 5:00:59 AM | Computer Name = Rose-Laptop | Source = Service Control Manager | ID = 7000
Description = The Office Software Protection Platform service failed to start due
 to the following error:   %%1053
 
 
< End of report >
 



#8 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 05:50 AM

I will try OTL log now.

 

OTL logfile created on: 3/6/2013 1:19:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 64.10% Memory free
7.74 Gb Paging File | 6.38 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.47 Gb Total Space | 119.42 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
 
Computer Name: ROSE-LAPTOP | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/06 01:16:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
PRC - [2013/03/05 08:08:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rose\AppData\Local\Temp\EE710C64-DDDE-4D44-AE6A-7A93DA97B13F.exe
PRC - [2013/02/27 04:21:21 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2010/07/23 13:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/07/23 08:46:02 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/01/12 08:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/10 04:35:28 | 002,157,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll
MOD - [2013/01/10 04:35:22 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 04:34:31 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 04:34:09 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 04:33:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:33:50 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:33:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/12/22 08:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 04:21:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/07/23 13:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 08:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/21 18:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 18:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 20:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/28 10:19:04 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 20:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/03/10 17:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 16:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 08:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 09:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 16:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 11:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/14 19:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 14:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 07:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2013/01/16 05:21:20 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130305.034\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 05:21:20 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130305.034\eng64.sys -- (NAVENG)
DRV - [2013/01/15 18:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/10/27 01:39:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130305.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 18:35:12 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 18:35:12 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5F3B9761-A6A0-4FF2-A73B-16C1945EAD51}
IE:64bit: - HKLM\..\SearchScopes\{5F3B9761-A6A0-4FF2-A73B-16C1945EAD51}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {6E22F71F-1639-4F6B-B00A-FC2A0DE5EAF3}
IE - HKLM\..\SearchScopes\{6E22F71F-1639-4F6B-B00A-FC2A0DE5EAF3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\SearchScopes,DefaultScope = {6E22F71F-1639-4F6B-B00A-FC2A0DE5EAF3}
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\SearchScopes\{6E22F71F-1639-4F6B-B00A-FC2A0DE5EAF3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS403US403
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\SearchScopes\{C93A1CD0-1773-4D89-A1B4-870FFA255FEE}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/21 03:34:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2013/03/06 00:57:10 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1841574715-1070097531-57198043-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1841574715-1070097531-57198043-1000..\Run: [Epson Stylus NX510(Network)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_SEACB.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1841574715-1070097531-57198043-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not found
O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D611E530-62DA-47AB-B75B-DDC24C92F5F1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: 46856990.sys - Driver
SafeBootMin:64bit: 76443703.sys - Driver
SafeBootMin:64bit: 84206778.sys - Driver
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 46856990.sys - Driver
SafeBootMin: 76443703.sys - Driver
SafeBootMin: 84206778.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 46856990.sys - Driver
SafeBootNet:64bit: 76443703.sys - Driver
SafeBootNet:64bit: 84206778.sys - Driver
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 46856990.sys - Driver
SafeBootNet: 76443703.sys - Driver
SafeBootNet: 84206778.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{939BA228-19B1-4739-894E-21DA6C230C15} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\windows\SysWow64\tsccvid.dll (TechSmith Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/03/06 01:16:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2013/03/06 01:10:10 | 000,815,913 | ---- | C] (Farbar) -- C:\Users\Rose\Desktop\ListParts64.exe
[2013/03/05 08:41:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/05 08:08:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rose\Desktop\tdsskiller.exe
[2013/03/05 01:27:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Rose\Desktop\dds.com
[2013/03/05 00:54:56 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Tific
[2013/03/04 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\Desktop Items
[2013/03/04 04:50:05 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/03/03 18:35:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
[2013/02/27 05:32:29 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/02/27 05:32:29 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 05:32:29 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/02/27 05:32:29 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/02/27 05:32:16 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/02/27 05:32:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/02/27 05:32:09 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/02/27 05:32:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 05:32:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 05:32:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 05:32:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 05:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 05:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 05:32:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 05:32:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 05:32:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/02/27 05:32:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/02/27 05:32:07 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/02/27 05:32:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 05:32:07 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/02/27 05:32:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 05:32:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 05:32:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 05:32:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 05:32:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 05:32:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 05:32:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 05:32:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 05:32:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 05:32:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 05:32:06 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/02/27 05:32:06 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/02/27 05:32:06 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/02/27 05:32:06 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/02/27 05:32:06 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/02/27 05:32:06 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/02/27 05:32:06 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/02/27 05:32:05 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/02/27 05:32:05 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/02/27 05:32:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/02/27 05:32:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/02/14 05:14:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/02/14 05:14:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/02/14 05:14:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/02/14 05:14:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/02/14 05:14:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/02/14 05:14:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/02/13 21:09:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/02/13 21:09:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/02/13 21:09:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/02/13 21:09:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/02/13 21:09:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/02/13 21:09:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/02/13 21:09:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/02/13 21:09:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/02/13 21:09:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/02/13 21:09:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/02/13 21:09:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/02/13 21:09:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/02/13 21:09:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/02/13 21:09:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/02/13 21:09:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/02/13 18:31:57 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/02/13 18:31:56 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/02/13 18:31:55 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/02/13 18:28:18 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/01/21 13:13:04 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\OneNote Notebooks
[2013/01/21 13:04:08 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Updater21804
[2013/01/21 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Coupon Companion Plugin
[2013/01/21 13:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
[2013/01/21 13:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/01/21 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\A OT 108 original
[2013/01/21 08:40:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\A OT 108
[2013/01/09 18:56:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/09 18:56:01 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/09 18:56:01 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/09 18:55:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/09 18:55:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/09 18:55:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/09 18:55:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/09 18:55:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/09 18:55:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/09 18:55:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/09 18:55:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/09 18:55:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/09 18:55:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/09 18:55:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/09 18:55:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/09 18:55:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/09 18:55:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/09 18:55:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/09 18:55:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/09 18:55:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/09 18:55:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/09 18:55:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/09 18:55:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/09 18:55:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/09 18:55:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/09 18:55:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/09 18:55:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/09 18:55:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/09 18:55:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/09 18:55:37 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/09 18:55:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/09 18:55:37 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/09 18:55:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/09 18:55:37 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/09 18:55:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/09 18:55:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/09 18:54:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/09 18:54:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/09 18:54:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/09 18:54:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/09 18:54:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/09 18:54:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/09 18:54:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/09 18:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:54:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:54:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:54:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:54:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:54:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:54:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:54:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:54:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:54:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:54:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:54:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:54:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:54:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:54:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:54:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:54:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:54:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:54:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:54:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:54:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:54:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:54:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:54:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:54:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:54:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:54:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:54:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:54:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:54:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:54:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:54:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:51:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2012/12/21 19:02:34 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\OT 108 Rose
[2012/12/20 22:17:42 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/20 22:17:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/20 22:17:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/20 22:17:40 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/14 08:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012/12/14 08:27:27 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Conexant
[2012/12/12 19:23:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/12 19:23:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/03/06 01:21:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 01:16:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2013/03/06 01:10:11 | 000,815,913 | ---- | M] (Farbar) -- C:\Users\Rose\Desktop\ListParts64.exe
[2013/03/06 01:06:34 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 01:06:34 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 01:01:30 | 000,001,303 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/06 00:57:04 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 00:56:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/06 00:56:29 | 3117,395,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 10:41:56 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/05 10:41:56 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/05 10:41:56 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/05 10:40:34 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/05 08:24:54 | 453,982,844 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/05 08:08:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rose\Desktop\tdsskiller.exe
[2013/03/05 08:01:53 | 000,007,604 | ---- | M] () -- C:\Users\Rose\AppData\Local\Resmon.ResmonCfg
[2013/03/05 01:27:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Rose\Desktop\dds.com
[2013/03/05 00:14:33 | 000,008,555 | ---- | M] () -- C:\Users\Rose\Desktop\Desktop Items - Shortcut.lnk
[2013/02/27 04:21:21 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 04:21:21 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/23 08:50:00 | 000,001,675 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\SAS7_000.DAT
[2013/02/14 04:55:05 | 000,766,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/13 13:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/13 13:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/13 13:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/13 13:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/13 13:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/13 13:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/13 13:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/13 13:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/13 13:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/13 12:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/13 12:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/13 12:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/13 12:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/13 12:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/13 12:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/13 12:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/13 12:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/13 12:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/13 12:08:35 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/01/13 11:59:04 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/01/13 11:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/01/13 11:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/01/13 11:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/01/13 11:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/01/13 11:38:32 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/01/13 11:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/01/13 11:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/01/13 11:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/01/13 11:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/01/13 11:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/01/13 11:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/01/13 11:15:40 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/01/13 11:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/01/13 11:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/01/13 10:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/01/13 10:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/01/13 10:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/01/13 09:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/01/13 09:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/01/08 17:19:09 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/01/08 17:11:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/01/08 17:10:26 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/01/08 17:07:51 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/01/08 17:07:50 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/01/08 17:07:47 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/01/08 17:06:39 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/01/08 17:04:58 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/01/08 17:00:48 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/01/08 14:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/01/08 14:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/01/08 13:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/01/08 13:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/01/08 13:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/01/08 13:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/01/04 21:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/01/04 21:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/01/04 21:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/01/03 22:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/01/03 22:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/01/03 21:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/03 20:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/03 18:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/03 18:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/03 18:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/03 18:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/02 22:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/12/22 08:08:32 | 000,817,283 | ---- | M] () -- C:\Users\Rose\Documents\Ogre baby's squeaky toy word.pdf
[2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/07 05:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2012/12/07 05:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2012/12/07 04:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2012/12/07 04:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2012/12/07 03:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\windows\SysNative\usk.rs
[2012/12/07 03:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2012/12/07 03:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2012/12/07 03:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2012/12/07 03:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2012/12/07 03:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2012/12/07 03:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2012/12/07 03:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2012/12/07 03:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2012/12/07 03:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2012/12/07 03:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\windows\SysNative\grb.rs
[2012/12/07 03:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2012/12/07 03:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\windows\SysNative\cero.rs
[2012/12/07 03:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2012/12/07 02:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2012/12/07 02:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2012/12/07 02:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2012/12/07 02:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2012/12/07 02:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2012/12/07 02:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2012/12/07 02:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2012/12/07 02:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2012/12/07 02:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2012/12/07 02:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2012/12/07 02:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2012/12/07 02:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2012/12/07 02:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2012/12/07 02:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/05 01:15:43 | 000,007,604 | ---- | C] () -- C:\Users\Rose\AppData\Local\Resmon.ResmonCfg
[2013/03/05 00:14:33 | 000,008,555 | ---- | C] () -- C:\Users\Rose\Desktop\Desktop Items - Shortcut.lnk
[2013/03/04 04:49:52 | 453,982,844 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/01/21 13:13:07 | 000,001,303 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/22 08:08:32 | 000,817,283 | ---- | C] () -- C:\Users\Rose\Documents\Ogre baby's squeaky toy word.pdf
[2011/08/30 13:50:15 | 000,001,010 | ---- | C] () -- C:\Users\Rose\PrintMaster-2012-Platinum.prefs
[2011/05/18 18:06:09 | 000,001,940 | ---- | C] () -- C:\Users\Rose\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/22 21:51:09 | 000,001,675 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\SAS7_000.DAT
[2010/10/30 09:42:13 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/30 09:42:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4EE67A3137.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/21 13:11:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Epson
[2013/01/07 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\FileZilla
[2010/12/22 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Nuance
[2011/09/18 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OverDrive
[2013/03/05 00:54:56 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Tific
[2010/10/30 08:31:51 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Toshiba
[2010/10/27 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/04/04 13:37:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/03/06 00:56:29 | 3117,395,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 00:56:34 | 4156,530,688 | -HS- | M] () -- C:\pagefile.sys
[2013/03/05 08:15:11 | 000,003,492 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.03.2013_08.09.21_log.txt
[2013/03/05 08:21:13 | 000,003,470 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.03.2013_08.20.57_log.txt
[2013/03/05 08:42:28 | 000,133,822 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.03.2013_08.30.02_log.txt
[2013/03/05 09:00:58 | 000,003,554 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.03.2013_08.45.48_log.txt
[2013/03/06 00:55:48 | 000,003,492 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_06.03.2013_00.55.35_log.txt
[2013/03/06 01:03:28 | 000,494,532 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_06.03.2013_00.57.31_log.txt
[2010/10/30 09:36:15 | 000,414,508 | ---- | M] () -- C:\vcredist_x86.log
 
