# Trojan removed now creating pwd protected files



## 7dees (Oct 4, 2009)

I have been having issues again with buggy browsers slow operation and a few instances of blue screens. I have been keeping malwarebytes activated and run avast regularly but over the past few weeks the virus scans will not complete because of many password protected files being randomly created by something or someone other than me. My wife nor I would have no reason to create any password protected files so I suspect malware at work.
Please advise.
Thank you

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 1
RAM: 3070 Mb
Graphics Card: ATI Radeon HD 4300/4500 Series, 512 Mb
Hard Drives: C: Total - 305164 MB, Free - 88024 MB;
Motherboard: Dell Inc., 0GH003
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:29 PM, on 5/17/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dave\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {adff4c9a-4f49-4a1f-8885-360e107b7938} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (file missing)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Documents and Settings\Dave\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [Bomgar_Cleanup_ZD200653115608] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-0x5377e6bf" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD200653115608 /f
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://get.adobe.com
O15 - Trusted Zone: http://support.apple.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://www.homechannelnews.com
O15 - Trusted Zone: http://*.secunia.com
O15 - Trusted Zone: http://www.vevo.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1356485608921
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1345999640203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: StumbleUponUpdateService - Unknown owner - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (file missing)
--
End of file - 15945 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by Dave at 19:41:23 on 2014-05-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2053 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - 
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSystemDetect] c:\documents and settings\dave\start menu\programs\dell\Dell System Detect.appref-ms
uRun: [Bomgar_Cleanup_ZD200653115608] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-0x5377e6bf" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD200653115608 /f
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dave\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356485608921
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345999640203
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FABA57E8-3BAA-4FB3-B0FA-B10C8B8A4711} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-13 180632]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-2-7 6097]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2006-2-14 164256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-4-13 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-13 411680]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-7 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-13 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-13 50344]
R2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-5-17 18224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-6 54760]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-4-5 50648]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-5 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-5 857912]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [2007-10-5 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2007-10-5 23376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-9 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-5 107736]
S0 kwlojb;kwlojb;c:\windows\system32\drivers\rkjqe.sys --> c:\windows\system32\drivers\rkjqe.sys [?]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe -k HPHNDUService [2004-8-4 14336]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-6-29 202280]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdxp3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-2-7 299923]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\stumbleupon\stumbleuponupdateservice.exe" --> c:\program files\stumbleupon\StumbleUponUpdateService.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-05-17 22:47:17 9216 ----a-w- c:\documents and settings\all users\application data\[email protected]!-705ee601-708a-4cc6-8d9e-8b2a0dae6346.tmp
2014-05-17 22:29:07 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
2014-05-17 20:45:08 -------- d-sh--w- C:\Jumpshot
2014-05-17 20:42:10 -------- d-----w- c:\windows\jumpshot.com
2014-05-17 15:13:50 -------- d-----w- c:\program files\Screen+
2014-05-17 15:12:53 -------- d-----w- c:\program files\e-Saver
2014-05-08 13:48:42 227704 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-07 10:15:55 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-07 10:15:52 43152 ----a-w- c:\windows\avastSS.scr
2014-04-20 11:31:10 -------- d-sh--w- C:\found.000
2014-04-19 12:26:40 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-19 12:26:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-05-17 23:07:02 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 15:21:02 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 15:21:01 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 10:15:08 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-07 10:15:53 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1399889707500
2014-05-07 10:15:53 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-07 10:15:53 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1399889707500
2014-05-07 10:15:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-07 10:15:53 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-03 13:51:06 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2007-06-29 02:58:43 774144 ---ha-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 19:42:53.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2006 7:28:52 PM
System Uptime: 5/17/2014 6:34:21 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GH003
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 85.961 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\PRINTER\0000
Service: 
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
.
==== System Restore Points ===================
.
RP3305: 4/5/2014 8:13:17 PM - Software Distribution Service 3.0
RP3306: 4/5/2014 11:08:21 PM - System Checkpoint
RP3307: 4/5/2014 11:19:57 PM - Removed WD Drive Utilities
RP3308: 4/5/2014 11:28:47 PM - Removed WD Security
RP3309: 4/5/2014 11:30:46 PM - Removed WD Quick View
RP3310: 4/5/2014 11:32:36 PM - Removed WD SmartWare
RP3311: 4/5/2014 11:33:52 PM - WD SmartWare Installer
RP3312: 4/5/2014 11:33:57 PM - WD SmartWare Installer
RP3313: 4/6/2014 11:25:58 PM - Software Distribution Service 3.0
RP3314: 4/7/2014 11:26:08 PM - Software Distribution Service 3.0
RP3315: 4/8/2014 11:25:25 PM - Software Distribution Service 3.0
RP3316: 4/9/2014 3:00:23 AM - Software Distribution Service 3.0
RP3317: 4/9/2014 11:25:09 PM - Software Distribution Service 3.0
RP3318: 4/11/2014 12:20:11 AM - System Checkpoint
RP3319: 4/11/2014 10:15:53 AM - Software Distribution Service 3.0
RP3320: 4/12/2014 12:37:41 AM - Software Distribution Service 3.0
RP3321: 4/12/2014 10:16:17 AM - Software Distribution Service 3.0
RP3322: 4/13/2014 10:16:43 AM - Software Distribution Service 3.0
RP3323: 4/13/2014 2:14:17 PM - avast! antivirus system restore point
RP3324: 4/13/2014 7:39:11 PM - Removed Windows Defender
RP3325: 4/14/2014 9:10:55 PM - System Checkpoint
RP3326: 4/16/2014 12:27:56 AM - System Checkpoint
RP3327: 4/17/2014 1:24:09 AM - System Checkpoint
RP3328: 4/17/2014 10:03:43 PM - Removed Java 7 Update 25
RP3329: 4/19/2014 8:25:52 AM - Installed Java 7 Update 55
RP3330: 4/20/2014 9:29:47 AM - System Checkpoint
RP3331: 4/21/2014 5:39:18 PM - System Checkpoint
RP3332: 4/23/2014 4:30:03 AM - System Checkpoint
RP3333: 4/29/2014 1:09:09 PM - System Checkpoint
RP3334: 4/30/2014 1:22:39 PM - System Checkpoint
RP3335: 5/1/2014 1:53:58 PM - System Checkpoint
RP3336: 5/2/2014 11:08:08 PM - System Checkpoint
RP3337: 5/3/2014 3:00:18 AM - Software Distribution Service 3.0
RP3338: 5/4/2014 3:21:14 AM - System Checkpoint
RP3339: 5/5/2014 4:57:43 AM - System Checkpoint
RP3340: 5/6/2014 10:02:46 AM - System Checkpoint
RP3341: 5/7/2014 6:15:28 AM - avast! antivirus system restore point
RP3342: 5/8/2014 6:28:13 AM - System Checkpoint
RP3343: 5/9/2014 12:39:07 PM - System Checkpoint
RP3344: 5/13/2014 9:33:14 PM - System Checkpoint
RP3345: 5/14/2014 9:37:06 PM - System Checkpoint
RP3346: 5/15/2014 3:00:20 AM - Software Distribution Service 3.0
RP3347: 5/16/2014 4:01:06 AM - System Checkpoint
RP3348: 5/17/2014 4:37:06 AM - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7500_7600_7700_Help
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.07)
AIM 7
AMD Catalyst Install Manager
Any Video Converter 5.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares Tube 3.0
Audacity 1.2.6
avast! Free Antivirus
AVS DVDtoGO 1.4.2
Bing Maps 3D
BitPim 1.0.6
Bonjour
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center InstallProxy
CCScore
Cisco Connect
cladDVD .NET v3.5.6
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Content Transfer
Counter-Strike: Source
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
Dropbox
e-Saver version 3.1
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
eSupportQFolder
Family Tree Maker 2011
Fax
Free WMA to MP3 Converter 1.16
Garry's Mod
Global Star Software
Google Apps
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Grand Theft Auto: San Andreas
Half-Life 2: Episode One
Half-Life 2: Episode Two
Handbrake 2.4.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Image Plugin
Intel(R) 537EP V9x DF PCI Modem
iPodRip
iTunes
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
kgcbase
Kodak EasyShare software
KSU
L7600
LG USB Drivers
LG USB Modem driver
LimeWire 5.5.8
Malwarebytes Anti-Malware version 2.0.1.1004
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Cubicle Chaos for Pocket PC (Remove Only)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WSE 3.0 Runtime
MPM
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
NetDeviceManager
NoniGPSPlot
Notifier
NWZ-E350 WALKMAN Guide
OfotoXMI
OGA Notifier 2.0.0048.0
OTtBP
OTtBPSDK
pdfFactory
Pivot Stickfigure Animator
Portal
ProductContext
Qtrax 0.2beta (20080125)
Quicken 2006
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.95
Road Runner Medic 6.1
Savings Bond Wizard
Scan
SeaTools for Windows
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
SKIN0001
SKINXSDK
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SoundMAX
Source SDK
Source SDK Base
SpywareBlaster 5.0
staticcr
Status
StumbleUpon IE Toolbar
System Requirements Lab for Intel
Team Fortress 2
Toolbox
TOSHIBA gigabeat applications
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
V CAST Music
VC 9.0 Runtime
VPRINTOL
WebFldrs XP
WebReg
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WOT for Internet Explorer
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/17/2014 4:35:54 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 89d8c978, parameter3 89d8caec, parameter4 80605682.
5/17/2014 4:11:51 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000034, parameter2 00000002, parameter3 00000000, parameter4 f7b1cfef.
5/17/2014 3:46:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPSLPSVC service.
5/17/2014 3:17:03 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000028, parameter2 00000002, parameter3 00000000, parameter4 f7b1d7db.
5/17/2014 12:49:53 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000034, parameter2 00000002, parameter3 00000000, parameter4 f7b1ceb7.
5/11/2014 8:11:55 AM, error: Print [23] - Printer HP OfficeJet T Series Printer failed to initialize because a suitable HP OfficeJet T Series Printer driver could not be found.
5/11/2014 8:11:43 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
5/11/2014 8:10:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KmxFile
5/11/2014 8:09:59 AM, error: Ma730Pt [18] - 
5/11/2014 8:09:57 AM, error: Service Control Manager [7023] - The Server service terminated with the following error: The specified driver is invalid.
5/11/2014 8:09:57 AM, error: Service Control Manager [7023] - The HP Home Network Diagnostic Support Service service terminated with the following error: The specified module could not be found.
5/11/2014 8:09:57 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The specified driver is invalid.
5/11/2014 8:09:57 AM, error: Service Control Manager [7000] - The KmxCF service failed to start due to the following error: A device attached to the system is not functioning.
5/10/2014 7:22:40 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
5/10/2014 7:22:36 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
.
==== End Of File ===========================

Continued in next window


----------



## 7dees (Oct 4, 2009)

ontinued from above

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-17 20:55:54
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 298.02GB
Running: isehhxe5.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\fwldqpob.sys

---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9D0B7AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9D0B857E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwClose [0x9D0FC85D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9D0C45C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9D0C4614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9D0C47AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9D0FC211]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9D0C4536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9D0C4658]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9D0C457E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9D0B8AB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9D0C4768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9D0B936C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9D0B7B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9D0FCF23]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9D0FD1D9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9D0BCB40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9D0FCD8E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9D0FCBF9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9D0B76F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwMapViewOfSection [0x9D3187B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9D0B7B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9D0BCF36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9D0B9E54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9D0C45F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9D0C4636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9D0C47D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9D0FC56D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9D0C455C]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenProcess [0xAF96D220]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9D0C46E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9D0C45A6]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenThread [0xAF96D388]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9D0C478C]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9D318556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9D0FCA74]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9D0B9CC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9D0FC8C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x9D0B981E]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwRenameKey [0x9D326526]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9D0FB857]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9D0B7BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9D0B7C38]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9D0B91E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9D0B778C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9D0B795E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9D0FD02A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9D0B78EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x9D0B9536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9D0B9698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9D0B79E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0x9D0B9024]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x9D0B91C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9D0B7C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0x9D0B85DA]
Code \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) KeInsertQueueApc
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [D2, 7B, 0B, 9D, 38, 7C, 0B, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [36, 95, 0B, 9D, 98, 96, 0B, ...]
.text ntoskrnl.exe!KeInsertQueueApc 804E5C2F 5 Bytes JMP AF96E360 \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576715 4 Bytes CALL 9D0BA501 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\spssys.sys section is writeable [0xBA71D2C0, 0x24932, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FF6000, 0x29C9F0, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xAA3C9760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xA9510F80]
.text win32k.sys!EngFreeUserMem + 674 BF8099C2 3 Bytes JMP 9D0BE82C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 678 BF8099C6 1 Byte [DD]
.text win32k.sys!EngFreeUserMem + 35D1 BF80C91F 3 Bytes JMP 9D0BE70A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D5 BF80C923 1 Byte [DD]
.text win32k.sys!EngDeleteSurface + 45 BF80FDD6 5 Bytes JMP 9D0BE6BE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 44FC BF81F489 5 Bytes JMP 9D0BD19E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF821B96 5 Bytes JMP 9D0BDC94 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82E3B0 5 Bytes JMP 9D0BD2FE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82F52E 5 Bytes JMP 9D0BE9A2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF839EBA 5 Bytes JMP 9D0BEBBC \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8FE BF842934 5 Bytes JMP 9D0BE5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0BA BF8450F0 5 Bytes JMP 9D0BDC76 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F636 BF84666C 5 Bytes JMP 9D0BD39E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86910A 5 Bytes JMP 9D0BDD6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF86B3E8 5 Bytes JMP 9D0BD7D6 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86B473 5 Bytes JMP 9D0BDAB0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF86C049 5 Bytes JMP 9D0BD082 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF871427 5 Bytes JMP 9D0BE75A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67EE BF878651 5 Bytes JMP 9D0BE8E4 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF891936 5 Bytes JMP 9D0BD89C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF892473 5 Bytes JMP 9D0BDA6A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8AF55F 5 Bytes JMP 9D0BDD8A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B2C7D 5 Bytes JMP 9D0BEB14 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C1A6A 5 Bytes JMP 9D0BD4CE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A5B0 BF8EAF87 5 Bytes JMP 9D0BDCB2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFA48 5 Bytes JMP 9D0BCF6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1C17 5 Bytes JMP 9D0BD5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F1E97 5 Bytes JMP 9D0BD6FA \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914AE8 5 Bytes JMP 9D0BD286 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEC BF914D94 5 Bytes JMP 9D0BDE34 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF9156BC 5 Bytes JMP 9D0BD466 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F95 BF91803D 5 Bytes JMP 9D0BDBD0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191B BF948590 5 Bytes JMP 9D0BEA66 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Dave\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\ctfmon.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[2868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2876] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2948] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3056] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Documents and Settings\Dave\Desktop\isehhxe5.exe[5668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Dave\Desktop\isehhxe5.exe[5668] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\[email protected] {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\[email protected] {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\[email protected] {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\[email protected] {00020424-0000-0000-C000-000000000046}
---- EOF - GMER 2.1 ----

That's it per instuctions:up:


----------



## 7dees (Oct 4, 2009)

bump


----------



## 7dees (Oct 4, 2009)

bump


----------



## eddie5659 (Mar 19, 2001)

Hiya

Are you still having this problem? If so, sorry for the delay. Can you run the following tools and we'll go from there 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

-----

*(Vista or Win 7 => right click and Run As Administrator)*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Standard Output*.
At the top, check the box entitled *Scan All Users*
Toward the bottom, check:
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
*Do not change any settings unless otherwise told to do so. *
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
```

Click the *Run Scan* button. The scan wont take long.
A black box will appear, this is part of the custom scan, so don't be alarmed 
*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


Regards

eddie


----------



## 7dees (Oct 4, 2009)

Per Request:

Results of screen317's Security Check version 0.99.85 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
MVPS Hosts File 
*Out of date HijackThis installed!* 
SpywareBlaster 5.0 
Secunia PSI (2.0.0.4003) 
HijackThis 2.0.2 
Java 7 Update 55 
*Java version out of Date!* 
Adobe Reader XI 
Google Chrome 35.0.1916.114 
Google Chrome 35.0.1916.153 
*````````Process Check: objlist.exe by Laurent````````* 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 12% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## eddie5659 (Mar 19, 2001)

Thanks, but any joy on the OTL scan?

Your Java is out of date, so lets do that first:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 60 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.










*Accept License Agreement.*".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u60-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u60-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens.


----------



## 7dees (Oct 4, 2009)

Sorry for the delay. Here is the OTL scan.

Results of screen317's Security Check version 0.99.85 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
MVPS Hosts File 
*Out of date HijackThis installed!* 
SpywareBlaster 5.0 
Secunia PSI (2.0.0.4003) 
HijackThis 2.0.2 
Java 7 Update 55 
*Java version out of Date!* 
Adobe Reader XI 
Google Chrome 35.0.1916.114 
Google Chrome 35.0.1916.153 
*````````Process Check: objlist.exe by Laurent````````* 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 12% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## 7dees (Oct 4, 2009)

OK Java is updated


----------



## eddie5659 (Mar 19, 2001)

Good to hear about the Java, but the scan you just posted is the Security Check again 

This is the OTL scan 

*(Vista or Win 7 => right click and Run As Administrator)*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Standard Output*.
At the top, check the box entitled *Scan All Users*
Toward the bottom, check:
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
*Do not change any settings unless otherwise told to do so. *
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
```

Click the *Run Scan* button. The scan wont take long.
A black box will appear, this is part of the custom scan, so don't be alarmed 
*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


Regards

eddie


----------



## 7dees (Oct 4, 2009)

_For some reason I cannot see the OTL scan link on this side_

_All I see is:_

This is the OTL scan

(Eddie, There is just a blank space here in my view.)

*(Vista or Win 7 => right click and Run As Administrator)*

* Doub.......


----------



## eddie5659 (Mar 19, 2001)

Nuts, left out the actual tool by mistake 

Download *OTL* to your Desktop

And then follow the rest of the above. So sorry about that, I may have to look at the logs tomorrow night, as I'm having root canal filling today.....joy


----------



## 7dees (Oct 4, 2009)

OTL logfile created on: 7/1/2014 10:15:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.29% Memory free
4.34 Gb Paging File | 3.36 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.01 Gb Total Space | 83.14 Gb Free Space | 27.90% Space Free | Partition Type: NTFS

Computer Name: KITCHEN | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/01 20:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2014/06/29 16:53:45 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/06/20 13:59:37 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/05 18:15:08 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/19 20:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/07 06:15:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/01 07:48:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/01 20:58:16 | 002,789,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14070100\algo.dll
MOD - [2014/07/01 20:40:15 | 000,043,008 | ---- | M] () -- c:\Documents and Settings\Dave\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidvvs4.dll
MOD - [2014/04/13 14:14:39 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/02 21:09:26 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/02 18:15:02 | 001,542,720 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004/09/07 08:01:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\shlext.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\7zS0B1D\HPHNDUSVC.dll -- (HPHNDUSVC)
SRV - [2014/06/29 16:53:45 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/05/14 11:21:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/07 06:15:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rkjqe.sys -- (kwlojb)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.003\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2014/07/01 20:39:25 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/17 18:29:07 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ei2c.sys -- (ei2c)
DRV - [2014/05/12 07:26:02 | 000,053,208 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/05/12 06:15:08 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/05/12 06:15:08 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/12 06:15:08 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/05/07 06:15:53 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/07 06:15:53 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/07 06:15:53 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/07 06:15:53 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/07 06:15:53 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2011/06/02 12:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/09/21 12:23:22 | 000,103,040 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730Pt.sys -- (Ma730Pt)
DRV - [2005/11/22 14:32:14 | 000,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 15:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/05/07 22:56:20 | 000,164,256 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\spssys.sys -- (Spssys)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes,DefaultScope = {DC199251-75F3-46BE-883C-6B1813B6AA54}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{24B35CFA-7B4D-4944-970B-D0AA566DC971}: "URL" = http://search.about.com/fullsearch.htm?terms={searchTerms}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{3CAC5B07-69D9-4942-9F73-B5138EE98BC7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{7E294B0C-4BAF-4079-93A8-848BF8411410}: "URL" = http://asp.usatoday.com/search/yahoo/search.aspx?qt=both&nr=5&kw={searchTerms}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{80206BF9-E59F-4CD4-A61C-EF35D179BF86}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{8C902FFD-BCD3-4CB7-851A-2CEBD695789E}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{DBCAD0D1-4B42-4C78-BDF0-3577B324624F}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{DC199251-75F3-46BE-883C-6B1813B6AA54}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{F80E78A2-A5BE-4897-8C0B-B32AA0E0E16E}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{FCD22380-6488-4054-9E50-D8D4C76A0DF7}: "URL" = http://www.target.com/gp/search.html?field-keywords={searchTerms}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?js=n
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\URLSearchHook: {20a320d1-d26b-48e5-a301-1dc697606798} - No CLSID value found
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes,DefaultScope = {0624FAA1-E56C-495A-A2B2-134C60CE857C}
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{0624FAA1-E56C-495A-A2B2-134C60CE857C}: "URL" = http://search.conduit.com/ResultsEx...4&ctid=CT3295942&CUI=UN16597787131249209&UM=2
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{397E7E9D-954C-4E6D-AC70-3E4FA5E58DD8}: "URL" = http://us.yhs4.search.yahoo.com/yhs...ype=W3i_DS,221,0_0,Search,20130624,0,0,8,7532
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{39B332E7-49D4-4E24-8BD6-4BDBB9CA7B2B}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:10.0.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/10 08:37:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/24 14:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/01 07:49:29 | 000,000,000 | ---D | M]

[2009/04/12 01:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/04/12 01:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/06/28 23:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\u0pkjrki.default\extensions
[2012/07/29 10:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/29 10:21:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/18 18:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language},
CHR - homepage: http://www.msn.com/?pc=AV01
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: MicrosoftÂ® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: MicrosoftÂ® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: Windows LiveÂ® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2013/07/08 08:35:00 | 000,567,880 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15455 more lines...
O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {adff4c9a-4f49-4a1f-8885-360e107b7938} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1003..\Run: [DellSystemDetect] C:\Documents and Settings\Dave\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1004..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Fred\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: apple.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: apple.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: bestbuy.com ([myrewardzone] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: chase.com ([payments] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: homechannelnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: ingplans.com ([snapon] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: secunia.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: techguy.org ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: techguy.org ([forums] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Domains: vevo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..Trusted Domains: acosta.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..Trusted Domains: bathandbodyworks.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..Trusted Domains: kbb.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..Trusted Domains: mycokerewards.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1356485608921 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1345999640203 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FABA57E8-3BAA-4FB3-B0FA-B10C8B8A4711}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 20:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e06628c3-fcc5-11dd-bf70-001111aed521}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0} - Viewpoint Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpReg: *Aim* - hkey= - key= - C:\Program Files\AIM7\aim.exe (AOL LLC)
MsConfig - StartUpReg: *cafwc* - hkey= - key= - File not found
MsConfig - StartUpReg: *capfasem* - hkey= - key= - File not found
MsConfig - StartUpReg: *capfupgrade* - hkey= - key= - File not found
MsConfig - StartUpReg: *CAVRID* - hkey= - key= - File not found
MsConfig - StartUpReg: *cctray* - hkey= - key= - File not found
MsConfig - StartUpReg: *medicsp2* - hkey= - key= - C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: *TosGbWatcher* - hkey= - key= - C:\Program Files\TOSHIBA\gigabeat room\TosGbWatcher.exe (TOSHIBA CORPORATION)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/07/01 20:54:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2014/06/29 16:54:11 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/06/29 16:54:11 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/06/29 16:53:56 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/06/29 16:53:56 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/06/29 16:53:56 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/06/29 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/06/29 16:38:30 | 029,405,096 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
[2014/06/14 19:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Brian Snap-on Tools
[2007/06/28 22:58:50 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/03/21 06:26:57 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/01 22:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job
[2014/07/01 22:20:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/01 22:12:44 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
[2014/07/01 22:04:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/01 21:44:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job
[2014/07/01 20:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2014/07/01 20:40:56 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/01 20:39:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/01 20:39:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/01 20:39:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/01 20:39:27 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/01 20:39:25 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/01 20:39:18 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/01 20:39:17 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/01 20:39:16 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/01 20:39:15 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2014/07/01 20:39:15 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/01 20:39:15 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/01 20:39:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2014/07/01 20:39:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/01 20:33:43 | 017,524,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2014/07/01 20:33:43 | 007,831,552 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2014/07/01 14:53:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/07/01 13:11:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/01 13:11:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/06/30 22:30:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2014/06/30 22:07:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job
[2014/06/29 16:53:45 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/06/29 16:53:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/06/29 16:53:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/06/29 16:53:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/06/29 16:53:44 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/06/29 16:49:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/29 16:38:31 | 029,405,096 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
[2014/06/28 15:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2014/06/28 11:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/06/26 22:58:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/06/26 22:58:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/06/19 22:04:23 | 000,854,390 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2014/06/18 21:58:54 | 001,003,455 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond back.pdf
[2014/06/18 21:57:36 | 001,290,297 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond front.pdf
[2014/06/15 11:27:50 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to JohnWilsonCarr_family_abt1912.lnk
[2014/06/14 18:30:14 | 001,013,547 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0124.pdf
[2014/06/14 18:29:28 | 000,796,166 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0123.pdf
[2014/06/14 18:27:56 | 001,131,810 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0122.pdf
[2014/06/14 18:26:38 | 000,331,458 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0121.pdf
[2014/06/14 18:26:02 | 000,187,754 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0120.pdf
[2014/06/14 18:25:26 | 000,190,367 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0119.pdf
[2014/06/14 18:24:40 | 000,243,245 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0118.pdf
[2014/06/14 18:24:10 | 000,073,481 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0117.pdf
[2014/06/14 18:23:36 | 000,123,722 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0116.pdf
[2014/06/14 18:23:02 | 000,088,996 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0115.pdf
[2014/06/14 18:22:26 | 000,102,561 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0114.pdf
[2014/06/14 18:21:42 | 000,240,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0113.pdf
[2014/06/14 18:20:58 | 000,243,925 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0112.pdf
[2014/06/14 18:17:06 | 000,052,537 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0111.pdf
[2014/06/14 18:16:30 | 000,252,571 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\scan0110.pdf
[2014/06/08 18:13:12 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/06/07 13:53:11 | 000,727,004 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100_3821.jpg
[2014/06/07 13:34:25 | 001,967,904 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100_3820.jpg
[2014/06/04 15:52:47 | 001,639,753 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100_3819.jpg
[2014/06/04 15:52:45 | 001,611,935 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100_3818.jpg
[2014/06/04 15:52:44 | 000,849,507 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100_3817.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nuhukugo
[2014/07/01 22:12:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
[2014/06/19 22:04:22 | 000,854,390 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2014/06/18 21:59:19 | 001,290,297 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond front.pdf
[2014/06/18 21:59:19 | 001,003,455 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond back.pdf
[2014/06/15 11:27:50 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to JohnWilsonCarr_family_abt1912.lnk
[2014/06/14 19:22:32 | 001,131,810 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0122.pdf
[2014/06/14 19:22:32 | 001,013,547 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0124.pdf
[2014/06/14 19:22:32 | 000,796,166 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0123.pdf
[2014/06/14 19:22:32 | 000,331,458 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0121.pdf
[2014/06/14 19:22:32 | 000,252,571 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0110.pdf
[2014/06/14 19:22:32 | 000,243,925 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0112.pdf
[2014/06/14 19:22:32 | 000,243,245 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0118.pdf
[2014/06/14 19:22:32 | 000,240,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0113.pdf
[2014/06/14 19:22:32 | 000,190,367 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0119.pdf
[2014/06/14 19:22:32 | 000,187,754 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0120.pdf
[2014/06/14 19:22:32 | 000,123,722 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0116.pdf
[2014/06/14 19:22:32 | 000,102,561 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0114.pdf
[2014/06/14 19:22:32 | 000,088,996 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0115.pdf
[2014/06/14 19:22:32 | 000,073,481 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0117.pdf
[2014/06/14 19:22:32 | 000,052,537 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\scan0111.pdf
[2014/06/07 17:31:43 | 001,967,904 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100_3820.jpg
[2014/06/07 17:31:43 | 001,639,753 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100_3819.jpg
[2014/06/07 17:31:43 | 001,611,935 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100_3818.jpg
[2014/06/07 17:31:35 | 000,849,507 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100_3817.jpg
[2014/06/07 17:27:57 | 000,727,004 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100_3821.jpg
[2014/05/07 06:15:55 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/13 14:14:42 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/13 14:14:42 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/09 19:14:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
[2013/10/02 21:57:19 | 000,244,442 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-287218729-682003330-1003-0.dat
[2013/07/20 22:35:37 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/07/20 13:35:50 | 000,244,442 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/16 10:58:51 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\store-pp.jbs
[2009/03/04 19:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\core
[2008/01/08 20:05:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\$_hpcst$.hpc
[2006/02/02 17:32:04 | 000,005,822 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/26 18:21:58 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/01/19 00:56:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
(Eddie-end of part 1)


----------



## 7dees (Oct 4, 2009)

========== ZeroAccess Check ==========

[2006/01/19 00:56:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/22 09:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/10/18 07:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2014/04/13 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/04/11 19:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2006/12/14 17:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/10/12 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2013/06/22 15:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/12 20:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/07/21 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2014/04/10 10:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/03/13 14:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/10/02 21:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/12 10:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promote Installer
[2008/01/31 23:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2008/06/29 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/09/11 21:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/04/05 23:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/08/11 20:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/04/01 23:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 21:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/16 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/18 07:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2010/04/30 06:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\alot
[2011/01/01 15:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AnvSoft
[2014/04/13 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVAST Software
[2014/07/01 20:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Dropbox
[2014/07/01 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DropboxMaster
[2013/09/14 10:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2011/07/30 12:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FamilyTreeMaker
[2008/01/18 21:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Image Zone Express
[2006/01/19 14:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2013/10/02 21:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PCDr
[2007/09/03 15:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Printer Info Cache
[2012/12/09 13:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ShopAtHome
[2008/07/05 16:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\System Tweaker
[2006/01/25 18:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\The Labyrinth Plus! Edition
[2008/07/04 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Uniblue
[2008/12/08 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\webex
[2013/08/11 20:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WindSolutions
[2010/03/15 01:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\acccore
[2006/01/22 17:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Aim
[2010/04/28 12:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\alot
[2012/11/15 07:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\LimeWire
[2009/02/23 14:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\The Creative Assembly
[2007/02/21 23:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\The Labyrinth Plus! Edition
[2014/05/17 16:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\gnupg
[2006/01/21 08:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Aim
[2010/04/28 07:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\alot
[2014/04/13 21:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\AVAST Software
[2011/04/23 13:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\ElevatedDiagnostics
[2008/03/14 13:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Image Zone Express
[2006/01/19 13:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Leadertech
[2007/09/03 17:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Printer Info Cache
[2012/12/09 13:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\ShopAtHome

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: SCSI
Media Type: Fixed\thard disk media
Model: ARRAY
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/10/18 07:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2011/12/28 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Adobe
[2009/07/04 09:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AdobeUM
[2010/04/30 06:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\alot
[2011/01/01 15:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AnvSoft
[2012/05/12 10:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Apple Computer
[2013/07/05 18:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ATI
[2014/04/13 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVAST Software
[2013/10/02 21:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Dell
[2014/07/01 20:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Dropbox
[2014/07/01 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DropboxMaster
[2013/09/14 10:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2011/07/30 12:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FamilyTreeMaker
[2010/08/10 21:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Google
[2006/01/19 00:07:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Dave\Application Data\GTek
[2007/09/03 12:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\HP
[2011/02/25 17:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\HpUpdate
[2006/01/20 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Identities
[2008/01/18 21:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Image Zone Express
[2011/04/10 15:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Intuit
[2006/01/19 14:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2009/11/15 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Macromedia
[2014/04/05 19:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2014/04/05 19:19:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dave\Application Data\Microsoft
[2009/04/12 01:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla
[2013/10/02 21:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PCDr
[2007/09/03 15:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Printer Info Cache
[2012/12/25 10:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Real
[2013/09/01 07:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\RealNetworks
[2012/12/09 13:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ShopAtHome
[2006/01/19 14:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sonic
[2010/12/26 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sony Corporation
[2007/08/30 20:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sun
[2008/07/05 16:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\System Tweaker
[2006/01/25 18:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\The Labyrinth Plus! Edition
[2008/07/04 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Uniblue
[2012/07/29 10:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\vlc
[2008/12/08 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\webex
[2013/08/11 20:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WindSolutions
[2009/10/17 20:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WinRAR
[2009/04/11 22:50:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Dave\Application Data\yahoo!