< %USERPROFILE%\*.* >
[2013/03/06 01:30:37 | 006,029,312 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT
[2013/03/06 01:30:37 | 000,262,144 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG1
[2010/10/27 16:10:34 | 000,000,000 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG2
[2010/10/27 16:36:16 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/10/27 16:36:16 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/10/27 16:36:16 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/10/27 16:10:35 | 000,000,020 | -HS- | M] () -- C:\Users\Rose\ntuser.ini
[2012/11/27 17:04:51 | 000,001,010 | ---- | M] () -- C:\Users\Rose\PrintMaster-2012-Platinum.prefs
 
< %USERPROFILE%\temp\*.exe >
 
< %USERPROFILE%\AppData\Local\*.* >
[2012/11/16 22:05:39 | 000,238,016 | ---- | M] () -- C:\Users\Rose\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/03/05 10:42:12 | 003,741,591 | -H-- | M] () -- C:\Users\Rose\AppData\Local\IconCache.db
[2013/03/05 08:01:53 | 000,007,604 | ---- | M] () -- C:\Users\Rose\AppData\Local\Resmon.ResmonCfg
[2012/11/23 09:32:10 | 000,001,940 | ---- | M] () -- C:\Users\Rose\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
< %USERPROFILE%\AppData\Local\*. >
[2012/01/24 06:56:06 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Adobe
[2010/10/30 09:40:27 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Apple
[2010/10/30 09:46:19 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Apple Computer
[2010/10/27 16:10:34 | 000,000,000 | -HSD | M] -- C:\Users\Rose\AppData\Local\Application Data
[2010/10/27 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Best_Buy®
[2012/12/14 08:27:27 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Conexant
[2013/01/21 13:04:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Coupon Companion Plugin
[2012/12/11 07:11:01 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\CrashDumps
[2013/02/17 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Diagnostics
[2012/05/06 09:23:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\ElevatedDiagnostics
[2013/01/21 13:04:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Google
[2010/10/27 16:10:34 | 000,000,000 | -HSD | M] -- C:\Users\Rose\AppData\Local\History
[2013/03/04 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Microsoft
[2011/08/27 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Microsoft Games
[2012/04/01 11:36:26 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Microsoft Help
[2013/03/06 01:17:08 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Temp
[2010/10/27 16:10:34 | 000,000,000 | -HSD | M] -- C:\Users\Rose\AppData\Local\Temporary Internet Files
[2010/10/29 00:44:35 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Toshiba Corporation
[2010/10/27 16:36:13 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\TOSHIBA_Corporation
[2013/01/21 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Updater21804
[2011/11/09 05:03:11 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\VirtualStore
[2012/02/28 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Windows Live
 
< %USERPROFILE%\AppData\Local\temp\*.exe >
[2013/03/05 08:08:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rose\AppData\Local\temp\EE710C64-DDDE-4D44-AE6A-7A93DA97B13F.exe
[2010/03/19 15:02:04 | 000,149,352 | R--- | M] (Microsoft Corporation) -- C:\Users\Rose\AppData\Local\temp\ose00000.exe
[2006/10/30 16:10:00 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Rose\AppData\Local\temp\_is64E9.exe
[4 C:\Users\Rose\AppData\Local\temp\*.tmp files -> C:\Users\Rose\AppData\Local\temp\*.tmp -> ]
 
< %USERPROFILE%\AppData\Roaming\*.* >
[2013/02/23 08:50:00 | 000,001,675 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\SAS7_000.DAT
 
< %USERPROFILE%\AppData\Roaming\*. >
[2011/04/03 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Adobe
[2010/10/30 09:43:42 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Corel
[2013/01/21 13:11:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Epson
[2013/01/07 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\FileZilla
[2010/12/22 21:32:00 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\FLEXnet
[2010/10/27 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Google
[2010/10/27 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Identities
[2010/10/27 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\InstallShield
[2010/10/28 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Macromedia
[2009/07/13 23:44:38 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Media Center Programs
[2013/03/04 23:56:43 | 000,000,000 | --SD | M] -- C:\Users\Rose\AppData\Roaming\Microsoft
[2010/10/28 00:50:21 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Microsoft Web Folders
[2010/12/22 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Nuance
[2011/09/18 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OverDrive
[2013/03/05 00:54:56 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Tific
[2010/10/30 08:31:51 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Toshiba
[2010/10/27 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\WinBatch
 
< %Public%\Documents\Fonts\*.exe >
 
< %Public%\Documents\Config\*.exe >
 
< %Public%\Documents\*.* >
[2009/07/13 20:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2010/12/22 20:23:38 | 002,186,772 | ---- | M] () -- C:\Users\Public\Documents\Dragon Naturally Speaking Users Guide.pdf
[2010/11/28 10:18:49 | 004,251,204 | ---- | M] () -- C:\Users\Public\Documents\FileZilla_3.3.5.1_win32-setup.exe
 
< %ProgramData%\*.* >
[2010/10/30 09:43:32 | 000,000,088 | RHS- | M] () -- C:\ProgramData\4EE67A3137.sys
[2010/10/30 09:44:26 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
 
< %ProgramData%\*. >
[2012/08/31 14:40:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010/10/30 09:40:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2010/10/30 09:41:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/06/19 01:10:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Atheros
[2010/10/27 16:13:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Best Buy Software Installer
[2012/12/14 08:27:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Conexant
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/10/27 17:22:52 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/22 21:21:23 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2010/04/03 21:25:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2013/03/04 23:56:56 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/02/13 21:23:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/11/23 09:47:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2010/10/28 10:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2010/12/22 21:21:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Nuance
[2010/11/18 17:56:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2010/10/28 10:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/08/30 18:50:46 | 000,000,000 | ---D | M] -- C:\ProgramData\StoryRock
[2013/02/23 15:17:24 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/10/30 08:28:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2010/06/19 01:20:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}
 
< %CommonProgramFiles%\*.* >
 
< %CommonProgramFiles%\ComObjects*.exe >
 
< %commonprogramfiles(x86)%\*.* >
 
< %ProgramFiles(x86)%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %ProgramFiles(x86)%\*. >
[2012/01/24 06:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/10/30 09:40:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/06/19 01:10:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2011/10/12 20:39:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/10/30 09:50:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2013/01/21 13:04:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupon Companion Plugin
[2011/08/30 14:22:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electric Quilt Company
[2010/10/27 17:23:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2010/10/27 17:18:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Epson Software
[2010/10/27 17:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EpsonNet
[2011/10/09 20:20:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/07/01 19:05:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/10/30 08:00:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\honestech
[2010/10/30 08:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\honestech DVD Player 3.0
[2011/08/30 14:27:12 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/19 01:05:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2013/02/14 04:53:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/04/03 21:15:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/11/11 01:14:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/11 01:18:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/06/19 01:01:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2012/05/11 16:52:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/03 21:28:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/10/09 20:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/11/11 01:18:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/04/03 21:02:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/28 10:18:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Security Suite
[2010/06/19 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/12/22 21:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nuance
[2013/01/21 13:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OApps
[2012/05/13 17:28:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OverDrive Media Console
[2011/10/12 21:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PrintMaster 2012 Platinum
[2010/10/30 09:41:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/06/19 01:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/10/30 10:32:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA
[2009/07/13 20:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/03/30 20:28:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/01/24 08:19:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/01/24 08:19:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/01/24 08:19:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/01/24 08:19:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/01/24 08:19:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
 
< %programdata%\Microsoft\Windows\DRM\*.tmp >
[2 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]
 
< %programdata%\Microsoft\DRM\*.tmp >
 
< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2012/11/01 18:21:08 | 000,001,940 | ---- | M] () -- C:\windows\system32\config\systemprofile\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >
 
< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >
[2012/11/01 18:21:08 | 000,001,940 | ---- | M] () -- C:\windows\SysWOW64\config\systemprofile\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >
 
< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >
 
< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >
 
< %windir%\temp\*.exe >
 
< %windir%\*. >
[2009/07/13 21:32:39 | 000,000,000 | ---D | M] -- C:\windows\addins
[2009/07/13 19:20:08 | 000,000,000 | ---D | M] -- C:\windows\AppCompat
[2013/02/14 19:12:23 | 000,000,000 | ---D | M] -- C:\windows\AppPatch
[2013/02/16 08:41:48 | 000,000,000 | R-SD | M] -- C:\windows\assembly
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\Boot
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\Branding
[2009/07/13 21:32:39 | 000,000,000 | ---D | M] -- C:\windows\Cursors
[2011/03/11 05:28:02 | 000,000,000 | ---D | M] -- C:\windows\debug
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\diagnostics
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\DigitalLocker
[2010/04/03 21:16:28 | 000,000,000 | ---D | M] -- C:\windows\Downloaded Installations
[2012/02/19 15:41:33 | 000,000,000 | ---D | M] -- C:\windows\Downloaded Program Files
[2012/01/24 08:18:41 | 000,000,000 | ---D | M] -- C:\windows\ehome
[2011/01/13 17:44:34 | 000,000,000 | ---D | M] -- C:\windows\en
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\en-US
[2012/11/16 21:57:45 | 000,000,000 | R-SD | M] -- C:\windows\Fonts
[2009/07/13 23:50:14 | 000,000,000 | ---D | M] -- C:\windows\Globalization
[2010/10/28 00:50:52 | 000,000,000 | ---D | M] -- C:\windows\Help
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\IME
[2013/03/05 10:41:56 | 000,000,000 | ---D | M] -- C:\windows\inf
[2013/03/05 08:23:00 | 000,000,000 | -HSD | M] -- C:\windows\Installer
[2009/07/13 21:32:39 | 000,000,000 | ---D | M] -- C:\windows\L2Schemas
[2012/02/19 21:36:16 | 000,000,000 | ---D | M] -- C:\windows\LiveKernelReports
[2012/01/24 08:05:11 | 000,000,000 | ---D | M] -- C:\windows\Logs
[2009/07/13 21:32:40 | 000,000,000 | R-SD | M] -- C:\windows\Media
[2013/02/16 08:41:49 | 000,000,000 | ---D | M] -- C:\windows\Microsoft.NET
[2013/03/05 08:25:05 | 000,000,000 | ---D | M] -- C:\windows\Minidump
[2009/07/13 18:34:34 | 000,000,000 | ---D | M] -- C:\windows\ModemLogs
[2010/10/28 00:50:51 | 000,000,000 | ---D | M] -- C:\windows\Msagent
[2010/06/19 01:17:19 | 000,000,000 | -H-D | M] -- C:\windows\msdownld.tmp
[2009/07/13 21:32:40 | 000,000,000 | ---D | M] -- C:\windows\Offline Web Pages
[2010/10/27 16:11:40 | 000,000,000 | ---D | M] -- C:\windows\Panther
[2010/11/11 01:18:51 | 000,000,000 | ---D | M] -- C:\windows\PCHEALTH
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\Performance
[2009/07/13 19:20:10 | 000,000,000 | ---D | M] -- C:\windows\PLA
[2012/01/24 08:31:28 | 000,000,000 | ---D | M] -- C:\windows\PolicyDefinitions
[2013/03/05 07:59:46 | 000,000,000 | ---D | M] -- C:\windows\Prefetch
[2009/07/13 19:20:11 | 000,000,000 | ---D | M] -- C:\windows\Registration
[2013/03/03 12:56:18 | 000,000,000 | ---D | M] -- C:\windows\rescache
[2013/01/21 13:03:25 | 000,000,000 | ---D | M] -- C:\windows\Resources
[2009/07/13 18:35:47 | 000,000,000 | ---D | M] -- C:\windows\SchCache
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\schemas
[2009/07/13 19:20:10 | 000,000,000 | ---D | M] -- C:\windows\security
[2009/07/13 20:45:47 | 000,000,000 | ---D | M] -- C:\windows\ServiceProfiles
[2012/01/24 08:18:43 | 000,000,000 | ---D | M] -- C:\windows\servicing
[2010/04/04 13:38:05 | 000,000,000 | ---D | M] -- C:\windows\Setup
[2010/11/11 01:25:54 | 000,000,000 | ---D | M] -- C:\windows\ShellNew
[2010/10/27 16:35:28 | 000,000,000 | ---D | M] -- C:\windows\SoftwareDistribution
[2010/12/22 21:21:23 | 000,000,000 | ---D | M] -- C:\windows\Speech
[2010/10/28 00:56:08 | 000,000,000 | ---D | M] -- C:\windows\system
[2013/03/05 10:41:56 | 000,000,000 | ---D | M] -- C:\windows\System32
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\SysWOW64
[2009/07/13 20:57:13 | 000,000,000 | ---D | M] -- C:\windows\TAPI
[2012/05/02 11:27:15 | 000,000,000 | ---D | M] -- C:\windows\Tasks
[2013/03/06 01:17:01 | 000,000,000 | ---D | M] -- C:\windows\Temp
[2009/07/13 18:34:33 | 000,000,000 | ---D | M] -- C:\windows\tracing
[2010/10/27 17:17:17 | 000,000,000 | ---D | M] -- C:\windows\twain_32
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\Vss
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\Web
[2013/02/28 04:37:59 | 000,000,000 | ---D | M] -- C:\windows\winsxs
 
< %windir%\installer\*. >
[2010/04/03 21:29:12 | 000,000,000 | -HSD | M] -- C:\windows\installer\$PatchCache$
[2010/10/28 01:00:36 | 000,000,000 | ---D | M] -- C:\windows\installer\{00110409-78E1-11D2-B60F-006097C998E7}
[2010/11/11 15:14:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{00170409-78E1-11D2-B60F-006097C998E7}
[2010/06/19 01:13:35 | 000,000,000 | ---D | M] -- C:\windows\installer\{066CFFF8-12BF-4390-A673-75F95EFF188E}
[2010/10/30 09:40:38 | 000,000,000 | ---D | M] -- C:\windows\installer\{0C34B801-6AEC-4667-B053-03A67E2D0415}
[2010/04/03 21:24:59 | 000,000,000 | ---D | M] -- C:\windows\installer\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}
[2012/10/09 20:34:47 | 000,000,000 | ---D | M] -- C:\windows\installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
[2010/12/22 21:18:36 | 000,000,000 | ---D | M] -- C:\windows\installer\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}
[2010/04/03 21:17:11 | 000,000,000 | ---D | M] -- C:\windows\installer\{5DA0E02F-970B-424B-BF41-513A5018E4C0}
[2012/02/19 15:41:48 | 000,000,000 | ---D | M] -- C:\windows\installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2010/04/03 21:28:21 | 000,000,000 | ---D | M] -- C:\windows\installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
[2010/10/30 09:40:25 | 000,000,000 | ---D | M] -- C:\windows\installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
[2010/04/03 21:28:38 | 000,000,000 | ---D | M] -- C:\windows\installer\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
[2012/05/11 16:53:01 | 000,000,000 | ---D | M] -- C:\windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013/01/09 21:33:47 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-0020-0409-0000-0000000FF1CE}
[2010/11/09 10:31:06 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-006E-0409-0000-0000000FF1CE}
[2010/11/11 01:15:37 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-002A-0000-1000-0000000FF1CE}
[2013/02/13 21:23:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-003D-0000-0000-0000000FF1CE}
[2011/11/22 22:45:33 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-006E-0409-0000-0000000FF1CE}
[2013/01/09 21:33:55 | 000,000,000 | ---D | M] -- C:\windows\installer\{95120000-00AF-0409-0000-0000000FF1CE}
[2010/04/03 21:18:55 | 000,000,000 | ---D | M] -- C:\windows\installer\{A0E99122-25C1-4CA4-9063-499A2A814EB6}
[2010/10/30 09:41:22 | 000,000,000 | ---D | M] -- C:\windows\installer\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
[2011/03/30 20:29:10 | 000,000,000 | ---D | M] -- C:\windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2012/01/24 06:56:37 | 000,000,000 | ---D | M] -- C:\windows\installer\{AC76BA86-7AD7-1033-7B44-A95000000001}
[2010/04/03 21:25:41 | 000,000,000 | ---D | M] -- C:\windows\installer\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
[2010/04/03 21:18:00 | 000,000,000 | ---D | M] -- C:\windows\installer\{C14518AF-1A0F-4D39-8011-69BAA01CD380}
[2011/08/30 14:26:38 | 000,000,000 | ---D | M] -- C:\windows\installer\{CDFC8F9A-79A7-4438-A090-B07C5A9739E9}
[2012/05/13 17:28:36 | 000,000,000 | ---D | M] -- C:\windows\installer\{D07205E7-F6D3-4333-AFCC-782A07685B72}
[2010/04/03 21:16:42 | 000,000,000 | ---D | M] -- C:\windows\installer\{D4322448-B6AF-4316-B859-D8A0E84DCB38}
[2010/06/19 01:01:40 | 000,000,000 | ---D | M] -- C:\windows\installer\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
[2011/03/30 20:28:40 | 000,000,000 | ---D | M] -- C:\windows\installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2010/12/22 21:27:02 | 000,000,000 | ---D | M] -- C:\windows\installer\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}
[2010/04/03 21:28:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2010/04/03 21:21:09 | 000,000,000 | ---D | M] -- C:\windows\installer\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}
 
< %windir%\system32\*. >
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\0409
[2012/02/19 15:41:42 | 000,000,000 | ---D | M] -- C:\windows\system32\Adobe
[2012/01/24 08:18:11 | 000,000,000 | ---D | M] -- C:\windows\system32\AdvancedInstallers
[2009/07/13 19:20:16 | 000,000,000 | ---D | M] -- C:\windows\system32\ar-SA
[2010/06/19 01:09:50 | 000,000,000 | ---D | M] -- C:\windows\system32\Atheros_L1e
[2009/07/13 19:20:16 | 000,000,000 | ---D | M] -- C:\windows\system32\bg-BG
[2009/07/13 18:35:36 | 000,000,000 | ---D | M] -- C:\windows\system32\catroot
[2009/07/13 18:35:36 | 000,000,000 | ---D | M] -- C:\windows\system32\catroot2
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\com
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\config
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\cs-CZ
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\system32\da-DK
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\de-DE
[2012/01/24 08:18:07 | 000,000,000 | ---D | M] -- C:\windows\system32\Dism
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\drivers
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\DriverStore
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\el-GR
[2012/01/24 08:18:10 | 000,000,000 | ---D | M] -- C:\windows\system32\en
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\system32\en-US
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\es-ES
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\et-EE
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\fi-FI
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\fr-FR
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\system32\FxsTmp
[2009/07/13 18:34:27 | 000,000,000 | ---D | M] -- C:\windows\system32\GroupPolicy
[2009/07/13 18:34:27 | 000,000,000 | ---D | M] -- C:\windows\system32\GroupPolicyUsers
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\he-IL
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\hr-HR
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\hu-HU
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\icsxml
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\IME
[2009/07/13 18:36:55 | 000,000,000 | ---D | M] -- C:\windows\system32\inetsrv
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\InstallShield
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\it-IT
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\system32\ja-JP
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\ko-KR
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\system32\LogFiles
[2009/07/13 19:20:17 | 000,000,000 | ---D | M] -- C:\windows\system32\lt-LT
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\lv-LV
[2010/04/03 21:23:38 | 000,000,000 | ---D | M] -- C:\windows\system32\Macromed
[2012/01/24 08:18:10 | 000,000,000 | ---D | M] -- C:\windows\system32\manifeststore
[2013/02/14 04:53:31 | 000,000,000 | ---D | M] -- C:\windows\system32\migration
[2012/01/24 08:18:08 | 000,000,000 | ---D | M] -- C:\windows\system32\migwiz
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\Msdtc
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\MUI
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\system32\nb-NO
[2009/07/13 18:34:31 | 000,000,000 | ---D | M] -- C:\windows\system32\NDF
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\NetworkList
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\nl-NL
[2012/01/24 08:18:16 | 000,000,000 | ---D | M] -- C:\windows\system32\oobe
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\pl-PL
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\Printing_Admin_Scripts
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\pt-BR
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\pt-PT
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\ras
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\Recovery
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\system32\restore
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\ro-RO
[2013/02/28 04:35:57 | 000,000,000 | ---D | M] -- C:\windows\system32\ru-RU
[2012/01/24 08:18:11 | 000,000,000 | ---D | M] -- C:\windows\system32\Setup
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\sk-SK
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\sl-SI
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\slmgr
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\system32\Speech
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\spp
[2012/01/24 08:18:10 | 000,000,000 | ---D | M] -- C:\windows\system32\sppui
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\sr-Latn-CS
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\sv-SE
[2010/10/27 16:11:40 | 000,000,000 | ---D | M] -- C:\windows\system32\sysprep
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\Tasks
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\th-TH
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\tr-TR
[2009/07/13 19:20:19 | 000,000,000 | ---D | M] -- C:\windows\system32\uk-UA
[2010/10/28 16:41:33 | 000,000,000 | ---D | M] -- C:\windows\system32\Wat
[2012/01/24 08:18:09 | 000,000,000 | ---D | M] -- C:\windows\system32\wbem
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\WCN
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\system32\wdi
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\system32\WindowsPowerShell
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\system32\winrm
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-CN
[2013/02/28 04:35:59 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-HK
[2013/02/28 04:35:58 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-TW
 
< %windir%\sysnative\*. >
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\sysnative\0409
[2012/01/24 08:16:12 | 000,000,000 | ---D | M] -- C:\windows\sysnative\AdvancedInstallers
[2009/07/13 19:20:11 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ar-SA
[2009/07/13 19:20:11 | 000,000,000 | ---D | M] -- C:\windows\sysnative\bg-BG
[2012/01/24 08:13:32 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Boot
[2013/02/27 05:36:52 | 000,000,000 | ---D | M] -- C:\windows\sysnative\catroot
[2013/02/27 05:36:52 | 000,000,000 | ---D | M] -- C:\windows\sysnative\catroot2
[2010/04/03 21:31:47 | 000,000,000 | ---D | M] -- C:\windows\sysnative\CodeIntegrity
[2009/07/13 21:37:45 | 000,000,000 | ---D | M] -- C:\windows\sysnative\com
[2013/03/06 00:52:09 | 000,000,000 | ---D | M] -- C:\windows\sysnative\config
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\cs-CZ
[2013/02/28 04:35:53 | 000,000,000 | ---D | M] -- C:\windows\sysnative\da-DK
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\de-DE
[2012/01/24 08:16:01 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Dism
[2013/03/06 00:58:43 | 000,000,000 | ---D | M] -- C:\windows\sysnative\drivers
[2012/09/12 16:36:30 | 000,000,000 | ---D | M] -- C:\windows\sysnative\DriverStore
[2010/10/28 10:19:21 | 000,000,000 | ---D | M] -- C:\windows\sysnative\DRVSTORE
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\el-GR
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\sysnative\en
[2013/02/28 04:35:53 | 000,000,000 | ---D | M] -- C:\windows\sysnative\en-US
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\es-ES
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\et-EE
[2012/01/24 07:04:47 | 000,000,000 | ---D | M] -- C:\windows\sysnative\EventProviders
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\fi-FI
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\fr-FR
[2009/07/13 21:09:04 | 000,000,000 | ---D | M] -- C:\windows\sysnative\FxsTmp
[2009/07/13 18:34:27 | 000,000,000 | ---D | M] -- C:\windows\sysnative\GroupPolicy
[2009/07/13 18:34:27 | 000,000,000 | ---D | M] -- C:\windows\sysnative\GroupPolicyUsers
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\he-IL
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\hr-HR
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\hu-HU
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ias
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\icsxml
[2009/07/13 19:20:11 | 000,000,000 | ---D | M] -- C:\windows\sysnative\IME
[2009/07/13 18:36:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\inetsrv
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\it-IT
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ja-JP
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ko-KR
[2010/10/28 10:06:15 | 000,000,000 | ---D | M] -- C:\windows\sysnative\LogFiles
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\lt-LT
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\lv-LV
[2012/02/19 15:52:26 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Macromed
[2012/01/24 08:16:11 | 000,000,000 | ---D | M] -- C:\windows\sysnative\manifeststore
[2009/07/13 20:45:42 | 000,000,000 | --SD | M] -- C:\windows\sysnative\Microsoft
[2013/02/14 04:53:30 | 000,000,000 | ---D | M] -- C:\windows\sysnative\migration
[2012/01/24 08:16:02 | 000,000,000 | ---D | M] -- C:\windows\sysnative\migwiz
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Msdtc
[2009/07/13 21:37:45 | 000,000,000 | ---D | M] -- C:\windows\sysnative\MUI
[2013/02/28 04:35:53 | 000,000,000 | ---D | M] -- C:\windows\sysnative\nb-NO
[2013/01/15 17:38:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\NDF
[2009/07/13 19:20:11 | 000,000,000 | ---D | M] -- C:\windows\sysnative\NetworkList
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\nl-NL
[2012/01/24 08:16:18 | 000,000,000 | ---D | M] -- C:\windows\sysnative\oobe
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\pl-PL
[2009/07/13 21:37:45 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Printing_Admin_Scripts
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\pt-BR
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\pt-PT
[2009/07/13 19:20:15 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ras
[2009/07/13 23:12:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Recovery
[2010/10/27 16:10:43 | 000,000,000 | ---D | M] -- C:\windows\sysnative\restore
[2009/07/13 19:20:15 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ro-RO
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\ru-RU
[2012/01/24 08:16:12 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Setup
[2009/07/13 19:20:15 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sk-SK
[2009/07/13 19:20:15 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sl-SI
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\sysnative\slmgr
[2009/07/13 19:20:13 | 000,000,000 | ---D | M] -- C:\windows\sysnative\SMI
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Speech
[2009/07/13 20:53:31 | 000,000,000 | ---D | M] -- C:\windows\sysnative\spool
[2009/07/13 19:20:13 | 000,000,000 | ---D | M] -- C:\windows\sysnative\spp
[2012/01/24 08:16:10 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sppui
[2012/01/24 07:43:34 | 000,000,000 | ---D | M] -- C:\windows\sysnative\SPReview
[2009/07/13 19:20:16 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sr-Latn-CS
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sv-SE
[2013/03/03 18:33:21 | 000,000,000 | ---D | M] -- C:\windows\sysnative\sysprep
[2013/01/21 13:04:10 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Tasks
[2009/07/13 19:20:16 | 000,000,000 | ---D | M] -- C:\windows\sysnative\th-TH
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\tr-TR
[2009/07/13 19:20:16 | 000,000,000 | ---D | M] -- C:\windows\sysnative\uk-UA
[2010/10/28 16:41:33 | 000,000,000 | ---D | M] -- C:\windows\sysnative\Wat
[2012/11/16 21:57:52 | 000,000,000 | ---D | M] -- C:\windows\sysnative\wbem
[2009/07/13 21:37:45 | 000,000,000 | ---D | M] -- C:\windows\sysnative\WCN
[2012/04/29 06:21:42 | 000,000,000 | ---D | M] -- C:\windows\sysnative\wdi
[2009/07/13 21:09:49 | 000,000,000 | ---D | M] -- C:\windows\sysnative\wfp
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\sysnative\WinBioDatabase
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\sysnative\WinBioPlugIns
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\windows\sysnative\WindowsPowerShell
[2009/07/13 19:20:14 | 000,000,000 | ---D | M] -- C:\windows\sysnative\winevt
[2009/07/13 21:37:46 | 000,000,000 | ---D | M] -- C:\windows\sysnative\winrm
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\zh-CN
[2013/02/28 04:35:55 | 000,000,000 | ---D | M] -- C:\windows\sysnative\zh-HK
[2013/02/28 04:35:54 | 000,000,000 | ---D | M] -- C:\windows\sysnative\zh-TW
 
< %Temp%\smtmp\1\*.* >
 
< %Temp%\smtmp\2\*.* >
 
< %Temp%\smtmp\3\*.* >
 
< %Temp%\smtmp\4\*.* >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\syswow64\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\syswow64\drivers\*.sys /90 >
 
< %systemroot%\syswow64\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /rp /s >
 
< %systemroot%\assembly\tmp\*.* /S /MD5 >
 
< %systemroot%\assembly\temp\*.* /S /MD5 >
 
< %systemroot%\assembly\GAC\*.ini >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SystemRoot%\assembly\GAC_MSIL\*.ini >
 
< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 17:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 17:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/13 17:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >
 
< HKEY_CURRENT_USER\Software\MSOLoad /s >
 
< MD5 for: AFD.SYS  >
[2011/12/27 19:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
[2011/12/27 19:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 20:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 18:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 15:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 20:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 01:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 18:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 19:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 19:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 18:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: CSC.SYS  >
[2009/07/13 15:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_fa3d3a8e759850bd\csc.sys
[2010/11/20 01:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys
 
< MD5 for: DFSC.SYS  >
[2009/07/13 15:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=3F1DC527070ACB87E40AFE46EF6DA749 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_e38f1f84ffcceb85\dfsc.sys
[2011/04/26 18:45:11 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=59E1C75E5DDBB70BF5A9C6A34D31B4AC -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_e43734fe18d3f691\dfsc.sys
[2010/11/20 01:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\windows\SysNative\drivers\dfsc.sys
[2010/11/20 01:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
[2011/04/26 18:57:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_e3e4a818ff8ce469\dfsc.sys
 
< MD5 for: DISK.SYS  >
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\windows\SysNative\drivers\disk.sys
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: I8042PRT.SYS  >
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\drivers\i8042prt.sys
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
 
< MD5 for: IASTOR.SYS  >
[2009/08/07 04:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
 
< MD5 for: LSASS.EXE  >
[2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/16 22:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/16 23:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/16 23:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[2012/06/03 23:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012/06/01 21:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BF63CE11A25F3509129888710D5111FC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\windows\SysNative\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011/11/16 22:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
 
< MD5 for: NETBT.SYS  >
[2010/11/20 01:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\windows\SysNative\drivers\netbt.sys
[2010/11/20 01:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 15:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 05:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 05:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 04:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 04:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 05:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 05:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: SERIAL.SYS  >
[2009/07/13 16:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\windows\SysNative\drivers\serial.sys
[2009/07/13 16:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 16:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 17:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: TCPIP.SYS  >
[2011/04/24 21:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2012/10/03 09:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 09:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 05:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/20 22:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/13 22:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2013/01/03 21:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012/03/30 02:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 21:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 03:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013/01/02 21:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2012/08/22 10:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 02:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/13 22:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 17:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 21:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/20 22:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 08:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 03:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/01/02 22:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\windows\SysNative\drivers\tcpip.sys
[2013/01/02 22:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/24 22:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/03 21:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011/06/20 22:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2012/10/03 09:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011/06/20 22:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 08:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012/08/22 10:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 08:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2010/11/20 05:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\drivers\volsnap.sys
[2010/11/20 05:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 05:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 17:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2009/07/13 17:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/13 17:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Cookies] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >


 



#9 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 06:07 AM

Will try TDSSKiller log now. Cannot paste it as I get post too long message when I try to add the reply. Will try to attach it. It attached but I don't understand why I can't paste the results. It worked before. Maybe I did something wrong? I know I followed the steps as you instructed originally. The scan did find 3 threats but none of them had the cure option available. The file size is larger this time than the first log.

 

I unattached the log as I know I am not to send attachments unless intructed to do so. What do you want me to do about the log?