< %SYSTEMDRIVE%\*.* >
[2002/12/22 09:41:20 | 001,507,714 | ---- | M] () -- C:\485 3 BR .bmp
[2013/06/28 23:07:50 | 000,015,205 | ---- | M] () -- C:\AdwCleaner[S1]a.txt
[2013/07/20 22:23:33 | 000,001,763 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2006/04/26 22:03:39 | 000,268,800 | ---- | M] () -- C:\Alzheimer's.ppt
[2008/03/12 22:04:18 | 000,001,438 | ---- | M] () -- C:\ASLog.txt
[2006/01/18 20:27:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/30 19:51:42 | 000,000,431 | ---- | M] () -- C:\Boot.bak
[2014/05/17 16:45:19 | 000,000,167 | -HS- | M] () -- C:\boot.ini
[2006/01/19 01:37:24 | 000,008,588 | ---- | M] () -- C:\caavsetup.log
[2008/06/29 16:53:00 | 000,034,409 | ---- | M] () -- C:\caavsetupLog.txt
[2009/10/12 21:38:58 | 000,188,136 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2006/01/18 20:27:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/09 19:48:56 | 000,000,124 | ---- | M] () -- C:\DeQuarantine.txt
[2009/10/09 19:55:19 | 000,000,124 | ---- | M] () -- C:\DeQuarantine1.txt
[2007/10/05 05:45:02 | 000,000,228 | ---- | M] () -- C:\DrvInst (1).log
[2007/10/05 05:45:00 | 000,000,228 | ---- | M] () -- C:\DrvInst (2).log
[2007/10/05 05:45:04 | 000,000,228 | ---- | M] () -- C:\DrvInst.log
[2006/01/19 01:37:15 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
[2006/06/11 16:59:03 | 000,001,208 | ---- | M] () -- C:\Games0.bmp
[2014/05/17 16:45:18 | 000,000,335 | -HS- | M] () -- C:\grub2.cfg
[2007/10/05 05:42:21 | 000,001,082 | ---- | M] () -- C:\Install (1).log
[2007/10/05 05:35:28 | 000,001,082 | ---- | M] () -- C:\Install (2).log
[2007/10/05 05:45:20 | 000,000,466 | ---- | M] () -- C:\Install.log
[2011/08/07 09:46:55 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2006/01/18 20:27:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/10 14:10:17 | 014,810,696 | ---- | M] (Microsoft Corporation) -- C:\IP32Eng6.20.182.0.exe
[2009/10/18 07:38:11 | 000,001,717 | -H-- | M] () -- C:\IPH.PH
[2006/09/23 20:55:52 | 000,033,436 | ---- | M] () -- C:\iTrip.xml
[2008/03/25 14:04:56 | 000,000,478 | ---- | M] () -- C:\LOG1F9.log
[2008/04/01 21:09:43 | 000,000,478 | ---- | M] () -- C:\LOG429.log
[2008/06/11 02:43:10 | 000,000,478 | ---- | M] () -- C:\LOG4F4.log
[2008/03/17 09:47:18 | 000,000,504 | ---- | M] () -- C:\LOG528.log
[2008/04/22 23:16:33 | 000,000,478 | ---- | M] () -- C:\LOG5D0.log
[2006/06/11 16:59:03 | 000,000,724 | ---- | M] () -- C:\Movies0.bmp
[2006/01/18 20:27:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 11:26:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/06/29 16:49:33 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/12/17 23:24:04 | 000,000,008 | ---- | M] () -- C:\palm.ini
[2009/03/04 17:47:47 | 000,000,000 | ---- | M] () -- C:\rollback.ini
[2006/06/11 16:59:03 | 000,000,584 | ---- | M] () -- C:\ScreensaversMarketingSitePager0.bmp
[2009/03/02 12:45:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/02 14:53:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/02 15:15:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/03 02:45:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/03 04:01:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/04 12:36:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/04 12:54:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/04 13:00:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/04 19:37:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/16 14:05:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/16 14:10:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/16 17:30:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/16 23:26:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/17 04:02:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/18 03:45:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/20 17:40:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/21 03:21:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/23 19:39:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/25 02:59:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/01 01:04:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/02 12:45:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/02 14:53:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/02 15:15:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/03 02:45:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/03 04:01:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/04 12:36:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/04 12:54:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/04 13:00:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/04 19:37:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/16 14:05:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/16 14:10:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/16 17:30:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/16 23:26:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/17 04:02:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/18 03:45:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/20 17:40:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/21 03:21:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/23 19:39:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/25 02:59:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/01 01:04:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2014/05/17 16:45:18 | 000,009,216 | -HS- | M] () -- C:\stage0
[2014/05/17 16:45:18 | 000,256,233 | -HS- | M] () -- C:\stage1
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2008/01/23 13:10:35 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2009/05/24 20:47:17 | 000,001,333 | ---- | M] () -- C:\updatedatfix.log
[2007/11/08 18:23:22 | 3381,012,479 | ---- | M] () -- C:\VTS05-PGC01.VOB
[2007/09/02 21:54:44 | 000,000,605 | ---- | M] () -- C:\xinstall.log
[2008/08/30 04:17:55 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2007/10/05 04:03:53 | 004,077,568 | ---- | M] () -- C:\WINDOWS\Installer\1042989.msi
[2014/03/13 16:26:22 | 003,982,848 | R--- | M] () -- C:\WINDOWS\Installer\1047f821.msp
[2014/03/19 13:11:48 | 004,347,392 | R--- | M] () -- C:\WINDOWS\Installer\1047f829.msp
[2014/03/20 11:47:22 | 007,678,464 | R--- | M] () -- C:\WINDOWS\Installer\1047f83d.msp
[2014/01/08 08:17:23 | 019,824,640 | R--- | M] () -- C:\WINDOWS\Installer\104d247.msp
[2008/03/23 18:57:23 | 000,417,792 | ---- | M] () -- C:\WINDOWS\Installer\105fea.msi
[2009/02/25 19:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\10abd5b6.msp
[2007/03/10 22:26:15 | 000,380,928 | ---- | M] () -- C:\WINDOWS\Installer\10bb3c0.msi
[2006/01/19 01:57:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c71b.mst
[2006/01/19 01:57:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c71c.mst
[2006/01/19 01:57:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c724.mst
[2006/01/19 01:57:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c725.mst
[2006/01/19 01:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c72d.mst
[2006/01/19 01:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c72e.mst
[2006/01/19 01:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c736.mst
[2006/01/19 01:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c737.mst
[2006/01/19 01:57:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c73f.mst
[2006/01/19 01:57:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c740.mst
[2006/01/19 01:57:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c748.mst
[2006/01/19 01:57:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c749.mst
[2006/01/19 01:57:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c756.mst
[2006/01/19 01:57:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c757.mst
[2006/01/19 01:57:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c75f.mst
[2006/01/19 01:57:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c760.mst
[2006/01/19 01:57:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c768.mst
[2006/01/19 01:57:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c769.mst
[2006/01/19 01:57:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c771.mst
[2006/01/19 01:57:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c772.mst
[2006/01/19 01:57:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c77a.mst
[2006/01/19 01:57:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c77b.mst
[2006/01/19 01:57:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c783.mst
[2006/01/19 01:57:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c784.mst
[2006/01/19 01:57:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c796.mst
[2006/01/19 01:57:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c797.mst
[2006/01/19 01:57:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c79f.mst
[2006/01/19 01:57:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7a0.mst
[2006/01/19 01:57:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7a8.mst
[2006/01/19 01:57:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7a9.mst
[2006/01/19 01:57:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7b1.mst
[2006/01/19 01:57:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7b2.mst
[2006/01/19 01:57:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7ba.mst
[2006/01/19 01:57:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7bb.mst
[2006/01/19 01:57:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7c3.mst
[2006/01/19 01:57:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7c4.mst
[2006/01/19 01:57:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7cc.mst
[2006/01/19 01:57:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7cd.mst
[2006/01/19 01:57:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7d5.mst
[2006/01/19 01:57:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7d6.mst
[2006/01/19 01:57:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7de.mst
[2006/01/19 01:57:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7df.mst
[2006/01/19 01:57:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7ec.mst
[2006/01/19 01:57:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\10c7ed.mst
[2013/07/13 12:45:14 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\11182710.msi
[2011/01/07 20:10:36 | 003,991,040 | R--- | M] () -- C:\WINDOWS\Installer\1124aa6d.msp
[2006/10/17 07:40:57 | 000,428,544 | ---- | M] () -- C:\WINDOWS\Installer\11a4ed.msi
[2012/10/21 00:32:14 | 002,830,848 | R--- | M] () -- C:\WINDOWS\Installer\128cd977.msp
[2012/11/07 11:36:56 | 007,677,952 | R--- | M] () -- C:\WINDOWS\Installer\128cd98b.msp
[2012/11/21 16:13:14 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\128cd99f.msp
[2012/11/15 13:44:38 | 043,956,736 | R--- | M] () -- C:\WINDOWS\Installer\128cd9b2.msp
[2012/08/02 10:29:26 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\12b58d9e.msp
[2012/07/18 15:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\12b58da6.msp
[2012/07/17 10:11:02 | 006,145,024 | R--- | M] () -- C:\WINDOWS\Installer\12b58dc0.msp
[2012/07/17 10:17:04 | 022,363,136 | R--- | M] () -- C:\WINDOWS\Installer\12b58dd4.msp
[2012/06/26 18:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\12b58ddb.msp
[2013/09/01 07:46:10 | 000,056,832 | ---- | M] () -- C:\WINDOWS\Installer\12cfa4.msi
[2013/09/01 07:48:08 | 000,092,672 | ---- | M] () -- C:\WINDOWS\Installer\12cfac.msi
[2013/09/01 07:48:41 | 000,018,944 | ---- | M] () -- C:\WINDOWS\Installer\12cfb6.msi
[2013/09/01 07:49:33 | 001,184,256 | ---- | M] () -- C:\WINDOWS\Installer\12d00d.msi
[2008/02/25 15:07:18 | 011,772,416 | R--- | M] () -- C:\WINDOWS\Installer\12fb4c3f.msp
[2010/09/24 07:08:50 | 017,518,080 | R--- | M] () -- C:\WINDOWS\Installer\13163c9b.msp
[2010/09/23 07:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\13163ca4.msp
[2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\13163cab.msp
[2011/06/22 11:28:38 | 000,166,400 | ---- | M] () -- C:\WINDOWS\Installer\131873bd.msi
[2008/07/03 11:37:46 | 011,759,104 | R--- | M] () -- C:\WINDOWS\Installer\13443d5c.msp
[2008/06/19 18:28:04 | 001,573,376 | R--- | M] () -- C:\WINDOWS\Installer\13443d65.msp
[2014/04/02 02:54:52 | 003,246,592 | R--- | M] () -- C:\WINDOWS\Installer\13832f9d.msp
[2010/12/04 08:05:55 | 000,360,448 | ---- | M] () -- C:\WINDOWS\Installer\146fc024.msi
[2009/04/04 08:35:48 | 036,977,152 | R--- | M] () -- C:\WINDOWS\Installer\14d0c0bc.msp
[2009/05/04 07:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\150754.msp
[2009/10/16 20:50:30 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\15075a.msi
[2009/08/10 14:09:46 | 017,254,912 | R--- | M] () -- C:\WINDOWS\Installer\150788.msp
[2009/08/14 20:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\150790.msp
[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\1507c0.msp
[2009/04/04 07:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\152ca.msp
[2009/04/24 12:31:18 | 001,425,920 | R--- | M] () -- C:\WINDOWS\Installer\152e9.msp
[2009/05/25 12:23:05 | 000,472,064 | ---- | M] () -- C:\WINDOWS\Installer\152f8.msi
[2012/03/28 18:10:04 | 012,098,048 | R--- | M] () -- C:\WINDOWS\Installer\156b76bb.msp
[2012/03/22 13:09:58 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\156b76cf.msp
[2012/01/22 10:09:26 | 001,700,352 | R--- | M] () -- C:\WINDOWS\Installer\156b76d6.msp
[2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\156b76dc.msp
[2012/01/30 20:46:22 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\156b76e4.msp
[2010/10/07 19:43:04 | 001,980,416 | R--- | M] () -- C:\WINDOWS\Installer\15805ebf.msp
[2010/10/01 22:53:12 | 004,147,712 | R--- | M] () -- C:\WINDOWS\Installer\1611afe7.msp
[2010/12/06 16:02:34 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\1611affb.msp
[2010/11/12 12:08:30 | 000,889,344 | R--- | M] () -- C:\WINDOWS\Installer\1611b013.msp
[2010/10/22 16:45:16 | 008,444,928 | R--- | M] () -- C:\WINDOWS\Installer\1611b028.msp
[2008/08/07 14:03:26 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\16b4c4.msi
[2008/08/07 14:03:34 | 000,565,248 | ---- | M] () -- C:\WINDOWS\Installer\16b4c9.msi
[2008/08/07 14:03:39 | 000,446,976 | ---- | M] () -- C:\WINDOWS\Installer\16b4d0.msi
[2008/08/07 14:03:45 | 000,444,928 | ---- | M] () -- C:\WINDOWS\Installer\16b4d5.msi
[2008/08/07 14:03:48 | 000,345,088 | ---- | M] () -- C:\WINDOWS\Installer\16b4da.msi
[2008/08/07 14:03:52 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\16b4df.msi
[2008/08/07 14:03:57 | 000,450,048 | ---- | M] () -- C:\WINDOWS\Installer\16b4e7.msi
[2008/08/07 14:04:04 | 000,636,928 | ---- | M] () -- C:\WINDOWS\Installer\16b4f1.msi
[2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\170d1a1b.msp
[2010/02/25 00:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\170d1a26.msp
[2010/04/11 22:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\170d1a31.msp
[2010/04/11 22:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\170d1a32.msp
[2010/04/11 22:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\170d1a40.msp
[2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\170d1a84.msp
[2010/04/02 12:30:02 | 017,456,640 | R--- | M] () -- C:\WINDOWS\Installer\170d1aa1.msp
[2007/09/03 12:17:23 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Installer\17109e.msi
[2007/09/03 12:17:29 | 000,306,688 | ---- | M] () -- C:\WINDOWS\Installer\1710a9.msi
[2007/09/03 12:17:44 | 000,519,168 | ---- | M] () -- C:\WINDOWS\Installer\1710c4.msi
[2007/09/03 12:18:57 | 000,194,048 | ---- | M] () -- C:\WINDOWS\Installer\17112c.msi
[2007/09/03 12:18:59 | 000,472,576 | ---- | M] () -- C:\WINDOWS\Installer\171132.msi
[2009/10/11 15:41:38 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\1788d.ipi
[2010/02/21 02:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\17c4656e.msp
[2013/07/26 13:21:06 | 002,847,744 | R--- | M] () -- C:\WINDOWS\Installer\17da834c.msp
[2013/07/18 11:26:56 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\17da8360.msp
[2013/07/23 13:24:12 | 012,871,168 | R--- | M] () -- C:\WINDOWS\Installer\17da8372.msp
[2013/06/21 10:24:42 | 010,079,232 | R--- | M] () -- C:\WINDOWS\Installer\17da8379.msp
[2011/02/17 07:55:13 | 020,308,992 | R--- | M] () -- C:\WINDOWS\Installer\18d249f0.msp
[2014/05/10 07:40:32 | 043,950,080 | R--- | M] () -- C:\WINDOWS\Installer\19e213af.msp
[2010/05/30 15:30:06 | 000,480,768 | ---- | M] () -- C:\WINDOWS\Installer\1c8163.msi
[2010/05/30 15:30:15 | 000,484,352 | ---- | M] () -- C:\WINDOWS\Installer\1c816c.msi
[2010/05/30 15:30:26 | 000,839,168 | ---- | M] () -- C:\WINDOWS\Installer\1c8171.msi
[2010/05/30 15:30:28 | 000,418,304 | ---- | M] () -- C:\WINDOWS\Installer\1c8176.msi
[2010/05/30 15:30:30 | 000,301,568 | ---- | M] () -- C:\WINDOWS\Installer\1c817b.msi
[2010/05/30 15:30:32 | 000,243,712 | ---- | M] () -- C:\WINDOWS\Installer\1c8180.msi
[2010/05/30 15:30:50 | 000,847,872 | ---- | M] () -- C:\WINDOWS\Installer\1c8185.msi
[2010/05/30 15:31:24 | 000,326,656 | ---- | M] () -- C:\WINDOWS\Installer\1c818b.msi
[2010/05/30 15:31:27 | 000,244,224 | ---- | M] () -- C:\WINDOWS\Installer\1c8190.msi
[2013/08/04 22:11:39 | 002,002,432 | ---- | M] () -- C:\WINDOWS\Installer\1d47e7a.msi
[2013/08/04 22:12:19 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\1d47e84.msi
[2009/11/09 00:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\1deb8147.msp
[2010/03/31 01:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\1deb8153.msp
[2007/08/19 09:43:06 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\1f48e74.msi
[2011/03/19 16:25:31 | 020,272,128 | ---- | M] () -- C:\WINDOWS\Installer\1f4d34cf.msi
[2011/03/19 16:25:41 | 001,013,248 | ---- | M] () -- C:\WINDOWS\Installer\1f4d34d4.msi
[2011/03/19 16:25:46 | 000,242,688 | ---- | M] () -- C:\WINDOWS\Installer\1f4d34da.msi
[2011/03/19 16:26:06 | 001,479,168 | ---- | M] () -- C:\WINDOWS\Installer\1f4d34df.msi
[2008/11/13 04:23:19 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\1fbda65.msi
[2008/09/24 13:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\1fbda93.msp
[2013/11/09 16:22:43 | 023,781,888 | R--- | M] () -- C:\WINDOWS\Installer\1fd777.msp
[2006/02/02 18:27:52 | 000,740,864 | ---- | M] () -- C:\WINDOWS\Installer\210e2fa8.mst
[2013/11/10 18:42:32 | 000,872,448 | ---- | M] () -- C:\WINDOWS\Installer\2112ae1.msi
[2011/11/11 17:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\215e3458.msp
[2011/11/17 11:55:20 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\215e346c.msp
[2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\215e3474.msp
[2011/10/31 13:37:46 | 004,146,688 | R--- | M] () -- C:\WINDOWS\Installer\215e348f.msp
[2011/10/30 00:10:18 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\215e34a3.msp
[2011/11/01 14:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\215e34ab.msp
[2011/11/01 14:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\215e34b3.msp
[2007/11/08 17:54:14 | 000,179,200 | ---- | M] () -- C:\WINDOWS\Installer\22e60311.msi
[2010/12/06 22:44:32 | 005,787,648 | ---- | M] () -- C:\WINDOWS\Installer\234bf5.msi
[2007/07/27 10:03:06 | 119,977,472 | R--- | M] () -- C:\WINDOWS\Installer\234ce4.msp
[2006/11/19 22:49:06 | 000,968,192 | ---- | M] () -- C:\WINDOWS\Installer\2499c.msi
[2006/11/19 22:49:11 | 000,238,080 | ---- | M] () -- C:\WINDOWS\Installer\249a8.msi
[2006/11/19 22:49:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\Installer\249b1.msi
[2006/11/19 22:49:16 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\249fb.msi
[2006/11/19 22:49:18 | 000,159,232 | ---- | M] () -- C:\WINDOWS\Installer\24a0e.msi
[2006/11/19 22:49:19 | 000,155,136 | ---- | M] () -- C:\WINDOWS\Installer\24a1e.msi
[2006/11/19 22:49:24 | 000,194,560 | ---- | M] () -- C:\WINDOWS\Installer\24a3f.msi
[2006/11/19 22:49:38 | 000,334,848 | ---- | M] () -- C:\WINDOWS\Installer\24ba0.msi
[2006/11/19 22:49:40 | 000,157,184 | ---- | M] () -- C:\WINDOWS\Installer\24bac.msi
[2006/11/19 22:49:42 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Installer\24bc7.msi
[2006/11/19 22:49:44 | 000,161,792 | ---- | M] () -- C:\WINDOWS\Installer\24bd2.msi
[2006/11/19 22:49:46 | 000,179,712 | ---- | M] () -- C:\WINDOWS\Installer\24bfb.msi
[2006/11/19 22:49:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\Installer\24c19.msi
[2006/11/19 22:49:51 | 000,166,912 | ---- | M] () -- C:\WINDOWS\Installer\24c1e.msi
[2006/11/19 22:49:56 | 000,688,640 | ---- | M] () -- C:\WINDOWS\Installer\24c29.msi
[2006/11/19 22:49:59 | 000,226,304 | ---- | M] () -- C:\WINDOWS\Installer\24c3a.msi
[2006/11/19 22:50:01 | 000,318,464 | ---- | M] () -- C:\WINDOWS\Installer\24c43.msi
[2006/11/19 22:50:03 | 000,237,568 | ---- | M] () -- C:\WINDOWS\Installer\24c64.msi
[2006/11/19 22:50:05 | 000,169,984 | ---- | M] () -- C:\WINDOWS\Installer\24c69.msi
[2006/11/19 22:50:23 | 001,150,464 | ---- | M] () -- C:\WINDOWS\Installer\24c85.msi
[2006/11/19 22:51:51 | 000,155,136 | ---- | M] () -- C:\WINDOWS\Installer\24c9a.msi
[2006/06/19 16:02:47 | 000,384,512 | ---- | M] () -- C:\WINDOWS\Installer\24cdff25.mst
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\2567a66a.msp
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\2567a672.msp
[2011/03/03 11:25:14 | 005,051,904 | R--- | M] () -- C:\WINDOWS\Installer\2567a686.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\2567a68e.msp
[2010/11/20 23:34:34 | 001,198,080 | R--- | M] () -- C:\WINDOWS\Installer\2567a69c.msp
[2011/02/11 20:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\2567a6ad.msp
[2011/04/05 12:52:16 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\2567a6c1.msp
[2011/02/24 09:38:52 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\2567a6d5.msp
[2011/01/27 14:49:14 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\2567a6e9.msp
[2013/07/21 13:30:17 | 000,281,088 | ---- | M] () -- C:\WINDOWS\Installer\257c62.msi
[2008/04/18 14:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\265231f0.msp
[2013/04/26 14:56:22 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\26fb57ad.msp
[2013/02/07 00:30:34 | 001,035,776 | R--- | M] () -- C:\WINDOWS\Installer\26fb57b5.msp
[2013/02/18 17:56:54 | 000,760,832 | R--- | M] () -- C:\WINDOWS\Installer\26fb57bb.msp
[2013/04/09 00:16:02 | 007,242,752 | R--- | M] () -- C:\WINDOWS\Installer\26fb57cf.msp
[2013/04/08 23:37:16 | 003,978,240 | R--- | M] () -- C:\WINDOWS\Installer\26fb57e5.msp
[2014/04/17 22:09:30 | 000,029,696 | ---- | M] () -- C:\WINDOWS\Installer\2714d07.msi
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\277deb6d.msp
[2012/04/25 19:32:24 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\277deb76.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\277deb7d.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\277deb84.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\277deb8a.msp
[2006/01/20 02:12:43 | 005,864,960 | R--- | M] () -- C:\WINDOWS\Installer\28ca39.msp
[2013/09/22 09:18:19 | 001,548,800 | ---- | M] () -- C:\WINDOWS\Installer\28d71d2c.msi
[2013/09/22 09:21:10 | 001,718,272 | ---- | M] () -- C:\WINDOWS\Installer\28d71d89.msi
[2013/09/22 09:26:10 | 004,481,536 | ---- | M] () -- C:\WINDOWS\Installer\28d72b41.msi
[2011/04/22 03:00:23 | 020,314,624 | R--- | M] () -- C:\WINDOWS\Installer\29158dde.msp
[2013/02/15 14:06:42 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\2bb01a0.msp
[2013/03/14 03:01:13 | 023,765,504 | R--- | M] () -- C:\WINDOWS\Installer\2bb01ac.msp
[2012/09/12 23:50:30 | 014,549,504 | R--- | M] () -- C:\WINDOWS\Installer\2bc353cc.msp
[2012/09/25 13:35:46 | 004,285,952 | R--- | M] () -- C:\WINDOWS\Installer\2bc353d4.msp
[2012/11/04 20:47:18 | 005,520,896 | R--- | M] () -- C:\WINDOWS\Installer\2bc353ee.msp
[2012/09/25 13:35:30 | 007,695,360 | R--- | M] () -- C:\WINDOWS\Installer\2bc353f6.msp
[2012/09/27 17:53:12 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\2bc3540a.msp
[2012/09/25 13:36:20 | 008,465,408 | R--- | M] () -- C:\WINDOWS\Installer\2bc35412.msp
[2012/09/11 20:30:02 | 019,701,760 | R--- | M] () -- C:\WINDOWS\Installer\2bc3542b.msp
[2012/09/06 10:22:10 | 013,475,840 | R--- | M] () -- C:\WINDOWS\Installer\2bc35439.msp
[2012/09/10 09:59:10 | 010,739,712 | R--- | M] () -- C:\WINDOWS\Installer\2bc35447.msp
[2013/12/12 10:18:44 | 007,684,608 | R--- | M] () -- C:\WINDOWS\Installer\2c20bf7a.msp
[2013/11/18 07:06:06 | 004,346,880 | R--- | M] () -- C:\WINDOWS\Installer\2c20bf82.msp
[2008/12/13 10:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\2d257.msp
[2008/12/13 11:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\2d261.msp
[2008/12/13 10:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\2d26c.msp
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba08.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba16.msp
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba21.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba28.msp
[2011/08/16 12:35:02 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba3c.msp
[2011/07/26 08:17:10 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba50.msp
[2011/07/26 16:33:48 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba64.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\2e4aba6c.msp
[2013/07/05 18:43:46 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Installer\2e53112.msi
[2013/07/05 18:43:48 | 000,437,248 | ---- | M] () -- C:\WINDOWS\Installer\2e53117.msi
[2013/07/05 18:43:55 | 001,728,512 | ---- | M] () -- C:\WINDOWS\Installer\2e5311d.msi
[2006/01/19 02:31:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\308276.mst
[2006/01/19 02:31:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\308277.mst
[2006/01/19 02:32:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\30837b.mst
[2006/01/19 02:32:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\30837c.mst
[2006/01/19 02:32:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\30842b.mst
[2006/01/19 02:32:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\30842c.mst
[2006/01/19 02:32:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\308459.mst
[2006/01/19 02:32:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\30845a.mst
[2012/01/25 15:55:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\308c1c81.msp
[2011/10/26 16:38:54 | 002,830,848 | R--- | M] () -- C:\WINDOWS\Installer\308c1c88.msp
[2012/02/17 04:07:20 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\308c1c92.msp
[2011/10/30 23:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\308c1c98.msp
[2009/10/11 14:20:28 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\31bf9.ipi
[2009/03/20 11:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\329c8.msp
[2012/12/10 01:29:28 | 006,211,072 | R--- | M] () -- C:\WINDOWS\Installer\34eb6df.msp
[2012/12/06 17:29:48 | 003,721,728 | R--- | M] () -- C:\WINDOWS\Installer\34eb6e7.msp
[2013/01/17 17:48:30 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\34eb6fa.msp
[2013/11/20 20:35:18 | 006,696,448 | R--- | M] () -- C:\WINDOWS\Installer\350cef4f.msp
[2013/11/01 19:14:50 | 009,660,928 | R--- | M] () -- C:\WINDOWS\Installer\350cef57.msp
[2013/11/27 10:33:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\350cef71.msp
[2008/01/19 17:40:33 | 000,472,064 | ---- | M] () -- C:\WINDOWS\Installer\352377.msi
[2011/11/03 14:31:36 | 005,525,504 | R--- | M] () -- C:\WINDOWS\Installer\3777798f.msp
[2014/06/20 14:04:04 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\378a7ef.msi
[2009/10/17 23:43:00 | 000,472,064 | ---- | M] () -- C:\WINDOWS\Installer\38a5d.msi
[2014/05/16 05:06:18 | 009,850,368 | R--- | M] () -- C:\WINDOWS\Installer\3984bba.msp
[2014/05/16 05:10:50 | 004,346,880 | R--- | M] () -- C:\WINDOWS\Installer\3984bc8.msp
[2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\3a46d1.msp
[2011/05/23 14:15:48 | 003,617,792 | R--- | M] () -- C:\WINDOWS\Installer\3aecb6b7.msp
[2014/03/12 03:00:43 | 023,813,120 | R--- | M] () -- C:\WINDOWS\Installer\3bb49138.msp
[2014/06/29 16:53:42 | 000,915,456 | ---- | M] () -- C:\WINDOWS\Installer\3e033.msi
[2014/06/29 16:54:59 | 000,006,656 | ---- | M] () -- C:\WINDOWS\Installer\3e036.ipi
[2014/06/29 16:54:58 | 000,155,648 | ---- | M] () -- C:\WINDOWS\Installer\3e038.msi
[2012/09/03 03:00:27 | 000,500,736 | ---- | M] () -- C:\WINDOWS\Installer\3e1483c.msi
[2011/04/14 21:38:36 | 000,223,232 | ---- | M] () -- C:\WINDOWS\Installer\3e1cb4c.msi
[2013/09/26 14:48:57 | 002,682,880 | R--- | M] () -- C:\WINDOWS\Installer\3ea86.msp
[2011/09/15 19:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\3ed906b8.msp
[2011/09/15 19:37:40 | 037,148,160 | R--- | M] () -- C:\WINDOWS\Installer\3ed906c3.msp
[2011/12/26 06:06:20 | 005,115,392 | R--- | M] () -- C:\WINDOWS\Installer\3ed906ca.msp
[2011/12/25 06:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\3ed906d9.msp
[2011/12/26 10:02:58 | 019,677,184 | R--- | M] () -- C:\WINDOWS\Installer\3ed906f2.msp
[2011/12/26 10:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\3ed906fb.msp
[2006/01/25 17:58:50 | 004,738,560 | ---- | M] () -- C:\WINDOWS\Installer\3fc90.msi
[2006/01/25 18:02:11 | 001,520,128 | ---- | M] () -- C:\WINDOWS\Installer\3fc97.msi
[2011/02/22 11:32:12 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\3fea5c1b.msp
[2010/04/24 09:16:47 | 000,119,296 | ---- | M] () -- C:\WINDOWS\Installer\409a5.msi
[2012/10/12 16:54:06 | 020,046,848 | R--- | M] () -- C:\WINDOWS\Installer\42394d52.msp
[2012/10/16 04:12:32 | 000,943,616 | R--- | M] () -- C:\WINDOWS\Installer\42394d5b.msp
[2012/12/12 11:40:24 | 006,141,440 | R--- | M] () -- C:\WINDOWS\Installer\42394d6f.msp
[2013/01/10 05:01:27 | 000,500,736 | ---- | M] () -- C:\WINDOWS\Installer\42394d77.msi
[2012/10/10 05:27:32 | 011,291,136 | R--- | M] () -- C:\WINDOWS\Installer\42394d87.msp
[2012/11/17 10:36:10 | 003,865,600 | R--- | M] () -- C:\WINDOWS\Installer\42394d92.msp
[2012/09/27 06:19:16 | 014,703,616 | R--- | M] () -- C:\WINDOWS\Installer\42394da7.msp
[2012/09/07 11:14:18 | 001,704,448 | R--- | M] () -- C:\WINDOWS\Installer\42394db4.msp
[2007/10/14 23:33:24 | 026,646,016 | R--- | M] () -- C:\WINDOWS\Installer\42d0acd.msp
[2012/12/18 11:40:26 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\42d6d246.msp
[2012/10/03 23:52:08 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\42d6d255.msp
[2006/01/18 20:34:21 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\437aa.msi
[2013/09/05 12:01:07 | 019,279,872 | R--- | M] () -- C:\WINDOWS\Installer\46795.msp
[2011/01/17 17:06:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\46b2b5a.msp
[2005/10/26 15:59:54 | 002,883,072 | R--- | M] () -- C:\WINDOWS\Installer\47b251.msp
[2008/01/14 17:53:34 | 005,213,696 | R--- | M] () -- C:\WINDOWS\Installer\47b264.msp
[2008/06/11 15:02:44 | 000,830,464 | R--- | M] () -- C:\WINDOWS\Installer\47b277.msp
[2008/07/28 15:59:08 | 000,180,736 | R--- | M] () -- C:\WINDOWS\Installer\47b28a.msp
[2008/10/25 10:15:10 | 006,227,456 | R--- | M] () -- C:\WINDOWS\Installer\47b29d.msp
[2009/07/01 14:21:28 | 008,891,904 | R--- | M] () -- C:\WINDOWS\Installer\47b2b4.msp
[2009/07/01 14:19:52 | 010,607,104 | R--- | M] () -- C:\WINDOWS\Installer\47b2b5.msp
[2009/08/20 06:02:38 | 005,204,992 | R--- | M] () -- C:\WINDOWS\Installer\47b2c8.msp
[2009/09/29 10:08:12 | 006,747,648 | R--- | M] () -- C:\WINDOWS\Installer\47b2dc.msp
[2009/09/09 16:40:48 | 000,632,320 | R--- | M] () -- C:\WINDOWS\Installer\47b2ef.msp
[2009/12/16 23:58:22 | 005,382,144 | R--- | M] () -- C:\WINDOWS\Installer\47b306.msp
[2009/10/16 19:07:18 | 006,115,328 | R--- | M] () -- C:\WINDOWS\Installer\47b31a.msp
[2010/05/03 17:11:42 | 004,149,760 | R--- | M] () -- C:\WINDOWS\Installer\47b331.msp
[2010/05/25 12:45:58 | 008,445,440 | R--- | M] () -- C:\WINDOWS\Installer\47b34f.msp
[2010/06/11 18:55:00 | 001,827,328 | R--- | M] () -- C:\WINDOWS\Installer\47b367.msp
[2010/06/11 18:52:10 | 045,542,912 | R--- | M] () -- C:\WINDOWS\Installer\47b368.msp
[2010/08/25 18:06:30 | 006,479,360 | R--- | M] () -- C:\WINDOWS\Installer\47b37c.msp
[2010/08/05 11:57:58 | 004,066,304 | R--- | M] () -- C:\WINDOWS\Installer\47b39f.msp
[2010/08/24 10:49:22 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\47b3b3.msp
[2010/08/23 18:09:02 | 007,673,344 | R--- | M] () -- C:\WINDOWS\Installer\47b3c7.msp
[2010/10/14 17:57:14 | 011,189,248 | R--- | M] () -- C:\WINDOWS\Installer\47b3db.msp
[2010/10/22 14:25:02 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\47b3f0.msp
[2010/10/01 18:42:36 | 005,054,464 | R--- | M] () -- C:\WINDOWS\Installer\47b405.msp
[2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\49d0543.msp
[2011/01/18 23:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\49d054a.msp
[2007/07/15 19:10:04 | 015,256,576 | R--- | M] () -- C:\WINDOWS\Installer\4bc2e.msp
[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\4fbc401.msp
[2008/08/11 11:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\4fbc41d.msp
[2013/05/24 17:33:34 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\502812ec.msp
[2013/05/23 16:29:18 | 010,987,520 | R--- | M] () -- C:\WINDOWS\Installer\50281300.msp
[2009/04/24 12:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\5169733.msp
[2012/04/28 15:19:23 | 000,552,448 | ---- | M] () -- C:\WINDOWS\Installer\543c7e20.msi
[2012/09/02 08:16:14 | 000,498,176 | ---- | M] () -- C:\WINDOWS\Installer\5779b6ca.msi
[2008/10/20 11:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\59f61d5.msp
[2008/10/20 11:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\59f6219.msp
[2006/01/19 04:55:52 | 019,210,240 | R--- | M] () -- C:\WINDOWS\Installer\5a122.msp
[2012/05/12 09:21:08 | 023,771,136 | R--- | M] () -- C:\WINDOWS\Installer\5c75eb9.msp
[2011/05/18 22:55:38 | 019,624,448 | R--- | M] () -- C:\WINDOWS\Installer\5dd48e8.msp
[2011/04/06 22:43:30 | 123,313,664 | R--- | M] () -- C:\WINDOWS\Installer\5dd48ff.msp
[2011/11/21 23:07:36 | 017,191,936 | R--- | M] () -- C:\WINDOWS\Installer\5dd4911.msp
[2006/01/19 04:29:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\5e49f.msi
[2011/07/26 22:31:40 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\5e4ba41.msi
[2011/07/26 22:36:36 | 000,492,544 | ---- | M] () -- C:\WINDOWS\Installer\5e4ba46.msi
[2011/06/15 19:42:15 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\5f40ec84.msi
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\5f40ec8b.msp
[2011/05/17 18:28:52 | 006,862,848 | R--- | M] () -- C:\WINDOWS\Installer\5f40ec9f.msp
[2011/05/20 17:31:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\5f40ecb3.msp
[2011/04/27 19:51:18 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\5f40ecc7.msp
[2011/06/15 19:48:03 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\5f40ecd2.msp
[2011/06/15 19:49:40 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\5f40ecd8.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\5f40ecdf.msp
[2013/03/21 19:51:22 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\5f951323.msp
[2008/07/29 23:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\5fe89ba1.msp
[2012/02/06 22:40:04 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\6a587273.msi
[2012/02/06 22:40:14 | 000,058,880 | ---- | M] () -- C:\WINDOWS\Installer\6a587278.msi
[2012/02/06 22:40:20 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\6a58727d.msi
[2012/02/06 22:40:33 | 000,149,504 | ---- | M] () -- C:\WINDOWS\Installer\6a587282.msi
[2012/02/06 22:40:40 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\6a587287.msi
[2012/02/06 22:40:47 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\6a58728c.msi
[2012/02/06 22:40:52 | 000,027,136 | ---- | M] () -- C:\WINDOWS\Installer\6a587291.msi
[2012/02/06 22:40:57 | 000,155,648 | ---- | M] () -- C:\WINDOWS\Installer\6a587296.msi
[2012/02/06 22:41:18 | 000,429,056 | ---- | M] () -- C:\WINDOWS\Installer\6a58729c.msi
[2012/02/06 22:41:25 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\6a5872a1.msi
[2012/02/06 22:41:38 | 000,735,744 | ---- | M] () -- C:\WINDOWS\Installer\6a5872a6.msi
[2012/02/06 22:43:04 | 000,891,904 | ---- | M] () -- C:\WINDOWS\Installer\6a5872ab.msi
[2012/02/06 22:43:39 | 000,463,872 | ---- | M] () -- C:\WINDOWS\Installer\6a5872b0.msi
[2012/02/06 22:44:19 | 000,778,752 | ---- | M] () -- C:\WINDOWS\Installer\6a5872b5.msi
[2012/02/06 22:44:37 | 000,483,328 | ---- | M] () -- C:\WINDOWS\Installer\6a5872c0.msi
[2012/02/06 22:44:43 | 000,727,040 | ---- | M] () -- C:\WINDOWS\Installer\6a5872c5.msi
[2012/02/06 22:45:02 | 000,569,344 | ---- | M] () -- C:\WINDOWS\Installer\6a5872cf.msi
[2012/02/06 22:45:33 | 000,969,728 | ---- | M] () -- C:\WINDOWS\Installer\6a5872d4.msi
[2012/02/06 22:45:57 | 000,517,120 | ---- | M] () -- C:\WINDOWS\Installer\6a5872d9.msi
[2009/10/17 18:02:10 | 000,786,432 | ---- | M] () -- C:\WINDOWS\Installer\6b34cc.msi