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:24 PM

Posted 06 March 2013 - 07:09 PM

Hi Hikerace. :)

 

 

No need to apologize. I work too and I understand it consumes a lot of time and the spare time is very limited for all of us. :)

 

 

We need to run an OTL Fix


  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Quote"

    :OTL
    O4:64bit: - HKLM..\Run: []  File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not found
    SafeBootMin:64bit: 46856990.sys - Driver
    SafeBootMin:64bit: 76443703.sys - Driver
    SafeBootMin:64bit: 84206778.sys - Driver
    SafeBootMin: 46856990.sys - Driver
    SafeBootMin: 76443703.sys - Driver
    SafeBootMin: 84206778.sys - Driver
    SafeBootNet:64bit: 46856990.sys - Driver
    SafeBootNet:64bit: 76443703.sys - Driver
    SafeBootNet:64bit: 84206778.sys - Driver
    SafeBootNet: 46856990.sys - Driver
    SafeBootNet: 76443703.sys - Driver
    SafeBootNet: 84206778.sys - Driver
    [2013/03/03 18:35:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
    [2010/10/27 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Local\Best_Buy®
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0FF263E8
    :files
    C:\ProgramData\Microsoft\Windows\DRM\*.tmp
    :commands
    [emptytemp]

  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.

 

 

About the TDSSKiller log...Please attach it in your next reply if possible. Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 March 2013 - 08:15 PM

Georgi, Here is the OTL report you requested. I will try to attach the TDSSKiller log to this post or to it's own post if that does not work. Thank you again for all of your help so far.

 

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 46856990.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 76443703.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 84206778.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46856990.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76443703.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84206778.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 46856990.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 76443703.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 84206778.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46856990.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76443703.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84206778.sys\ deleted successfully.
C:\Windows\svchost.exe moved successfully.
C:\Users\Rose\AppData\Local\Best_Buy®\Best_Buy_Software_Install_Url_elvbhqmfqgz5xjhmzmrpdc3hgqwx5mjl\2.3.0.1 folder moved successfully.
C:\Users\Rose\AppData\Local\Best_Buy®\Best_Buy_Software_Install_Url_elvbhqmfqgz5xjhmzmrpdc3hgqwx5mjl folder moved successfully.
C:\Users\Rose\AppData\Local\Best_Buy® folder moved successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
File ptytemp] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03062013_170301

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Attached Files



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:24 PM

Posted 09 March 2013 - 04:22 AM

Hi Hikerace,

 

 

I am sorry for the delay in responding. I made a little upgrade of my PC and I was busy testing the new hardware.

 

 

 

STEP 1

 

 

 

Please re-run TDSSKiller and delete the following object:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user



 
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside Detect TDLFS file system .
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • From the drop-down menu choose delete ONLY for TDSS File System (if present):
    qpUmw.jpg
  • Attach the log in your next reply.

 

 

 

 

 

STEP 2

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

 

 

 

STEP 3



I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

 

 

 

STEP 4



Download Security Check by screen317 from here

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 09 March 2013 - 05:37 AM

Hi Georgi. Thanks for getting back to me and no problem on the delay. I know you have other things to do and I can wait for you to reply when you get the chance. I will follow your steps and post the reports one reply at a time since I had so much trouble last time. I hope that is okay with you.

 

Here is the TDSS log.

 

02:26:17.0535 3864  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:26:18.0315 3864  ============================================================
02:26:18.0315 3864  Current date / time: 2013/03/09 02:26:18.0315
02:26:18.0315 3864  SystemInfo:
02:26:18.0315 3864 
02:26:18.0315 3864  OS Version: 6.1.7601 ServicePack: 1.0
02:26:18.0315 3864  Product type: Workstation
02:26:18.0315 3864  ComputerName: ROSE-LAPTOP
02:26:18.0315 3864  UserName: Rose
02:26:18.0315 3864  Windows directory: C:\windows
02:26:18.0315 3864  System windows directory: C:\windows
02:26:18.0315 3864  Running under WOW64
02:26:18.0315 3864  Processor architecture: Intel x64
02:26:18.0315 3864  Number of processors: 1
02:26:18.0315 3864  Page size: 0x1000
02:26:18.0315 3864  Boot type: Normal boot
02:26:18.0315 3864  ============================================================
02:26:19.0579 3864  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:26:19.0579 3864  ============================================================
02:26:19.0579 3864  \Device\Harddisk0\DR0:
02:26:19.0579 3864  MBR partitions:
02:26:19.0579 3864  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800
02:26:19.0579 3864  ============================================================
02:26:19.0626 3864  C: <-> \Device\Harddisk0\DR0\Partition1
02:26:19.0626 3864  ============================================================
02:26:19.0626 3864  Initialize success
02:26:19.0626 3864  ============================================================
02:27:20.0466 4636  ============================================================
02:27:20.0466 4636  Scan started
02:27:20.0466 4636  Mode: Manual; TDLFS;
02:27:20.0466 4636  ============================================================
02:27:21.0714 4636  ================ Scan system memory ========================
02:27:21.0714 4636  System memory - ok
02:27:21.0714 4636  ================ Scan services =============================
02:27:22.0182 4636  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
02:27:22.0213 4636  1394ohci - ok
02:27:22.0353 4636  24696867 - ok
02:27:22.0463 4636  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
02:27:22.0478 4636  ACPI - ok
02:27:22.0572 4636  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
02:27:22.0681 4636  AcpiPmi - ok
02:27:24.0023 4636  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:27:24.0085 4636  AdobeFlashPlayerUpdateSvc - ok
02:27:24.0272 4636  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
02:27:24.0350 4636  adp94xx - ok
02:27:24.0522 4636  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
02:27:24.0584 4636  adpahci - ok
02:27:24.0678 4636  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
02:27:24.0678 4636  adpu320 - ok
02:27:24.0725 4636  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
02:27:24.0725 4636  AeLookupSvc - ok
02:27:24.0912 4636  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
02:27:24.0943 4636  AFD - ok
02:27:25.0037 4636  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
02:27:25.0099 4636  agp440 - ok
02:27:25.0161 4636  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
02:27:25.0614 4636  ALG - ok
02:27:25.0692 4636  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
02:27:25.0754 4636  aliide - ok
02:27:25.0801 4636  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
02:27:25.0895 4636  amdide - ok
02:27:25.0941 4636  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
02:27:25.0988 4636  AmdK8 - ok
02:27:26.0035 4636  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
02:27:26.0035 4636  AmdPPM - ok
02:27:26.0113 4636  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
02:27:26.0144 4636  amdsata - ok
02:27:26.0285 4636  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
02:27:26.0347 4636  amdsbs - ok
02:27:26.0409 4636  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
02:27:26.0409 4636  amdxata - ok
02:27:26.0550 4636  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
02:27:26.0628 4636  AppID - ok
02:27:26.0690 4636  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
02:27:26.0706 4636  AppIDSvc - ok
02:27:26.0831 4636  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
02:27:26.0831 4636  Appinfo - ok
02:27:26.0987 4636  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
02:27:27.0049 4636  arc - ok
02:27:27.0096 4636  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
02:27:27.0127 4636  arcsas - ok
02:27:27.0158 4636  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
02:27:27.0236 4636  AsyncMac - ok
02:27:27.0283 4636  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
02:27:27.0283 4636  atapi - ok
02:27:27.0626 4636  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\windows\system32\DRIVERS\athrx.sys
02:27:27.0642 4636  athr - ok
02:27:27.0782 4636  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:27:27.0782 4636  AudioEndpointBuilder - ok
02:27:27.0829 4636  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
02:27:27.0829 4636  AudioSrv - ok
02:27:27.0938 4636  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
02:27:27.0969 4636  AxInstSV - ok
02:27:28.0047 4636  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
02:27:28.0079 4636  b06bdrv - ok
02:27:28.0141 4636  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
02:27:28.0157 4636  b57nd60a - ok
02:27:28.0266 4636  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
02:27:28.0281 4636  BDESVC - ok
02:27:28.0313 4636  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
02:27:28.0313 4636  Beep - ok
02:27:28.0484 4636  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
02:27:28.0484 4636  BFE - ok
02:27:28.0812 4636  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
02:27:28.0827 4636  BHDrvx64 - ok
02:27:28.0952 4636  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
02:27:28.0952 4636  BITS - ok
02:27:29.0030 4636  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
02:27:29.0061 4636  blbdrive - ok
02:27:29.0108 4636  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
02:27:29.0108 4636  bowser - ok
02:27:29.0124 4636  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
02:27:29.0139 4636  BrFiltLo - ok
02:27:29.0171 4636  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
02:27:29.0171 4636  BrFiltUp - ok
02:27:29.0202 4636  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
02:27:29.0217 4636  Browser - ok
02:27:29.0295 4636  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
02:27:29.0295 4636  Brserid - ok
02:27:29.0327 4636  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
02:27:29.0358 4636  BrSerWdm - ok
02:27:29.0389 4636  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
02:27:29.0405 4636  BrUsbMdm - ok
02:27:29.0436 4636  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
02:27:29.0467 4636  BrUsbSer - ok
02:27:29.0498 4636  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
02:27:29.0514 4636  BTHMODEM - ok
02:27:29.0561 4636  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
02:27:29.0607 4636  bthserv - ok
02:27:29.0795 4636  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
02:27:29.0795 4636  ccHP - ok
02:27:29.0810 4636  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
02:27:29.0826 4636  cdfs - ok
02:27:29.0888 4636  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
02:27:29.0888 4636  cdrom - ok
02:27:29.0951 4636  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
02:27:29.0951 4636  CertPropSvc - ok
02:27:29.0997 4636  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
02:27:30.0013 4636  circlass - ok
02:27:30.0075 4636  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
02:27:30.0075 4636  CLFS - ok
02:27:30.0153 4636  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:27:30.0169 4636  clr_optimization_v2.0.50727_32 - ok
02:27:30.0247 4636  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:27:30.0263 4636  clr_optimization_v2.0.50727_64 - ok
02:27:30.0325 4636  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:27:30.0356 4636  clr_optimization_v4.0.30319_32 - ok
02:27:30.0403 4636  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:27:30.0403 4636  clr_optimization_v4.0.30319_64 - ok
02:27:30.0434 4636  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
02:27:30.0434 4636  CmBatt - ok
02:27:30.0481 4636  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
02:27:30.0497 4636  cmdide - ok
02:27:30.0543 4636  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
02:27:30.0543 4636  CNG - ok
02:27:30.0621 4636  [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
02:27:30.0621 4636  CnxtHdAudService - ok
02:27:30.0684 4636  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
02:27:30.0684 4636  Compbatt - ok
02:27:30.0731 4636  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
02:27:30.0746 4636  CompositeBus - ok
02:27:30.0762 4636  COMSysApp - ok
02:27:30.0793 4636  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
02:27:30.0809 4636  crcdisk - ok
02:27:30.0918 4636  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
02:27:30.0918 4636  CryptSvc - ok
02:27:30.0996 4636  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
02:27:31.0011 4636  DcomLaunch - ok
02:27:31.0027 4636  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
02:27:31.0074 4636  defragsvc - ok
02:27:31.0167 4636  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
02:27:31.0167 4636  DfsC - ok
02:27:31.0292 4636  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
02:27:31.0292 4636  Dhcp - ok
02:27:31.0323 4636  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
02:27:31.0323 4636  discache - ok
02:27:31.0386 4636  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
02:27:31.0386 4636  Disk - ok
02:27:31.0433 4636  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
02:27:31.0433 4636  Dnscache - ok
02:27:31.0495 4636  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
02:27:31.0511 4636  dot3svc - ok
02:27:31.0557 4636  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
02:27:31.0573 4636  DPS - ok
02:27:31.0682 4636  [ BB45013A0E6EC0F39BE4EF663FF2E993 ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
02:27:31.0698 4636  DragonSvc - ok
02:27:31.0745 4636  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
02:27:31.0760 4636  drmkaud - ok
02:27:31.0823 4636  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
02:27:31.0838 4636  DXGKrnl - ok
02:27:31.0869 4636  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
02:27:31.0869 4636  EapHost - ok
02:27:31.0963 4636  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
02:27:32.0072 4636  ebdrv - ok
02:27:32.0119 4636  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:27:32.0119 4636  eeCtrl - ok
02:27:32.0150 4636  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
02:27:32.0150 4636  EFS - ok
02:27:32.0228 4636  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
02:27:32.0259 4636  ehRecvr - ok
02:27:32.0306 4636  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
02:27:32.0306 4636  ehSched - ok
02:27:32.0353 4636  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
02:27:32.0384 4636  elxstor - ok
02:27:32.0447 4636  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
02:27:32.0462 4636  EpsonBidirectionalService - ok
02:27:32.0525 4636  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:27:32.0525 4636  EraserUtilRebootDrv - ok
02:27:32.0556 4636  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
02:27:32.0571 4636  ErrDev - ok
02:27:32.0649 4636  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
02:27:32.0649 4636  EventSystem - ok
02:27:32.0696 4636  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
02:27:32.0696 4636  exfat - ok
02:27:32.0727 4636  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
02:27:32.0743 4636  fastfat - ok
02:27:32.0805 4636  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
02:27:32.0821 4636  Fax - ok
02:27:32.0852 4636  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
02:27:32.0868 4636  fdc - ok
02:27:32.0899 4636  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
02:27:32.0915 4636  fdPHost - ok
02:27:32.0930 4636  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
02:27:32.0930 4636  FDResPub - ok
02:27:32.0946 4636  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
02:27:32.0946 4636  FileInfo - ok
02:27:32.0961 4636  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
02:27:32.0977 4636  Filetrace - ok
02:27:33.0008 4636  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
02:27:33.0024 4636  flpydisk - ok
02:27:33.0102 4636  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
02:27:33.0102 4636  FltMgr - ok
02:27:33.0164 4636  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
02:27:33.0180 4636  FontCache - ok
02:27:33.0258 4636  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:27:33.0273 4636  FontCache3.0.0.0 - ok
02:27:33.0305 4636  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
02:27:33.0320 4636  FsDepends - ok
02:27:33.0351 4636  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
02:27:33.0367 4636  Fs_Rec - ok
02:27:33.0429 4636  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
02:27:33.0429 4636  fvevol - ok
02:27:33.0492 4636  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
02:27:33.0492 4636  FwLnk - ok
02:27:33.0539 4636  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
02:27:33.0554 4636  gagp30kx - ok
02:27:33.0601 4636  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:27:33.0601 4636  GEARAspiWDM - ok
02:27:33.0663 4636  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
02:27:33.0663 4636  gpsvc - ok
02:27:33.0804 4636  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:27:33.0804 4636  gupdate - ok
02:27:33.0835 4636  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:27:33.0835 4636  gupdatem - ok
02:27:33.0882 4636  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:27:33.0913 4636  gusvc - ok
02:27:33.0960 4636  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
02:27:33.0960 4636  hcw85cir - ok
02:27:34.0007 4636  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:27:34.0007 4636  HdAudAddService - ok
02:27:34.0038 4636  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
02:27:34.0038 4636  HDAudBus - ok
02:27:34.0053 4636  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
02:27:34.0053 4636  HidBatt - ok
02:27:34.0085 4636  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
02:27:34.0100 4636  HidBth - ok
02:27:34.0116 4636  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
02:27:34.0131 4636  HidIr - ok
02:27:34.0147 4636  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
02:27:34.0163 4636  hidserv - ok
02:27:34.0225 4636  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
02:27:34.0225 4636  HidUsb - ok
02:27:34.0272 4636  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
02:27:34.0287 4636  hkmsvc - ok
02:27:34.0334 4636  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:27:34.0334 4636  HomeGroupListener - ok
02:27:34.0381 4636  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:27:34.0381 4636  HomeGroupProvider - ok
02:27:34.0412 4636  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
02:27:34.0428 4636  HpSAMD - ok
02:27:34.0490 4636  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
02:27:34.0506 4636  HTTP - ok
02:27:34.0553 4636  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
02:27:34.0553 4636  hwpolicy - ok
02:27:34.0599 4636  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
02:27:34.0599 4636  i8042prt - ok
02:27:34.0662 4636  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
02:27:34.0662 4636  iaStor - ok
02:27:34.0709 4636  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
02:27:34.0724 4636  iaStorV - ok
02:27:34.0833 4636  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:27:34.0849 4636  IDriverT - ok
02:27:34.0927 4636  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:27:34.0943 4636  idsvc - ok
02:27:35.0052 4636  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys
02:27:35.0052 4636  IDSVia64 - ok
02:27:35.0286 4636  [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
02:27:35.0457 4636  igfx - ok
02:27:35.0520 4636  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
02:27:35.0535 4636  iirsp - ok
02:27:35.0582 4636  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
02:27:35.0598 4636  IKEEXT - ok
02:27:35.0629 4636  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
02:27:35.0645 4636  intelide - ok
02:27:35.0676 4636  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
02:27:35.0676 4636  intelppm - ok
02:27:35.0738 4636  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
02:27:35.0738 4636  IPBusEnum - ok
02:27:35.0785 4636  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
02:27:35.0801 4636  IpFilterDriver - ok
02:27:35.0863 4636  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
02:27:35.0863 4636  iphlpsvc - ok
02:27:35.0925 4636  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
02:27:35.0925 4636  IPMIDRV - ok
02:27:35.0972 4636  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
02:27:35.0972 4636  IPNAT - ok
02:27:36.0003 4636  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
02:27:36.0003 4636  IRENUM - ok
02:27:36.0035 4636  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
02:27:36.0035 4636  isapnp - ok
02:27:36.0050 4636  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
02:27:36.0066 4636  iScsiPrt - ok
02:27:36.0097 4636  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
02:27:36.0097 4636  kbdclass - ok
02:27:36.0175 4636  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
02:27:36.0191 4636  kbdhid - ok
02:27:36.0222 4636  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
02:27:36.0222 4636  KeyIso - ok
02:27:36.0269 4636  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
02:27:36.0269 4636  KSecDD - ok
02:27:36.0315 4636  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
02:27:36.0315 4636  KSecPkg - ok
02:27:36.0362 4636  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
02:27:36.0362 4636  ksthunk - ok
02:27:36.0409 4636  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
02:27:36.0440 4636  KtmRm - ok
02:27:36.0471 4636  [ 48686C29856F46443952A831424F8D6F ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
02:27:36.0471 4636  L1C - ok
02:27:36.0534 4636  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
02:27:36.0534 4636  LanmanServer - ok
02:27:36.0581 4636  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:27:36.0581 4636  LanmanWorkstation - ok
02:27:36.0659 4636  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
02:27:36.0659 4636  lltdio - ok
02:27:36.0721 4636  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
02:27:36.0737 4636  lltdsvc - ok
02:27:36.0752 4636  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
02:27:36.0752 4636  lmhosts - ok
02:27:36.0799 4636  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
02:27:36.0799 4636  LSI_FC - ok
02:27:36.0830 4636  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
02:27:36.0830 4636  LSI_SAS - ok
02:27:36.0861 4636  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
02:27:36.0861 4636  LSI_SAS2 - ok
02:27:36.0877 4636  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
02:27:36.0893 4636  LSI_SCSI - ok
02:27:36.0908 4636  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
02:27:36.0924 4636  luafv - ok
02:27:36.0955 4636  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
02:27:36.0986 4636  Mcx2Svc - ok
02:27:37.0017 4636  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
02:27:37.0033 4636  megasas - ok
02:27:37.0049 4636  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
02:27:37.0064 4636  MegaSR - ok
02:27:37.0111 4636  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
02:27:37.0111 4636  MMCSS - ok
02:27:37.0127 4636  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
02:27:37.0158 4636  Modem - ok
02:27:37.0205 4636  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
02:27:37.0205 4636  monitor - ok
02:27:37.0267 4636  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
02:27:37.0267 4636  mouclass - ok
02:27:37.0298 4636  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
02:27:37.0298 4636  mouhid - ok
02:27:37.0345 4636  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
02:27:37.0345 4636  mountmgr - ok
02:27:37.0392 4636  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
02:27:37.0392 4636  mpio - ok
02:27:37.0439 4636  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
02:27:37.0439 4636  mpsdrv - ok
02:27:37.0501 4636  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
02:27:37.0517 4636  MpsSvc - ok
02:27:37.0548 4636  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
02:27:37.0579 4636  MRxDAV - ok
02:27:37.0610 4636  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
02:27:37.0610 4636  mrxsmb - ok
02:27:37.0657 4636  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
02:27:37.0673 4636  mrxsmb10 - ok
02:27:37.0688 4636  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
02:27:37.0688 4636  mrxsmb20 - ok
02:27:37.0735 4636  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
02:27:37.0735 4636  msahci - ok
02:27:37.0751 4636  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
02:27:37.0782 4636  msdsm - ok
02:27:37.0797 4636  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
02:27:37.0813 4636  MSDTC - ok
02:27:37.0860 4636  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
02:27:37.0875 4636  Msfs - ok
02:27:37.0922 4636  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
02:27:37.0922 4636  mshidkmdf - ok
02:27:37.0969 4636  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
02:27:37.0969 4636  msisadrv - ok
02:27:38.0016 4636  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
02:27:38.0047 4636  MSiSCSI - ok
02:27:38.0047 4636  msiserver - ok
02:27:38.0109 4636  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
02:27:38.0109 4636  MSKSSRV - ok
02:27:38.0141 4636  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
02:27:38.0141 4636  MSPCLOCK - ok
02:27:38.0172 4636  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
02:27:38.0172 4636  MSPQM - ok
02:27:38.0219 4636  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
02:27:38.0234 4636  MsRPC - ok
02:27:38.0281 4636  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
02:27:38.0281 4636  mssmbios - ok
02:27:38.0328 4636  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
02:27:38.0328 4636  MSTEE - ok
02:27:38.0343 4636  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
02:27:38.0343 4636  MTConfig - ok
02:27:38.0359 4636  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
02:27:38.0359 4636  Mup - ok
02:27:38.0468 4636  [ B4187346F54E362DAFFE647B25A58D50 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
02:27:38.0484 4636  N360 - ok
02:27:38.0531 4636  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
02:27:38.0531 4636  napagent - ok
02:27:38.0593 4636  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
02:27:38.0593 4636  NativeWifiP - ok
02:27:38.0718 4636  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130308.017\ENG64.SYS
02:27:38.0718 4636  NAVENG - ok
02:27:38.0780 4636  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130308.017\EX64.SYS
02:27:38.0796 4636  NAVEX15 - ok
02:27:38.0874 4636  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
02:27:38.0889 4636  NDIS - ok
02:27:38.0936 4636  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
02:27:38.0952 4636  NdisCap - ok
02:27:38.0999 4636  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
02:27:38.0999 4636  NdisTapi - ok
02:27:39.0045 4636  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
02:27:39.0045 4636  Ndisuio - ok
02:27:39.0092 4636  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
02:27:39.0092 4636  NdisWan - ok
02:27:39.0139 4636  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
02:27:39.0170 4636  NDProxy - ok
02:27:39.0233 4636  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
02:27:39.0233 4636  NetBIOS - ok
02:27:39.0279 4636  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
02:27:39.0279 4636  NetBT - ok
02:27:39.0295 4636  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