[2007/09/03 12:07:08 | 000,302,080 | ---- | M] () -- C:\WINDOWS\Installer\6e1ef.msi
[2012/05/11 03:00:31 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\6eed100.msp
[2012/04/17 12:11:06 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\6eed113.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\6eed11b.msp
[2012/04/27 15:09:22 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\6eed12f.msp
[2012/03/19 22:02:30 | 006,695,936 | R--- | M] () -- C:\WINDOWS\Installer\6eed143.msp
[2012/04/09 16:50:24 | 006,829,568 | R--- | M] () -- C:\WINDOWS\Installer\6eed157.msp
[2011/12/15 13:40:40 | 023,374,336 | R--- | M] () -- C:\WINDOWS\Installer\6eed16b.msp
[2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\6eed176.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\6eed17e.msp
[2012/01/19 13:37:24 | 008,999,936 | R--- | M] () -- C:\WINDOWS\Installer\6eed18e.msp
[2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\6eed19a.msp
[2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\6eed1a1.msp
[2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\6eed1a8.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\6eed1b0.msp
[2006/01/19 00:56:55 | 003,443,712 | ---- | M] () -- C:\WINDOWS\Installer\71f7f.msi
[2014/02/07 19:33:45 | 000,953,344 | ---- | M] () -- C:\WINDOWS\Installer\748fe716.msi
[2014/02/07 19:34:13 | 000,066,048 | ---- | M] () -- C:\WINDOWS\Installer\748fe726.msi
[2006/02/12 15:17:02 | 003,033,088 | ---- | M] () -- C:\WINDOWS\Installer\7637e9f.msi
[2012/06/29 14:33:46 | 006,063,616 | R--- | M] () -- C:\WINDOWS\Installer\7817b153.msp
[2013/11/09 17:59:51 | 000,916,992 | ---- | M] () -- C:\WINDOWS\Installer\7897c7.msi
[2008/06/29 16:52:39 | 003,601,408 | ---- | M] () -- C:\WINDOWS\Installer\7ffb05.msi
[2009/10/17 18:25:37 | 000,348,672 | ---- | M] () -- C:\WINDOWS\Installer\80b3b8.msi
[2006/01/26 22:18:57 | 000,375,296 | ---- | M] () -- C:\WINDOWS\Installer\81d53b.msi
[2006/11/19 22:45:16 | 000,428,544 | ---- | M] () -- C:\WINDOWS\Installer\822be.msi
[2011/02/25 17:58:39 | 000,361,984 | ---- | M] () -- C:\WINDOWS\Installer\8269f.msi
[2006/01/19 01:07:56 | 000,198,144 | ---- | M] () -- C:\WINDOWS\Installer\8445e.msi
[2006/01/19 01:08:17 | 004,490,752 | ---- | M] () -- C:\WINDOWS\Installer\84463.msi
[2006/01/19 01:08:54 | 000,843,776 | ---- | M] () -- C:\WINDOWS\Installer\84473.msi
[2006/01/19 01:09:22 | 000,070,144 | ---- | M] () -- C:\WINDOWS\Installer\8447a.msi
[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\849fcdc0.msp
[2007/07/21 13:26:34 | 007,574,016 | R--- | M] () -- C:\WINDOWS\Installer\86f8a1.msp
[2013/10/24 01:30:14 | 011,804,160 | R--- | M] () -- C:\WINDOWS\Installer\8afa6955.msp
[2014/01/08 18:01:00 | 006,876,160 | R--- | M] () -- C:\WINDOWS\Installer\8afa6960.msp
[2013/11/08 01:29:26 | 004,515,840 | R--- | M] () -- C:\WINDOWS\Installer\8afa6976.msp
[2014/01/08 17:30:40 | 011,907,584 | R--- | M] () -- C:\WINDOWS\Installer\8afa6983.msp
[2013/07/19 21:35:20 | 004,484,096 | R--- | M] () -- C:\WINDOWS\Installer\8afa6989.msp
[2008/01/23 16:44:52 | 000,012,800 | ---- | M] () -- C:\WINDOWS\Installer\8dd0d0e.ipi
[2011/07/12 15:50:24 | 017,555,968 | R--- | M] () -- C:\WINDOWS\Installer\8ef45d08.msp
[2011/09/20 15:36:20 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\8ef45d1b.msp
[2011/07/11 17:19:28 | 010,619,904 | R--- | M] () -- C:\WINDOWS\Installer\8ef45d27.msp
[2011/07/11 20:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\8ef45d30.msp
[2011/10/13 21:51:08 | 020,333,568 | R--- | M] () -- C:\WINDOWS\Installer\8ef45d3b.msp
[2011/07/26 13:50:18 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\9223648.msp
[2011/04/28 10:54:26 | 002,720,768 | R--- | M] () -- C:\WINDOWS\Installer\9223653.msp
[2011/04/28 17:51:24 | 001,375,744 | R--- | M] () -- C:\WINDOWS\Installer\9223659.msp
[2011/05/02 00:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\922365f.msp
[2011/04/29 12:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\9bdb3e6.msp
[2011/04/29 13:04:54 | 005,053,440 | R--- | M] () -- C:\WINDOWS\Installer\9bdb400.msp
[2011/04/27 11:14:04 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\9bdb414.msp
[2010/07/25 21:16:30 | 000,602,624 | ---- | M] () -- C:\WINDOWS\Installer\9bf44.msi
[2013/08/09 23:44:04 | 002,364,928 | ---- | M] () -- C:\WINDOWS\Installer\a7ad8.msi
[2013/05/11 08:24:03 | 018,702,336 | R--- | M] () -- C:\WINDOWS\Installer\a7ad9.msp
[2013/10/08 15:43:10 | 000,508,416 | R--- | M] () -- C:\WINDOWS\Installer\af5f0b2.msp
[2013/10/17 18:07:48 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\af5f0c6.msp
[2007/04/08 08:57:25 | 004,466,176 | ---- | M] () -- C:\WINDOWS\Installer\b14ee.msi
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\b56ea02.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\WINDOWS\Installer\b56ea0a.msp
[2009/10/11 13:58:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\Installer\b5da75.ipi
[2013/04/23 02:16:00 | 018,951,680 | R--- | M] () -- C:\WINDOWS\Installer\b5dcde6.msp
[2013/05/21 15:17:50 | 002,825,728 | R--- | M] () -- C:\WINDOWS\Installer\b5dcdef.msp
[2013/07/10 03:06:46 | 023,781,888 | R--- | M] () -- C:\WINDOWS\Installer\b5dcdfb.msp
[2013/05/14 21:23:08 | 012,840,448 | R--- | M] () -- C:\WINDOWS\Installer\b5dce0c.msp
[2013/04/19 15:30:22 | 010,971,136 | R--- | M] () -- C:\WINDOWS\Installer\b5dce13.msp
[2013/06/18 16:44:38 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\b5dce26.msp
[2013/05/08 21:37:02 | 009,661,440 | R--- | M] () -- C:\WINDOWS\Installer\b5dce2e.msp
[2013/04/22 23:26:34 | 011,759,616 | R--- | M] () -- C:\WINDOWS\Installer\b5dce3e.msp
[2013/05/13 03:05:28 | 000,658,432 | R--- | M] () -- C:\WINDOWS\Installer\b5dce45.msp
[2013/06/18 07:15:50 | 006,696,448 | R--- | M] () -- C:\WINDOWS\Installer\b5dce59.msp
[2013/04/26 17:02:36 | 020,078,592 | R--- | M] () -- C:\WINDOWS\Installer\b5dce73.msp
[2013/04/26 08:37:42 | 010,860,544 | R--- | M] () -- C:\WINDOWS\Installer\b5dce7f.msp
[2009/10/21 23:16:59 | 000,442,880 | ---- | M] () -- C:\WINDOWS\Installer\b70777e.msi
[2010/12/19 18:15:37 | 000,038,400 | ---- | M] () -- C:\WINDOWS\Installer\b9c68c.msi
[2010/12/19 18:15:39 | 020,304,384 | R--- | M] () -- C:\WINDOWS\Installer\b9c692.msp
[2013/11/10 12:23:47 | 000,032,256 | ---- | M] () -- C:\WINDOWS\Installer\bca3f2.msi
[2009/03/07 16:32:53 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\be13be.msi
[2008/07/29 18:31:06 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\be13bf.msp
[2008/07/29 18:37:12 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\be13c0.msp
[2008/07/29 18:33:08 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\be13c1.msp
[2008/07/29 18:43:22 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\be13c2.msp
[2008/07/29 18:35:10 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\be13c3.msp
[2008/07/29 18:39:14 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\be13c4.msp
[2008/07/29 18:41:16 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\be13c5.msp
[2008/07/29 18:29:04 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\be13c6.msp
[2008/07/29 18:45:28 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\be13c7.msp
[2011/04/13 11:37:02 | 019,201,024 | R--- | M] () -- C:\WINDOWS\Installer\c033c0e.msp
[2011/03/25 09:03:44 | 005,079,552 | R--- | M] () -- C:\WINDOWS\Installer\c033c14.msp
[2010/11/25 09:01:52 | 000,510,464 | R--- | M] () -- C:\WINDOWS\Installer\c033c19.msp
[2010/09/22 15:02:06 | 004,076,032 | R--- | M] () -- C:\WINDOWS\Installer\c033c20.msp
[2010/09/17 07:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\c11a9bf.msp
[2009/10/16 23:14:12 | 000,122,880 | ---- | M] () -- C:\WINDOWS\Installer\c392a.msi
[2009/03/07 16:38:25 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\c4e311.msi
[2008/07/29 22:07:20 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\c4e312.msp
[2008/07/29 20:18:48 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\c4e313.msp
[2008/07/29 21:22:42 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\c4e314.msp
[2008/07/29 20:34:28 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\c4e315.msp
[2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\c4e316.msp
[2008/07/29 20:40:38 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\c4e317.msp
[2008/07/29 21:37:56 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\c4e318.msp
[2008/07/29 22:28:10 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\c4e319.msp
[2008/07/29 20:26:26 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\c4e31a.msp
[2008/07/29 22:23:12 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\c4e31b.msp
[2009/10/18 11:25:45 | 001,574,912 | ---- | M] () -- C:\WINDOWS\Installer\c5b0aa.msi
[2013/09/12 14:33:18 | 006,130,688 | R--- | M] () -- C:\WINDOWS\Installer\c5ce3.msp
[2013/07/22 13:41:26 | 000,371,200 | R--- | M] () -- C:\WINDOWS\Installer\c5d21.msp
[2013/09/18 17:23:50 | 004,347,904 | R--- | M] () -- C:\WINDOWS\Installer\c5d29.msp
[2013/07/08 08:06:14 | 001,235,456 | R--- | M] () -- C:\WINDOWS\Installer\c5d31.msp
[2013/09/11 15:01:28 | 007,682,560 | R--- | M] () -- C:\WINDOWS\Installer\c5d45.msp
[2013/09/04 18:56:48 | 005,980,160 | R--- | M] () -- C:\WINDOWS\Installer\c5d4d.msp
[2013/09/18 17:23:10 | 009,745,408 | R--- | M] () -- C:\WINDOWS\Installer\c5d5b.msp
[2013/07/22 01:46:20 | 011,019,264 | R--- | M] () -- C:\WINDOWS\Installer\c5d63.msp
[2013/09/04 18:56:14 | 011,640,832 | R--- | M] () -- C:\WINDOWS\Installer\c5d6a.msp
[2013/07/04 01:36:42 | 000,791,552 | R--- | M] () -- C:\WINDOWS\Installer\c5d71.msp
[2013/09/16 17:22:26 | 005,524,992 | R--- | M] () -- C:\WINDOWS\Installer\c5d85.msp
[2011/07/01 13:12:46 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\c6e7f41.msi
[2009/03/07 16:40:15 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\c6e9a7.msi
[2011/12/06 16:22:40 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\cc54e64.msp
[2010/07/10 20:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\d43f6b9.msp
[2010/05/19 13:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\d43f6d7.msp
[2006/02/28 09:28:04 | 001,501,696 | ---- | M] () -- C:\WINDOWS\Installer\dbec0.msi
[2006/02/28 09:28:17 | 000,235,008 | ---- | M] () -- C:\WINDOWS\Installer\dbef9.msi
[2006/02/28 09:28:28 | 000,305,152 | ---- | M] () -- C:\WINDOWS\Installer\dbf32.msi
[2006/02/28 09:29:01 | 000,754,176 | ---- | M] () -- C:\WINDOWS\Installer\dbf53.msi
[2010/12/25 14:58:34 | 005,754,880 | ---- | M] () -- C:\WINDOWS\Installer\e087247.msi
[2010/12/25 14:58:58 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\e08724c.msi
[2010/12/25 15:00:54 | 011,595,776 | ---- | M] () -- C:\WINDOWS\Installer\e087252.msi
[2009/05/03 16:59:35 | 000,024,064 | ---- | M] () -- C:\WINDOWS\Installer\e2b83.msi
[2013/07/17 13:33:26 | 016,541,184 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5a6.msp
[2013/05/29 14:19:46 | 006,832,640 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5c0.msp
[2013/07/11 05:30:06 | 008,865,792 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5c8.msp
[2013/08/14 13:11:04 | 006,743,040 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5e2.msp
[2013/08/06 09:55:42 | 010,988,032 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5f6.msp
[2013/08/03 13:12:54 | 004,347,904 | R--- | M] () -- C:\WINDOWS\Installer\e3ce5fe.msp
[2013/09/04 12:19:16 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\e3ce612.msp
[2013/05/08 21:37:18 | 009,744,896 | R--- | M] () -- C:\WINDOWS\Installer\e3ce61a.msp
[2013/08/22 17:40:10 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\e3ce62d.msp
[2010/09/25 16:17:39 | 000,445,952 | ---- | M] () -- C:\WINDOWS\Installer\e7185b0.msi
[2009/11/25 04:00:29 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\e84a63f.msi
[2008/03/14 08:35:17 | 000,355,328 | ---- | M] () -- C:\WINDOWS\Installer\f06f455.msi
[2009/08/18 13:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\f442cdb.msp
[2009/03/04 17:25:36 | 000,062,464 | ---- | M] () -- C:\WINDOWS\Installer\f73af8.msi
[2012/07/18 15:54:24 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\fe729ac.msp
[2012/08/06 13:24:02 | 007,682,560 | R--- | M] () -- C:\WINDOWS\Installer\fe729c0.msp
[2013/09/22 09:21:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}.SchedServiceConfig.rmi
[2011/08/08 21:47:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2010/12/22 21:11:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{308B6AEA-DE50-4666-996D-0FA461719D6B}.SchedServiceConfig.rmi
[2014/02/12 04:23:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2012/12/09 13:29:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{459699C3-9430-4381-964B-4248D87B49F9}.SchedServiceConfig.rmi
[2011/02/02 01:26:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}.SchedServiceConfig.rmi
[2013/11/09 19:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{5FEF2583-382C-4795-947F-CE54E3F0E16A}.SchedServiceConfig.rmi
[2009/10/16 22:46:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{659B48CD-0608-4ED5-94C0-0B6C87114F10}.SchedServiceConfig.rmi
[2013/10/06 08:49:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{71980982-AEA1-480C-B748-0CB376DACDFE}.SchedServiceConfig.rmi
[2011/01/25 22:32:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi
[2011/11/19 16:04:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8153ED9A-C94A-426E-9880-5E6775C08B62}.SchedServiceConfig.rmi
[2010/06/24 20:32:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi
[2012/06/30 13:19:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi
[2011/10/23 08:49:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}.SchedServiceConfig.rmi
[2009/03/07 16:38:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[2009/10/18 21:10:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi
[2010/04/01 23:23:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{B5C3B892-0849-476C-9F46-B12F84819D57}.SchedServiceConfig.rmi
[2011/07/12 12:01:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C23CD6DA-1958-43A5-ADD0-59396572E02E}.SchedServiceConfig.rmi
[2011/03/13 14:05:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi
[2010/09/12 20:49:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi
[2012/09/16 13:37:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi
[2012/02/06 22:45:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}.SchedServiceConfig.rmi
[2013/08/04 22:12:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{E14ADE0E-75F3-4A46-87E5-26692DD626EC}.SchedServiceConfig.rmi
[2012/04/07 22:27:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi
[131 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/07 11:23:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/07 11:23:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 08:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 08:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 08:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/04 08:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 08:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: REGEDIT.EXE >
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2004/08/04 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USER32.DLL >
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 08:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 08:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 20:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 20:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\shell\open\command\\: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Dave\shell\open\command\\: "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.XADUN7LKGMJMGVUR5RRKQO7NJY\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/01/18 20:25:38 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/01/18 20:30:09 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/01 19:05:08 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job
[2010/02/04 22:55:57 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/04 22:55:57 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/03/13 12:53:51 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2010/03/13 12:53:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2010/03/13 16:25:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2010/03/13 16:25:27 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2010/03/23 14:43:05 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2010/03/23 14:43:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2010/03/29 01:32:06 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2010/03/29 01:32:06 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2010/03/29 13:51:26 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2010/03/29 13:51:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2010/06/18 17:15:01 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job
[2011/04/30 21:39:33 | 000,000,982 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job
[2011/06/22 11:26:09 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2012/04/01 19:32:17 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/12/24 14:54:28 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2012/12/25 14:11:03 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2013/01/24 23:58:01 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2013/01/24 23:58:01 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2013/05/27 13:36:16 | 000,000,278 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2013/06/23 08:44:09 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/04/05 19:01:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/05 19:01:49 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/13 14:15:26 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< %Temp%\smtmp\* \s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 6400-C290
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:20 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014 04:20 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:23 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014 04:11 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 89,201,278,976 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\iaStor.sys:SummaryInformation
@Alternate Data Stream - 372 bytes -> C:\WINDOWS\System32\drivers\yaavshhi.sys:changelist
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >


----------



## 7dees (Oct 4, 2009)

OTL Extras logfile created on: 7/1/2014 9:02:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.70% Memory free
4.34 Gb Paging File | 3.39 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.01 Gb Total Space | 83.15 Gb Free Space | 27.90% Space Free | Partition Type: NTFS

Computer Name: KITCHEN | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"9444:TCP" = 9444:TCP:*:Enabled:BitComet 9444 TCP
"9444:UDP" = 9444:UDP:*:Enabled:BitComet 9444 UDP
"9100:TCP" = 9100:TCP:*:EnabledORT_9100_TCP
"161:UDP" = 161:UDP:*:EnabledORT_161_UDP
"427:UDP" = 427:UDP:*:EnabledORT_427_UDP
"443:TCP" = 443:TCP:*isabledoVoo TCP port 443
"443:UDP" = 443:UDP:*isabledoVoo UDP port 443
"37674:TCP" = 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP" = 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP" = 37675:UDP:*isabledoVoo UDP port 37675
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management 
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\team fortress 2\hl2.exe" = C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Dave\Local Settings\Temp\7zS46.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\7zS46.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Dave\Local Settings\Temp\7zS46.tmp\setup\hponicifs01.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\7zS46.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*isabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\Dave\Local Settings\Temp\7zSEF.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\7zSEF.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Dave\Local Settings\Temp\7zSEF.tmp\setup\hponicifs01.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\7zSEF.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:EnabledoVoo
"C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\counter-strike source\hl2.exe" = C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Documents and Settings\Fred\Desktop\steamapps\common\grand theft auto san andreas\gta-sa.exe" = C:\Documents and Settings\Fred\Desktop\steamapps\common\grand theft auto san andreas\gta-sa.exe:*:Enabled:Grand Theft Auto: San Andreas -- ()
"C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\garrysmod\hl2.exe" = C:\Documents and Settings\Fred\Desktop\steamapps\[email protected]\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Fred\Desktop\Steam.exe" = C:\Documents and Settings\Fred\Desktop\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3d64690e-3f92-4b47-b197-0ce4b689798b}" = TOSHIBA gigabeat applications
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6895B14D-FE34-502A-CF35-4BD7573F65B4}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}" = cladDVD .NET v3.5.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91E9B920-0BA0-8020-496A-622AF456337F}" = AMD Catalyst Install Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7E5329-5751-435B-B585-0EFF51783A20}" = NWZ-E350 WALKMAN Guide
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1B3A995-2FA8-46F1-9C3F-B3913CD0C3D4}" = iPodRip
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3E98E64-683E-4271-9D39-88B1AAB1AE7B}" = L7600
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C97CA73D-E96B-4B42-830E-D0F7BD780FB8}_is1" = e-Saver version 3.1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"AIM_7" = AIM 7
"Any Video Converter_is1" = Any Video Converter 5.0.8
"Ares Tube_is1" = Ares Tube 3.0
"Audacity_is1" = Audacity 1.2.6
"Avast" = avast! Free Antivirus
"AVS DVDtoGO_is1" = AVS DVDtoGO 1.4.2
"Cisco Connect" = Cisco Connect
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2011" = Family Tree Maker 2011
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Global Star Software" = Global Star Software
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Handbrake" = Handbrake 2.4.1
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"LG USB Drivers" = LG USB Drivers
"LimeWire" = LimeWire 5.5.8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mavis Beacon Teaches Typing 17" = Mavis Beacon Teaches Typing 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Cubicle Chaos for Pocket PC" = Microsoft Cubicle Chaos for Pocket PC (Remove Only)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoniGPSPlot" = NoniGPSPlot
"PC-Doctor for Windows" = My Dell
"pdfFactory" = pdfFactory
"Qtrax 20080125" = Qtrax 0.2beta (20080125)
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"Savings Bond Wizard" = Savings Bond Wizard
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Arcadesafari" = Arcadesafari
"JNLP" = JNLP

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2014 1:22:43 PM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8411.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2014 9:08:03 AM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8411.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2014 8:46:09 AM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8411.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/29/2014 9:32:55 PM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/29/2014 9:49:06 PM | Computer Name = KITCHEN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/30/2014 8:27:57 AM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.

Error - 6/30/2014 8:29:20 AM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wot.dll, version 12.8.2.0, fault address 0x00017fe0.

Error - 7/1/2014 9:09:38 AM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wot.dll, version 12.8.2.0, fault address 0x00017fe0.

Error - 7/1/2014 8:54:35 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wot.dll, version 12.8.2.0, fault address 0x00017fe0.

Error - 7/1/2014 8:54:45 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1001
Description = Fault bucket -1195033317.

[ System Events ]
Error - 6/29/2014 3:56:38 PM | Computer Name = KITCHEN | Source = Print | ID = 23
Description = Printer HP OfficeJet T Series Printer failed to initialize because
a suitable HP OfficeJet T Series Printer driver could not be found.

Error - 6/29/2014 3:57:01 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 6/29/2014 3:57:32 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 6/29/2014 4:02:00 PM | Computer Name = KITCHEN | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000034, parameter2 00000002, parameter3
00000000, parameter4 f7b1cfef.

Error - 6/29/2014 4:49:47 PM | Computer Name = KITCHEN | Source = Print | ID = 23
Description = Printer HP OfficeJet T Series Printer failed to initialize because
a suitable HP OfficeJet T Series Printer driver could not be found.

Error - 6/29/2014 4:50:00 PM | Computer Name = KITCHEN | Source = Ma730Pt | ID = 393234
Description =

Error - 6/29/2014 4:50:02 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated 
with the following error: %%126

Error - 6/29/2014 4:50:02 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%2001

Error - 6/29/2014 4:50:02 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%2001

Error - 6/29/2014 4:50:48 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs, was out all yesterday, as the Tour De France was ending where I live :up:

Anyway, still plodding thru the logs, and one thing caught my eye, so can you do this whilst I still go through them:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## 7dees (Oct 4, 2009)