02:27:39.0295 4636  Netlogon - ok
02:27:39.0342 4636  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
02:27:39.0357 4636  Netman - ok
02:27:39.0389 4636  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
02:27:39.0389 4636  netprofm - ok
02:27:39.0435 4636  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:27:39.0467 4636  NetTcpPortSharing - ok
02:27:39.0545 4636  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
02:27:39.0545 4636  nfrd960 - ok
02:27:39.0607 4636  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
02:27:39.0607 4636  NlaSvc - ok
02:27:39.0638 4636  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
02:27:39.0654 4636  Npfs - ok
02:27:39.0685 4636  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
02:27:39.0685 4636  nsi - ok
02:27:39.0732 4636  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
02:27:39.0732 4636  nsiproxy - ok
02:27:39.0810 4636  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
02:27:39.0888 4636  Ntfs - ok
02:27:39.0919 4636  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
02:27:39.0935 4636  Null - ok
02:27:39.0966 4636  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
02:27:39.0966 4636  nvraid - ok
02:27:40.0028 4636  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
02:27:40.0028 4636  nvstor - ok
02:27:40.0059 4636  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
02:27:40.0059 4636  nv_agp - ok
02:27:40.0075 4636  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
02:27:40.0091 4636  ohci1394 - ok
02:27:40.0184 4636  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:27:40.0215 4636  ose - ok
02:27:40.0403 4636  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:27:40.0543 4636  osppsvc - ok
02:27:40.0590 4636  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
02:27:40.0590 4636  p2pimsvc - ok
02:27:40.0637 4636  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
02:27:40.0668 4636  p2psvc - ok
02:27:40.0699 4636  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
02:27:40.0699 4636  Parport - ok
02:27:40.0761 4636  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
02:27:40.0761 4636  partmgr - ok
02:27:40.0793 4636  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
02:27:40.0793 4636  PcaSvc - ok
02:27:40.0839 4636  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
02:27:40.0839 4636  pci - ok
02:27:40.0855 4636  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
02:27:40.0871 4636  pciide - ok
02:27:40.0902 4636  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
02:27:40.0917 4636  pcmcia - ok
02:27:40.0949 4636  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
02:27:40.0949 4636  pcw - ok
02:27:40.0964 4636  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
02:27:40.0980 4636  PEAUTH - ok
02:27:41.0042 4636  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
02:27:41.0058 4636  PerfHost - ok
02:27:41.0136 4636  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
02:27:41.0167 4636  pla - ok
02:27:41.0245 4636  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
02:27:41.0245 4636  PlugPlay - ok
02:27:41.0276 4636  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
02:27:41.0292 4636  PNRPAutoReg - ok
02:27:41.0323 4636  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
02:27:41.0323 4636  PNRPsvc - ok
02:27:41.0385 4636  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
02:27:41.0385 4636  PolicyAgent - ok
02:27:41.0432 4636  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
02:27:41.0432 4636  Power - ok
02:27:41.0510 4636  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
02:27:41.0526 4636  PptpMiniport - ok
02:27:41.0604 4636  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
02:27:41.0682 4636  Processor - ok
02:27:41.0775 4636  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
02:27:41.0791 4636  ProfSvc - ok
02:27:41.0822 4636  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
02:27:41.0822 4636  ProtectedStorage - ok
02:27:41.0869 4636  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
02:27:41.0885 4636  Psched - ok
02:27:41.0931 4636  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
02:27:41.0963 4636  ql2300 - ok
02:27:41.0994 4636  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
02:27:41.0994 4636  ql40xx - ok
02:27:42.0025 4636  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
02:27:42.0041 4636  QWAVE - ok
02:27:42.0072 4636  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
02:27:42.0087 4636  QWAVEdrv - ok
02:27:42.0119 4636  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
02:27:42.0119 4636  RasAcd - ok
02:27:42.0165 4636  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
02:27:42.0165 4636  RasAgileVpn - ok
02:27:42.0181 4636  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
02:27:42.0181 4636  RasAuto - ok
02:27:42.0228 4636  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
02:27:42.0228 4636  Rasl2tp - ok
02:27:42.0275 4636  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
02:27:42.0290 4636  RasMan - ok
02:27:42.0337 4636  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
02:27:42.0337 4636  RasPppoe - ok
02:27:42.0368 4636  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
02:27:42.0368 4636  RasSstp - ok
02:27:42.0415 4636  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
02:27:42.0415 4636  rdbss - ok
02:27:42.0431 4636  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
02:27:42.0446 4636  rdpbus - ok
02:27:42.0462 4636  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
02:27:42.0462 4636  RDPCDD - ok
02:27:42.0493 4636  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
02:27:42.0493 4636  RDPENCDD - ok
02:27:42.0524 4636  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
02:27:42.0524 4636  RDPREFMP - ok
02:27:42.0555 4636  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
02:27:42.0602 4636  RDPWD - ok
02:27:42.0665 4636  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
02:27:42.0665 4636  rdyboost - ok
02:27:42.0711 4636  [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi            C:\windows\system32\drivers\regi.sys
02:27:42.0711 4636  regi - ok
02:27:42.0743 4636  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
02:27:42.0758 4636  RemoteAccess - ok
02:27:42.0789 4636  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
02:27:42.0821 4636  RemoteRegistry - ok
02:27:42.0867 4636  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
02:27:42.0867 4636  RpcEptMapper - ok
02:27:42.0883 4636  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
02:27:42.0899 4636  RpcLocator - ok
02:27:42.0961 4636  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
02:27:42.0961 4636  RpcSs - ok
02:27:42.0992 4636  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
02:27:43.0008 4636  rspndr - ok
02:27:43.0055 4636  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
02:27:43.0055 4636  RSUSBSTOR - ok
02:27:43.0070 4636  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
02:27:43.0070 4636  SamSs - ok
02:27:43.0117 4636  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
02:27:43.0133 4636  sbp2port - ok
02:27:43.0179 4636  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
02:27:43.0179 4636  SCardSvr - ok
02:27:43.0226 4636  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
02:27:43.0242 4636  scfilter - ok
02:27:43.0304 4636  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
02:27:43.0304 4636  Schedule - ok
02:27:43.0351 4636  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
02:27:43.0351 4636  SCPolicySvc - ok
02:27:43.0398 4636  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
02:27:43.0429 4636  SDRSVC - ok
02:27:43.0491 4636  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
02:27:43.0507 4636  secdrv - ok
02:27:43.0538 4636  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
02:27:43.0554 4636  seclogon - ok
02:27:43.0585 4636  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
02:27:43.0585 4636  SENS - ok
02:27:43.0616 4636  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
02:27:43.0647 4636  SensrSvc - ok
02:27:43.0679 4636  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
02:27:43.0679 4636  Serenum - ok
02:27:43.0725 4636  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
02:27:43.0725 4636  Serial - ok
02:27:43.0741 4636  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
02:27:43.0741 4636  sermouse - ok
02:27:43.0819 4636  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
02:27:43.0835 4636  SessionEnv - ok
02:27:43.0881 4636  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
02:27:43.0881 4636  sffdisk - ok
02:27:43.0897 4636  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
02:27:43.0897 4636  sffp_mmc - ok
02:27:43.0913 4636  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
02:27:43.0913 4636  sffp_sd - ok
02:27:43.0959 4636  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
02:27:43.0959 4636  sfloppy - ok
02:27:43.0991 4636  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
02:27:44.0006 4636  SharedAccess - ok
02:27:44.0053 4636  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:27:44.0053 4636  ShellHWDetection - ok
02:27:44.0100 4636  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
02:27:44.0115 4636  SiSRaid2 - ok
02:27:44.0147 4636  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
02:27:44.0147 4636  SiSRaid4 - ok
02:27:44.0178 4636  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
02:27:44.0178 4636  Smb - ok
02:27:44.0225 4636  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
02:27:44.0225 4636  SNMPTRAP - ok
02:27:44.0240 4636  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
02:27:44.0240 4636  spldr - ok
02:27:44.0303 4636  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
02:27:44.0303 4636  Spooler - ok
02:27:44.0412 4636  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
02:27:44.0474 4636  sppsvc - ok
02:27:44.0521 4636  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
02:27:44.0552 4636  sppuinotify - ok
02:27:44.0661 4636  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
02:27:44.0661 4636  SRTSP - ok
02:27:44.0708 4636  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
02:27:44.0708 4636  SRTSPX - ok
02:27:44.0771 4636  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
02:27:44.0771 4636  srv - ok
02:27:44.0802 4636  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
02:27:44.0817 4636  srv2 - ok
02:27:44.0833 4636  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
02:27:44.0833 4636  srvnet - ok
02:27:44.0880 4636  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
02:27:44.0880 4636  SSDPSRV - ok
02:27:44.0911 4636  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
02:27:44.0927 4636  SstpSvc - ok
02:27:44.0958 4636  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
02:27:44.0958 4636  stexstor - ok
02:27:45.0036 4636  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
02:27:45.0036 4636  stisvc - ok
02:27:45.0083 4636  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
02:27:45.0083 4636  swenum - ok
02:27:45.0114 4636  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
02:27:45.0129 4636  swprv - ok
02:27:45.0207 4636  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
02:27:45.0207 4636  SymDS - ok
02:27:45.0285 4636  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
02:27:45.0285 4636  SymEFA - ok
02:27:45.0332 4636  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
02:27:45.0332 4636  SymEvent - ok
02:27:45.0379 4636  [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM           C:\windows\system32\DRIVERS\SymIMv.sys
02:27:45.0379 4636  SymIM - ok
02:27:45.0457 4636  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
02:27:45.0457 4636  SymIRON - ok
02:27:45.0504 4636  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
02:27:45.0504 4636  SYMTDIv - ok
02:27:45.0566 4636  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
02:27:45.0566 4636  SynTP - ok
02:27:45.0644 4636  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
02:27:45.0660 4636  SysMain - ok
02:27:45.0691 4636  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
02:27:45.0722 4636  TabletInputService - ok
02:27:45.0738 4636  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
02:27:45.0753 4636  TapiSrv - ok
02:27:45.0785 4636  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
02:27:45.0785 4636  TBS - ok
02:27:45.0863 4636  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
02:27:45.0878 4636  Tcpip - ok
02:27:45.0909 4636  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
02:27:45.0925 4636  TCPIP6 - ok
02:27:45.0972 4636  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
02:27:45.0972 4636  tcpipreg - ok
02:27:46.0019 4636  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
02:27:46.0019 4636  tdcmdpst - ok
02:27:46.0050 4636  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
02:27:46.0065 4636  TDPIPE - ok
02:27:46.0097 4636  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
02:27:46.0112 4636  TDTCP - ok
02:27:46.0190 4636  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
02:27:46.0190 4636  tdx - ok
02:27:46.0221 4636  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
02:27:46.0221 4636  TermDD - ok
02:27:46.0268 4636  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
02:27:46.0284 4636  TermService - ok
02:27:46.0315 4636  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
02:27:46.0315 4636  Themes - ok
02:27:46.0346 4636  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
02:27:46.0346 4636  THREADORDER - ok
02:27:46.0440 4636  [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
02:27:46.0471 4636  TMachInfo - ok
02:27:46.0502 4636  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
02:27:46.0518 4636  TODDSrv - ok
02:27:46.0611 4636  [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
02:27:46.0611 4636  TosCoSrv - ok
02:27:46.0674 4636  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
02:27:46.0674 4636  TOSHIBA HDD SSD Alert Service - ok
02:27:46.0721 4636  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
02:27:46.0721 4636  tos_sps64 - ok
02:27:46.0783 4636  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
02:27:46.0783 4636  TrkWks - ok
02:27:46.0845 4636  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:27:46.0845 4636  TrustedInstaller - ok
02:27:46.0908 4636  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
02:27:46.0923 4636  tssecsrv - ok
02:27:46.0986 4636  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
02:27:46.0986 4636  TsUsbFlt - ok
02:27:47.0048 4636  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
02:27:47.0048 4636  tunnel - ok
02:27:47.0111 4636  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
02:27:47.0111 4636  TVALZ - ok
02:27:47.0142 4636  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
02:27:47.0157 4636  uagp35 - ok
02:27:47.0220 4636  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
02:27:47.0220 4636  udfs - ok
02:27:47.0267 4636  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
02:27:47.0267 4636  UI0Detect - ok
02:27:47.0298 4636  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
02:27:47.0298 4636  uliagpkx - ok
02:27:47.0360 4636  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
02:27:47.0360 4636  umbus - ok
02:27:47.0391 4636  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
02:27:47.0438 4636  UmPass - ok
02:27:47.0485 4636  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
02:27:47.0485 4636  upnphost - ok
02:27:47.0501 4636  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
02:27:47.0501 4636  usbccgp - ok
02:27:47.0563 4636  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
02:27:47.0563 4636  usbcir - ok
02:27:47.0579 4636  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
02:27:47.0594 4636  usbehci - ok
02:27:47.0610 4636  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
02:27:47.0625 4636  usbhub - ok
02:27:47.0641 4636  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
02:27:47.0672 4636  usbohci - ok
02:27:47.0703 4636  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
02:27:47.0703 4636  usbprint - ok
02:27:47.0735 4636  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
02:27:47.0735 4636  USBSTOR - ok
02:27:47.0766 4636  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
02:27:47.0766 4636  usbuhci - ok
02:27:47.0828 4636  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
02:27:47.0828 4636  usbvideo - ok
02:27:47.0859 4636  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
02:27:47.0859 4636  UxSms - ok
02:27:47.0875 4636  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
02:27:47.0875 4636  VaultSvc - ok
02:27:47.0906 4636  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
02:27:47.0906 4636  vdrvroot - ok
02:27:47.0969 4636  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
02:27:47.0984 4636  vds - ok
02:27:48.0031 4636  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
02:27:48.0031 4636  vga - ok
02:27:48.0047 4636  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
02:27:48.0047 4636  VgaSave - ok
02:27:48.0109 4636  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
02:27:48.0109 4636  vhdmp - ok
02:27:48.0156 4636  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
02:27:48.0156 4636  viaide - ok
02:27:48.0187 4636  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
02:27:48.0187 4636  volmgr - ok
02:27:48.0234 4636  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
02:27:48.0234 4636  volmgrx - ok
02:27:48.0265 4636  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
02:27:48.0265 4636  volsnap - ok
02:27:48.0312 4636  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
02:27:48.0343 4636  vsmraid - ok
02:27:48.0405 4636  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
02:27:48.0437 4636  VSS - ok
02:27:48.0452 4636  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
02:27:48.0452 4636  vwifibus - ok
02:27:48.0483 4636  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
02:27:48.0483 4636  vwififlt - ok
02:27:48.0530 4636  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
02:27:48.0530 4636  W32Time - ok
02:27:48.0577 4636  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
02:27:48.0593 4636  WacomPen - ok
02:27:48.0655 4636  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
02:27:48.0655 4636  WANARP - ok
02:27:48.0655 4636  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
02:27:48.0655 4636  Wanarpv6 - ok
02:27:48.0764 4636  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
02:27:48.0811 4636  WatAdminSvc - ok
02:27:48.0889 4636  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
02:27:48.0936 4636  wbengine - ok
02:27:48.0983 4636  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
02:27:49.0014 4636  WbioSrvc - ok
02:27:49.0045 4636  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
02:27:49.0061 4636  wcncsvc - ok
02:27:49.0092 4636  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:27:49.0092 4636  WcsPlugInService - ok
02:27:49.0123 4636  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
02:27:49.0139 4636  Wd - ok
02:27:49.0185 4636  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
02:27:49.0201 4636  Wdf01000 - ok
02:27:49.0232 4636  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
02:27:49.0232 4636  WdiServiceHost - ok
02:27:49.0248 4636  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
02:27:49.0248 4636  WdiSystemHost - ok
02:27:49.0295 4636  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
02:27:49.0310 4636  WebClient - ok
02:27:49.0341 4636  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
02:27:49.0357 4636  Wecsvc - ok
02:27:49.0388 4636  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
02:27:49.0388 4636  wercplsupport - ok
02:27:49.0419 4636  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
02:27:49.0451 4636  WerSvc - ok
02:27:49.0497 4636  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
02:27:49.0497 4636  WfpLwf - ok
02:27:49.0544 4636  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
02:27:49.0544 4636  WIMMount - ok
02:27:49.0575 4636  WinDefend - ok
02:27:49.0591 4636  WinHttpAutoProxySvc - ok
02:27:49.0638 4636  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
02:27:49.0638 4636  Winmgmt - ok
02:27:49.0716 4636  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
02:27:49.0747 4636  WinRM - ok
02:27:49.0825 4636  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
02:27:49.0841 4636  Wlansvc - ok
02:27:49.0965 4636  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:27:49.0981 4636  wlidsvc - ok
02:27:50.0028 4636  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
02:27:50.0043 4636  WmiAcpi - ok
02:27:50.0106 4636  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
02:27:50.0106 4636  wmiApSrv - ok
02:27:50.0137 4636  WMPNetworkSvc - ok
02:27:50.0168 4636  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
02:27:50.0184 4636  WPCSvc - ok
02:27:50.0231 4636  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
02:27:50.0231 4636  WPDBusEnum - ok
02:27:50.0277 4636  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
02:27:50.0293 4636  ws2ifsl - ok
02:27:50.0324 4636  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
02:27:50.0324 4636  wscsvc - ok
02:27:50.0340 4636  WSearch - ok
02:27:50.0433 4636  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
02:27:50.0449 4636  wuauserv - ok
02:27:50.0511 4636  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
02:27:50.0527 4636  WudfPf - ok
02:27:50.0558 4636  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
02:27:50.0558 4636  WUDFRd - ok
02:27:50.0621 4636  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
02:27:50.0636 4636  wudfsvc - ok
02:27:50.0683 4636  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
02:27:50.0683 4636  WwanSvc - ok
02:27:50.0714 4636  ================ Scan global ===============================
02:27:50.0761 4636  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
02:27:50.0808 4636  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
02:27:50.0808 4636  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
02:27:50.0855 4636  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
02:27:50.0870 4636  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
02:27:50.0870 4636  [Global] - ok
02:27:50.0886 4636  ================ Scan MBR ==================================
02:27:50.0901 4636  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
02:27:51.0089 4636  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:27:51.0089 4636  \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:27:51.0104 4636  ================ Scan VBR ==================================
02:27:51.0135 4636  [ 12ED94B2A4568D7A52620F742AD8B077 ] \Device\Harddisk0\DR0\Partition1
02:27:51.0135 4636  \Device\Harddisk0\DR0\Partition1 - ok
02:27:51.0135 4636  ============================================================
02:27:51.0135 4636  Scan finished
02:27:51.0135 4636  ============================================================
02:27:51.0151 4628  Detected object count: 1
02:27:51.0151 4628  Actual detected object count: 1
02:28:35.0814 4628  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
02:28:35.0892 4628  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
02:28:35.0923 4628  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
02:28:35.0939 4628  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
02:28:35.0939 4628  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
02:28:35.0954 4628  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
02:28:35.0954 4628  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
02:28:35.0970 4628  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:28:35.0986 4628  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:28:35.0986 4628  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
02:28:36.0001 4628  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
02:28:36.0001 4628  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
02:28:36.0017 4628  \Device\Harddisk0\DR0\TDLFS - deleted
02:28:36.0017 4628  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
02:28:56.0687 3912  Deinitialize success
 