ComboFix 14-07-07.01 - Dave 07/07/2014 21:04:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.552 [GMT -4:00]
Running from: c:\documents and settings\Dave\Desktop\username123.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dave\Application Data\alot
c:\documents and settings\Dave\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Dave\Recent\Thumbs.db
c:\documents and settings\Dave\WINDOWS
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\explorer(2).exe
c:\windows\wininit.ini
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2014-06-08 to 2014-07-08 )))))))))))))))))))))))))))))))
.
.
2014-07-03 08:40 . 2014-07-03 08:40 43152 ----a-w- c:\windows\avastSS.scr
2014-06-29 20:54 . 2014-06-29 20:53 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-29 20:53 . 2014-06-29 20:53 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 00:16 . 2014-04-06 00:00 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 10:15 . 2014-04-13 18:14 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-03 08:40 . 2014-04-13 18:14 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-03 08:40 . 2014-04-13 18:14 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-03 08:40 . 2014-05-07 10:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-03 08:40 . 2014-04-13 18:14 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-03 08:40 . 2014-04-13 18:14 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-03 08:40 . 2014-04-13 18:14 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-07-03 08:40 . 2014-04-13 18:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-03 08:40 . 2014-04-13 18:14 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-17 22:29 . 2014-05-17 22:29 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
2014-05-14 15:21 . 2012-04-01 23:32 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 15:21 . 2011-05-15 14:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:26 . 2014-04-05 23:31 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2013-11-09 16:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-07 10:15 . 2014-04-13 18:14 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1399889707500
2014-05-07 10:15 . 2014-04-13 18:14 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1399889707500
2007-06-29 02:58 . 2007-06-29 02:58 774144 ---ha-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-05-01 1500952]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-03 08:40 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-01 606208]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-01 295512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-03 4086432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Dave\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Dave\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-5 210520]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-10-01 20:20 3634024 ----a-w- c:\program files\AIM7\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]
2007-03-07 15:53 198184 ----a-w- c:\program files\twc\medicsp2\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosGbWatcher]
2004-12-09 06:10 94280 ----a-w- c:\program files\TOSHIBA\gigabeat room\TosGbWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Fred\\Desktop\\steamapps\\[email protected]\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Fred\\Desktop\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\Fred\\Desktop\\steamapps\\common\\grand theft auto san andreas\\gta-sa.exe"=
"c:\\Documents and Settings\\Fred\\Desktop\\steamapps\\[email protected]\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Fred\\Desktop\\Steam.exe"=
"c:\\Documents and Settings\\Dave\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9444:TCP"= 9444:TCP:BitComet 9444 TCP
"9444:UDP"= 9444:UDP:BitComet 9444 UDP
"9100:TCP"= 9100:TCPORT_9100_TCP
"161:UDP"= 161:UDPORT_161_UDP
"427:UDP"= 427:UDPORT_427_UDP
"443:TCP"= 443:TCP:*isabledoVoo TCP port 443
"443:UDP"= 443:UDP:*isabledoVoo UDP port 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP port 37675
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/13/2014 2:14 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/13/2014 2:14 PM 192352]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2/7/2006 3:45 PM 6097]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2/14/2006 8:11 PM 164256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [4/13/2014 2:14 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [4/13/2014 2:14 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/7/2014 6:15 AM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/13/2014 2:14 PM 67824]
R2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [5/17/2014 6:29 PM 18224]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/5/2014 7:31 PM 53208]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 2:01 AM 399416]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [10/5/2007 5:31 AM 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [10/5/2007 5:31 AM 23376]
S0 kwlojb;kwlojb;c:\windows\system32\drivers\rkjqe.sys --> c:\windows\system32\drivers\rkjqe.sys [?]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe -k HPHNDUService [8/4/2004 8:00 AM 14336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/5/2014 7:31 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/5/2014 7:31 PM 860472]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [6/29/2008 3:50 PM 202280]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 12:08 PM 11336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/9/2013 12:01 PM 23256]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2/7/2006 3:45 PM 299923]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" --> c:\program files\StumbleUpon\StumbleUponUpdateService.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPHNDUService REG_MULTI_SZ HPHNDUSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 14:21 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:21]
.
2014-07-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-03 08:40]
.
2014-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-07 20:54]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:55]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:55]
.
2014-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job
- c:\documents and settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-01 01:39]
.
2014-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-01 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-06-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-07-08 c:\windows\Tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
2014-07-07 c:\windows\Tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: adobe.com\get
Trusted Zone: apple.com\support
Trusted Zone: bestbuy.com\myrewardzone
Trusted Zone: chase.com
Trusted Zone: chase.com\payments
Trusted Zone: dell.com
Trusted Zone: homechannelnews.com\www
Trusted Zone: ingplans.com\snapon
Trusted Zone: intuit.com\ttlc
Trusted Zone: secunia.com
Trusted Zone: techguy.org
Trusted Zone: techguy.org\forums
Trusted Zone: vevo.com\www
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-cafwc - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
MSConfigStartUp-capfasem - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
MSConfigStartUp-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
AddRemove-StumbleUponIEToolbar - c:\program files\StumbleUpon\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-07 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2014-07-07 21:30:38
ComboFix-quarantined-files.txt 2014-07-08 01:30
.
Pre-Run: 88,305,995,776 bytes free
Post-Run: 93,778,866,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=C:\stage0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
C:\stage0="Run GrimeFighter"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\="Back to Windows"
.
- - End Of File - - D43FA53B2491E3A020116AB28036CC80
8F558EB6672622401DA993E1E865C861


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Lets run the following tools, as there are some things showing that may have more there:

---

Please download *Malwarebytes' Anti-Malware* from *Here* or *Here*


Double Click the downloaded *mbam-setup-x.x.x.xxxx.exe* to install the application. (x.x.x.xxxx represents the current version number).

During installation, make sure *uncheck* *Enable free trial of Malwarebytes Anti-Malware Premium*, then click *Finish*. You can always upgrade later  :










If an update is found, it will download and install the latest updates automatically:










Now select the *Settings* tab, and check the box next to *Scan for rootkits*:










Go back to the *Dashboard* tab, and click the *Scan Now* button:










The scan may take some time to finish,so please be patient.










When the scan is complete, it will show you the results. (This one is clean):










Make sure that *everything is checked*, and click *Quarantine All* (or similar).

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select *View detailed log* in the *Scan* tab:










The log is automatically saved by MBAM and can be viewed by going to the *History* tab and clicking on *Application Logs*:










Choose the latest Scan Log, and click on the *View* button:










In the bottom of the *Scanning History Log* window that opens, you can click on *Export > Save to Text file (*.txt*). Save the report to your Desktop.










Copy & Paste the entire contents of the report log in your next reply.

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.*

*** In your next reply, I need you to Copy&Paste the contents of the *MBAM log file*.

--------------------------

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

--------------------------------

Go here, to download and save *AdwCleaner.exe* to your desktop.



Just click on the *Download Now @BleepingComputer*

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click *AdwCleaner.exe* to load its main window.

Click the *Scan* button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

---------

eddie_


----------



## 7dees (Oct 4, 2009)

Hello there Eddie,

I have not been able to proceed beyond the Malwarebytes instructions. SUPERAntiSpyware will not run a complete scan without the paid version and before I did that wanted to get your feedback.

Here is the MBAM log.

Please advise.

Regards,

Dave

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/11/2014
Scan Time: 10:31:19 PM
Logfile: MBAM _log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.11.10
Rootkit Database: v2014.07.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dave
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 655376
Time Elapsed: 3 hr, 5 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)


----------



## eddie5659 (Mar 19, 2001)

Hi

I'm at work at the moment, but will look at SUPERAntiSpyware when I get home, so leave that scan. Can you run the AdwCleaner scan for now, and when I've lost the will to live at work, I'll have a look when home


----------



## 7dees (Oct 4, 2009)

Eddie hold off. I was able to start the full scan. It was a PIC issue.


----------



## 7dees (Oct 4, 2009)

Eddie,
SUPERAntiSpyware update:
Tried to run this twice. First time it hangs up about 30 minutes in and second time it ran a little longer but I got a blue screen.

Here's the Adware log:

# AdwCleaner v3.215 - Report created 12/07/2014 at 18:38:05
# Updated 09/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dave - KITCHEN
# Running from : C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\DOCUME~1\Terri\LOCALS~1\Temp\uninstaller.exe
Folder Found : C:\Documents and Settings\Dave\Application Data\Uniblue
Folder Found : C:\Program Files\Uniblue
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Uniblue
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\qtrax
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v
[ File : C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\u0pkjrki.default\prefs.js ]

[ File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\gxm6gb4t.default\prefs.js ]

[ File : C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\ypt37ovx.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
Found [Search Provider] : hxxp://isearch.avg.com/search?cid={8CEA2F5C-653B-41F9-9502-0CCD820EBC2E}&mid=491c4c10929547d0a2a4d158574a3cd2-0c8e6d266eaa8a34a54adb9b44f48edb6a96684b&lang=en&ds=od011&pr=sa&d=2012-05-12 20:04:40&v=11.0.0.9&sap=dsp&q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[ File : C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : licjnkifamhpbaefhdpacpmihicfbomb
*************************
AdwCleaner[R0].txt - [4349 octets] - [12/07/2014 18:19:55]
AdwCleaner[R1].txt - [4269 octets] - [12/07/2014 18:38:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4329 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Okay, as SUPERAntiSpyware seems to be having trouble, leave that program. In fact, if you have managed to install it, just uninstall it 

Looks like AdwCleaner found stuff, so lets remove that first:

-----

Re-run AdwCleaner with the *Scan* option. After its finished scanning, click the *Clean* button.

Allow the cleaning process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

================

Can you then run the following OTL fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\7zS0B1D\HPHNDUSVC.dll -- (HPHNDUSVC)
MOD - [2014/07/01 20:40:15 | 000,043,008 | ---- | M] () -- c:\Documents and Settings\Dave\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidvvs4.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rkjqe.sys -- (kwlojb)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.003\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1003\..\SearchScopes\{F80E78A2-A5BE-4897-8C0B-B32AA0E0E16E}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\URLSearchHook: {20a320d1-d26b-48e5-a301-1dc697606798} - No CLSID value found
IE - HKU\S-1-5-21-1614895754-287218729-682003330-1004\..\SearchScopes\{0624FAA1-E56C-495A-A2B2-134C60CE857C}: "URL" = http://search.conduit.com/ResultsExt...131249209&UM=2
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {adff4c9a-4f49-4a1f-8885-360e107b7938} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1003..\Run: [DellSystemDetect] C:\Documents and Settings\Dave\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O4 - HKU\S-1-5-21-1614895754-287218729-682003330-1004..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor...n/pestscan.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemp...ogin-devel.cab (SecureLogin class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0} - Viewpoint Media Player
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 372 bytes -> C:\WINDOWS\System32\drivers\yaavshhi.sys:changelist
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[131 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
:Services
kwlojb
:Files
System32\drivers\rkjqe.sys
ipconfig /flushdns /c
:Commands
[emptytemp]
[purity]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

===========================

Then, again using OTL, can you run the following scan:

Run *OTL*

Hit *None* button.

Under the *Custom Scans/Fixes* box at the bottom, paste in the following



> C:\WINDOWS\System32\nuhukugo /created



Hit *Run Scan* button.

===========================

And then, an you run this scan. It will produce a large log, but very curious about the drivers you have, as one is being removed in the OTL fix, want to see what else there is:

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*








Put a checkmark beside *loaded modules*.








A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.








Click the *Start Scan* button.








The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.








 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*









*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

============================

Thanks

eddie


----------



## 7dees (Oct 4, 2009)

Hello Eddie.
Thank you for doing all this for me.
Here are the logs as directed.
AdwCleaner 7dees
# AdwCleaner v3.215 - Report created 16/07/2014 at 20:28:15
# Updated 09/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dave - KITCHEN
# Running from : C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Documents and Settings\Dave\Application Data\Uniblue
File Deleted : C:\DOCUME~1\Terri\LOCALS~1\Temp\uninstaller.exe
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\Software\qtrax
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v
[ File : C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\u0pkjrki.default\prefs.js ]

[ File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\gxm6gb4t.default\prefs.js ]

[ File : C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\ypt37ovx.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153
[ File : C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={8CEA2F5C-653B-41F9-9502-0CCD820EBC2E}&mid=491c4c10929547d0a2a4d158574a3cd2-0c8e6d266eaa8a34a54adb9b44f48edb6a96684b&lang=en&ds=od011&pr=sa&d=2012-05-12 20:04:40&v=11.0.0.9&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[ File : C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : licjnkifamhpbaefhdpacpmihicfbomb
*************************
AdwCleaner[R0].txt - [4349 octets] - [12/07/2014 18:19:55]
AdwCleaner[R1].txt - [4409 octets] - [12/07/2014 18:38:05]
AdwCleaner[R2].txt - [4469 octets] - [16/07/2014 20:08:46]
AdwCleaner[S0].txt - [4294 octets] - [16/07/2014 20:28:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4354 octets] ##########

OTL 1 7dees

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service StumbleUponUpdateService stopped successfully!
Service StumbleUponUpdateService deleted successfully!
File C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe not found.
Service HPHNDUSVC stopped successfully!
Service HPHNDUSVC deleted successfully!
File C:\DOCUME~1\Dave\LOCALS~1\Temp\7zS0B1D\HPHNDUSVC.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service kwlojb stopped successfully!
Service kwlojb deleted successfully!
File System32\drivers\rkjqe.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMINI~1.003\LOCALS~1\Temp\catchme.sys not found.
Service AtiHDAudioService stopped successfully!
Service AtiHDAudioService deleted successfully!
File system32\drivers\AtihdXP3.sys not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{F80E78A2-A5BE-4897-8C0B-B32AA0E0E16E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F80E78A2-A5BE-4897-8C0B-B32AA0E0E16E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a320d1-d26b-48e5-a301-1dc697606798}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0624FAA1-E56C-495A-A2B2-134C60CE857C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0624FAA1-E56C-495A-A2B2-134C60CE857C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adff4c9a-4f49-4a1f-8885-360e107b7938}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5093EB4C-3E93-40AB-9266-B607BA87BDC8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5093EB4C-3E93-40AB-9266-B607BA87BDC8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DellSystemDetect not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\StumbleUpon PhotoBlog It!\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {01113300-3E00-11D2-8470-0060089874ED}
C:\WINDOWS\Downloaded Program Files\tgctlcm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01113300-3E00-11D2-8470-0060089874ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {56393399-041A-4650-94C7-13DFCB1F4665}
C:\WINDOWS\Downloaded Program Files\pestscanx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56393399-041A-4650-94C7-13DFCB1F4665}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56393399-041A-4650-94C7-13DFCB1F4665}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6E30BCB-31BC-6ECE-31D9-DF4FBE25AFC0}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
ADS C:\WINDOWS\System32\drivers\yaavshhi.sys:changelist deleted successfully.
C:\WINDOWS\DUMP3bef.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\Installer\MSI10.tmp deleted successfully.
C:\WINDOWS\Installer\MSI109.tmp deleted successfully.
C:\WINDOWS\Installer\MSI10F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI11.tmp deleted successfully.
C:\WINDOWS\Installer\MSI111.tmp deleted successfully.
C:\WINDOWS\Installer\MSI11B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI12.tmp deleted successfully.
C:\WINDOWS\Installer\MSI13.tmp deleted successfully.
C:\WINDOWS\Installer\MSI134.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1346.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1384.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1385.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1386.tmp deleted successfully.
C:\WINDOWS\Installer\MSI14.tmp deleted successfully.
C:\WINDOWS\Installer\MSI146.tmp deleted successfully.
C:\WINDOWS\Installer\MSI155.tmp deleted successfully.
C:\WINDOWS\Installer\MSI156.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI16.tmp deleted successfully.
C:\WINDOWS\Installer\MSI17.tmp deleted successfully.
C:\WINDOWS\Installer\MSI18.tmp deleted successfully.
C:\WINDOWS\Installer\MSI185E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI19.tmp deleted successfully.
C:\WINDOWS\Installer\MSI196.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1AE.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B1.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B4.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B7.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1BA.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI20.tmp deleted successfully.
C:\WINDOWS\Installer\MSI21.tmp deleted successfully.
C:\WINDOWS\Installer\MSI22.tmp deleted successfully.
C:\WINDOWS\Installer\MSI23.tmp deleted successfully.
C:\WINDOWS\Installer\MSI24.tmp deleted successfully.
C:\WINDOWS\Installer\MSI25.tmp deleted successfully.
C:\WINDOWS\Installer\MSI26.tmp deleted successfully.
C:\WINDOWS\Installer\MSI27.tmp deleted successfully.
C:\WINDOWS\Installer\MSI28.tmp deleted successfully.
C:\WINDOWS\Installer\MSI29.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2BA.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI308.tmp deleted successfully.
C:\WINDOWS\Installer\MSI32.tmp deleted successfully.
C:\WINDOWS\Installer\MSI33.tmp deleted successfully.
C:\WINDOWS\Installer\MSI35.tmp deleted successfully.
C:\WINDOWS\Installer\MSI36.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI3F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI40.tmp deleted successfully.
C:\WINDOWS\Installer\MSI41.tmp deleted successfully.
C:\WINDOWS\Installer\MSI42.tmp deleted successfully.
C:\WINDOWS\Installer\MSI45.tmp deleted successfully.
C:\WINDOWS\Installer\MSI48.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4A2.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI508.tmp deleted successfully.
C:\WINDOWS\Installer\MSI511.tmp deleted successfully.
C:\WINDOWS\Installer\MSI53.tmp deleted successfully.
C:\WINDOWS\Installer\MSI58.tmp deleted successfully.
C:\WINDOWS\Installer\MSI59.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI61.tmp deleted successfully.
C:\WINDOWS\Installer\MSI66.tmp deleted successfully.
C:\WINDOWS\Installer\MSI67.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7.tmp deleted successfully.
C:\WINDOWS\Installer\MSI70.tmp deleted successfully.
C:\WINDOWS\Installer\MSI72.tmp deleted successfully.
C:\WINDOWS\Installer\MSI74A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7C4.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7C8.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7E8.tmp deleted successfully.
C:\WINDOWS\Installer\MSI806.tmp deleted successfully.
C:\WINDOWS\Installer\MSI807.tmp deleted successfully.
C:\WINDOWS\Installer\MSI808.tmp deleted successfully.
C:\WINDOWS\Installer\MSI809.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI82E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI85.tmp deleted successfully.
C:\WINDOWS\Installer\MSI87.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9.tmp deleted successfully.
C:\WINDOWS\Installer\MSI90.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI9F7.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA35.tmp deleted successfully.
C:\WINDOWS\Installer\MSIADD.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB1C.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB1D.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB1E.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB22.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB60.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB9.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBC.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC8.tmp deleted successfully.
C:\WINDOWS\Installer\MSID.tmp deleted successfully.
C:\WINDOWS\Installer\MSID13.tmp deleted successfully.
C:\WINDOWS\Installer\MSIDFB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE39.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE3A.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE3B.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE3C.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE3D.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF1.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF5.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF8.tmp deleted successfully.
C:\WINDOWS\Installer\MSIFB.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named kwlojb was found to stop!
Service\Driver key kwlojb not found.
========== FILES ==========
File\Folder System32\drivers\rkjqe.sys not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Dave\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dave\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 117614 bytes