#14 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 09 March 2013 - 05:50 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rose :: ROSE-LAPTOP [administrator]

3/9/2013 2:41:48 AM
mbam-log-2013-03-09 (02-41-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213955
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Delete on reboot.

Registry Keys Detected: 12
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Delete on reboot.
C:\Users\Rose\AppData\Local\Temp\0.8765305267555101 (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)



#15 Hikerace

Hikerace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 09 March 2013 - 08:50 AM

ESETSCAN Results

 

C:\$Recycle.Bin\S-1-5-21-1841574715-1070097531-57198043-1000\$R14L09B.exe probably a variant of Win32/InstallIQ application
C:\$Recycle.Bin\S-1-5-21-1841574715-1070097531-57198043-1000\$RBQ3SOS.exe probably a variant of Win32/InstallIQ application
C:\$Recycle.Bin\S-1-5-21-1841574715-1070097531-57198043-1000\$RCKP4KJ.exe Win32/DownloadAdmin.G application
C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll a variant of Win32/Toolbar.CrossRider.A application
C:\Program Files (x86)\Coupon Companion Plugin\Uninstall.exe multiple threats
C:\TDSSKiller_Quarantine\05.03.2013_08.30.04\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\05.03.2013_08.30.04\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\09.03.2013_02.26.18\tdlfs0000\tsk0000.dta Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\09.03.2013_02.26.18\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
Operating memory a variant of Win32/Toolbar.CrossRider.A application






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users