User: Administrator.KITCHEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 159991 bytes
->Google Chrome cache emptied: 6314523 bytes
->Flash cache emptied: 1121 bytes

User: All Users

User: Brian

User: Dave
->Temp folder emptied: 2724841 bytes
->Temporary Internet Files folder emptied: 21325488 bytes
->Java cache emptied: 54549005 bytes
->FireFox cache emptied: 125323528 bytes
->Google Chrome cache emptied: 444568020 bytes
->Flash cache emptied: 58612 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Fred
->Temp folder emptied: 191002033 bytes
->Temporary Internet Files folder emptied: 558247186 bytes
->Java cache emptied: 48387478 bytes
->FireFox cache emptied: 7055826 bytes
->Apple Safari cache emptied: 548864 bytes
->Flash cache emptied: 625 bytes

User: Kevin

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131206 bytes
->Flash cache emptied: 379 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: Terri
->Temp folder emptied: 1198723428 bytes
->Temporary Internet Files folder emptied: 172808777 bytes
->Java cache emptied: 31685611 bytes
->FireFox cache emptied: 7538243 bytes
->Google Chrome cache emptied: 22835115 bytes
->Flash cache emptied: 67866 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111943044 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 277010826 bytes

Total Files Cleaned = 3,131.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07162014_210058
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

OTL 2 7dees

OTL logfile created on: 7/16/2014 9:19:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.12% Memory free
3.35 Gb Paging File | 2.95 Gb Available in Paging File | 88.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.01 Gb Total Space | 92.50 Gb Free Space | 31.04% Space Free | Partition Type: NTFS

Computer Name: KITCHEN | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/01 20:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2014/06/29 16:53:45 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/06/20 13:59:37 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2013/09/01 07:48:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/01/07 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - [2014/07/09 07:20:34 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/29 16:53:45 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2)

========== Driver Services (SafeList) ==========

DRV - [2014/05/17 18:29:07 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ei2c.sys -- (ei2c)
DRV - [2014/05/12 07:26:02 | 000,053,208 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 12:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/09/21 12:23:22 | 000,103,040 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730Pt.sys -- (Ma730Pt)
DRV - [2005/11/22 14:32:14 | 000,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 15:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/05/07 22:56:20 | 000,164,256 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\spssys.sys -- (Spssys)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{24B35CFA-7B4D-4944-970B-D0AA566DC971}: "URL" = http://search.about.com/fullsearch.htm?terms={searchTerms}
IE - HKCU\..\SearchScopes\{3CAC5B07-69D9-4942-9F73-B5138EE98BC7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{7E294B0C-4BAF-4079-93A8-848BF8411410}: "URL" = http://asp.usatoday.com/search/yahoo/search.aspx?qt=both&nr=5&kw={searchTerms}
IE - HKCU\..\SearchScopes\{80206BF9-E59F-4CD4-A61C-EF35D179BF86}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{8C902FFD-BCD3-4CB7-851A-2CEBD695789E}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKCU\..\SearchScopes\{DBCAD0D1-4B42-4C78-BDF0-3577B324624F}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKCU\..\SearchScopes\{DC199251-75F3-46BE-883C-6B1813B6AA54}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{FCD22380-6488-4054-9E50-D8D4C76A0DF7}: "URL" = http://www.target.com/gp/search.html?field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/10/21 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/24 14:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/01 07:49:29 | 000,000,000 | ---D | M]

[2009/04/12 01:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2013/06/28 23:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\u0pkjrki.default\extensions
[2012/07/29 10:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/29 10:21:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/18 18:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language},
CHR - homepage: http://www.msn.com/?pc=AV01
CHR - plugin: First user (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/07/07 21:26:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKCU\..Trusted Domains: apple.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: apple.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bestbuy.com ([myrewardzone] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([payments] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: homechannelnews.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingplans.com ([snapon] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techguy.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techguy.org ([forums] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vevo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1356485608921 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1345999640203 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FABA57E8-3BAA-4FB3-B0FA-B10C8B8A4711}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 20:27:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/16 21:00:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/12 18:22:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/07/12 18:19:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/12 07:17:14 | 020,060,384 | ---- | C] (SUPERAntiSpyware) -- C:\Documents and Settings\Dave\Desktop\SUPERAntiSpyware.exe
[2014/07/07 20:41:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/07/07 20:37:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/07/07 20:37:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/07/07 20:37:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/07/07 20:37:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/07/07 20:37:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/07 20:26:28 | 005,215,766 | R--- | C] (Swearware) -- C:\Documents and Settings\Dave\Desktop\username123.exe
[2014/07/01 20:54:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2014/06/29 16:54:11 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/06/29 16:54:11 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/06/29 16:53:56 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/06/29 16:53:56 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/06/29 16:53:56 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/06/29 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/06/29 16:38:30 | 029,405,096 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
[2007/06/28 22:58:50 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/03/21 06:26:57 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll

========== Files - Modified Within 30 Days ==========

[2014/07/16 21:20:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/16 21:20:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job
[2014/07/16 21:14:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/16 21:14:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/16 21:14:19 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/16 21:14:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/16 21:13:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/16 21:13:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/16 21:13:28 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/16 21:13:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/16 21:13:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/16 21:13:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2014/07/16 21:13:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/16 21:13:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/16 21:13:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2014/07/16 21:13:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/16 21:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/16 14:53:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/07/16 11:44:05 | 017,524,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2014/07/16 11:44:04 | 007,831,552 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2014/07/16 09:47:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/07/16 08:23:55 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job
[2014/07/14 21:44:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job
[2014/07/12 18:17:56 | 001,348,263 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
[2014/07/12 11:29:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
[2014/07/12 07:17:25 | 020,060,384 | ---- | M] (SUPERAntiSpyware) -- C:\Documents and Settings\Dave\Desktop\SUPERAntiSpyware.exe
[2014/07/10 22:58:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/10 22:58:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
[2014/07/09 07:20:32 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/09 07:20:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/07 22:30:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job
[2014/07/07 21:26:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/07 20:41:34 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2014/07/07 20:26:41 | 005,215,766 | R--- | M] (Swearware) -- C:\Documents and Settings\Dave\Desktop\username123.exe
[2014/07/01 22:12:44 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
[2014/07/01 20:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2014/07/01 13:11:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
[2014/06/29 16:53:45 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/06/29 16:53:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/06/29 16:53:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/06/29 16:53:44 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/06/29 16:53:44 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/06/29 16:38:31 | 029,405,096 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
[2014/06/28 15:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job
[2014/06/18 21:58:54 | 001,003,455 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond back.pdf
[2014/06/18 21:57:36 | 001,290,297 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond front.pdf

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nuhukugo
[2014/07/12 18:17:52 | 001,348,263 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
[2014/07/07 20:37:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/07/07 20:37:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/07/07 20:37:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/07/07 20:37:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/07/07 20:37:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/07/01 22:12:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
[2014/06/18 21:59:19 | 001,290,297 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond front.pdf
[2014/06/18 21:59:19 | 001,003,455 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\James Karr Marriage Bond back.pdf
[2013/11/09 19:14:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
[2013/10/02 21:57:19 | 000,244,442 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-287218729-682003330-1003-0.dat
[2013/07/20 22:35:37 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/07/20 13:35:50 | 000,244,442 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/16 10:58:51 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\store-pp.jbs
[2009/03/04 19:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\core
[2008/01/08 20:05:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\$_hpcst$.hpc
[2006/02/02 17:32:04 | 000,005,822 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/26 18:21:58 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/01/19 00:56:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< C:\WINDOWS\System32\nuhukugo /created >
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\nuhukugo

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\iaStor.sys:SummaryInformation
< End of report >

File to large END of Part 1 of 3


----------



## 7dees (Oct 4, 2009)

tdsskiller log 7dees

21:38:10.0750 0x0970 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:38:11.0140 0x0970 ============================================================
21:38:11.0140 0x0970 Current date / time: 2014/07/16 21:38:11.0140
21:38:11.0140 0x0970 SystemInfo:
21:38:11.0140 0x0970 
21:38:11.0140 0x0970 OS Version: 5.1.2600 ServicePack: 3.0
21:38:11.0140 0x0970 Product type: Workstation
21:38:11.0140 0x0970 ComputerName: KITCHEN
21:38:11.0140 0x0970 UserName: Dave
21:38:11.0140 0x0970 Windows directory: C:\WINDOWS
21:38:11.0140 0x0970 System windows directory: C:\WINDOWS
21:38:11.0140 0x0970 Processor architecture: Intel x86
21:38:11.0140 0x0970 Number of processors: 1
21:38:11.0140 0x0970 Page size: 0x1000
21:38:11.0140 0x0970 Boot type: Normal boot
21:38:11.0140 0x0970 ============================================================
21:38:11.0140 0x0970 BG loaded
21:38:12.0109 0x0970 System UUID: {6AFD5C25-F1B4-8979-0F53-3C9F335728B0}
21:38:14.0546 0x0970 Drive \Device\Harddisk0\DR0 - Size: 0x4A81740000 ( 298.02 Gb ), SectorSize: 0x200, Cylinders: 0x97F8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:14.0578 0x0970 ============================================================
21:38:14.0578 0x0970 \Device\Harddisk0\DR0:
21:38:14.0593 0x0970 MBR partitions:
21:38:14.0593 0x0970 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254062F8
21:38:14.0593 0x0970 ============================================================
21:38:14.0796 0x0970 C: <-> \Device\Harddisk0\DR0\Partition1
21:38:15.0656 0x0970 ============================================================
21:38:15.0656 0x0970 Initialize success
21:38:15.0656 0x0970 ============================================================
21:38:42.0359 0x0a98 ============================================================
21:38:42.0359 0x0a98 Scan started
21:38:42.0359 0x0a98 Mode: Manual; SigCheck; TDLFS; 
21:38:42.0359 0x0a98 ============================================================
21:38:42.0359 0x0a98 KSN ping started
21:38:46.0343 0x0a98 KSN ping finished: true
21:38:52.0015 0x0a98 ================ Scan system memory ========================
21:38:52.0015 0x0a98 System memory - ok
21:38:52.0015 0x0a98 ================ Scan services =============================
21:38:54.0031 0x0a98 Abiosdsk - ok
21:38:54.0046 0x0a98 abp480n5 - ok
21:38:54.0203 0x0a98 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:39:03.0812 0x0a98 ACPI - ok
21:39:03.0937 0x0a98 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:39:04.0406 0x0a98 ACPIEC - ok
21:39:04.0484 0x0a98 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:39:04.0671 0x0a98 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
21:39:08.0953 0x0a98 Detect skipped due to KSN trusted
21:39:08.0953 0x0a98 Adobe LM Service - ok
21:39:09.0031 0x0a98 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:39:09.0109 0x0a98 AdobeFlashPlayerUpdateSvc - ok
21:39:09.0109 0x0a98 adpu160m - ok
21:39:09.0156 0x0a98 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:39:09.0593 0x0a98 aec - ok
21:39:09.0625 0x0a98 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:39:09.0875 0x0a98 AFD - ok
21:39:09.0875 0x0a98 Aha154x - ok
21:39:09.0906 0x0a98 aic78u2 - ok
21:39:09.0968 0x0a98 aic78xx - ok
21:39:10.0062 0x0a98 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:39:10.0453 0x0a98 Alerter - ok
21:39:10.0468 0x0a98 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
21:39:11.0000 0x0a98 ALG - ok
21:39:11.0015 0x0a98 AliIde - ok
21:39:11.0015 0x0a98 amsint - ok
21:39:11.0140 0x0a98 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:11.0234 0x0a98 Apple Mobile Device - ok
21:39:11.0265 0x0a98 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:39:11.0640 0x0a98 AppMgmt - ok
21:39:11.0640 0x0a98 asc - ok
21:39:11.0656 0x0a98 asc3350p - ok
21:39:11.0656 0x0a98 asc3550 - ok
21:39:11.0750 0x0a98 [ 54AB078660E536DA72B21A27F56B035B, 41FA4D644EBC12AC8768D3D0EC12FF4E31FE0A7FE5E049432132710A1ED4E500 ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
21:39:11.0906 0x0a98 Aspi32 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:16.0546 0x0a98 Detect skipped due to KSN trusted
21:39:16.0546 0x0a98 Aspi32 - ok
21:39:16.0656 0x0a98 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:39:16.0734 0x0a98 aspnet_state - ok
21:39:16.0781 0x0a98 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:39:16.0937 0x0a98 AsyncMac - ok
21:39:16.0953 0x0a98 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:39:17.0125 0x0a98 atapi - ok
21:39:17.0125 0x0a98 Atdisk - ok
21:39:17.0171 0x0a98 [ 281D26DF656E53DAB568214EE282EC46, 6ABCAF3EBD84B20D9B5A741998E0780EDC315C81D490F7CA4F22E5FF1C5DD269 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:39:18.0250 0x0a98 Ati HotKey Poller - ok
21:39:18.0546 0x0a98 [ C2B6F2161ABD498D2B453050FFC81812, 96B303963098B3342A327D071D298E501E75F1936DA0F0FF3BC89AB9DE1BF3C0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:39:18.0937 0x0a98 ati2mtag - ok
21:39:18.0984 0x0a98 [ DC6957811FF95F2DD3004361B20D8D3F, 6540FB6B8CF7A3E121DAE8BF038E4F567BD12093C1F51DF96679E1F9F1C0B3A2 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:39:19.0062 0x0a98 AtiHdmiService - ok
21:39:19.0078 0x0a98 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:39:19.0296 0x0a98 Atmarpc - ok
21:39:19.0328 0x0a98 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:39:19.0578 0x0a98 AudioSrv - ok
21:39:19.0609 0x0a98 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:39:19.0781 0x0a98 audstub - ok
21:39:19.0828 0x0a98 [ 2ACF06176B9D011567D7F25B83DDD066, E34D8A2DF542ADC3FD4E5D582C3D1EFED868900CD31458012AD28AAD5BB86D40 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:39:19.0921 0x0a98 b57w2k - ok
21:39:19.0953 0x0a98 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:39:20.0093 0x0a98 Beep - ok
21:39:20.0156 0x0a98 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
21:39:20.0765 0x0a98 BITS - ok
21:39:20.0843 0x0a98 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:39:20.0875 0x0a98 Bonjour Service - ok
21:39:20.0921 0x0a98 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
21:39:21.0000 0x0a98 Browser - ok
21:39:21.0015 0x0a98 [ C945DC4EEE3F624DFD07788EA7F0DB0A, EE79D5CE7309C4FD1FF472E04965861D2CD4EA5CBBC466485C757B3005D32923 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
21:39:21.0031 0x0a98 bvrp_pci - detected UnsignedFile.Multi.Generic ( 1 )
21:39:23.0890 0x0a98 Detect skipped due to KSN trusted
21:39:23.0890 0x0a98 bvrp_pci - ok
21:39:23.0937 0x0a98 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:39:24.0125 0x0a98 cbidf2k - ok
21:39:24.0140 0x0a98 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:39:24.0343 0x0a98 CCDECODE - ok
21:39:24.0359 0x0a98 cd20xrnt - ok
21:39:24.0390 0x0a98 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:39:25.0062 0x0a98 Cdaudio - ok
21:39:25.0109 0x0a98 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:39:25.0468 0x0a98 Cdfs - ok
21:39:25.0484 0x0a98 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:39:25.0718 0x0a98 Cdrom - ok
21:39:25.0750 0x0a98 [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
21:39:25.0812 0x0a98 cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:28.0500 0x0a98 Detect skipped due to KSN trusted
21:39:28.0500 0x0a98 cercsr6 - ok
21:39:28.0531 0x0a98 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:39:28.0687 0x0a98 CiSvc - ok
21:39:28.0718 0x0a98 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:39:28.0859 0x0a98 ClipSrv - ok
21:39:28.0937 0x0a98 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:29.0234 0x0a98 clr_optimization_v2.0.50727_32 - ok
21:39:29.0265 0x0a98 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:29.0421 0x0a98 clr_optimization_v4.0.30319_32 - ok
21:39:29.0437 0x0a98 CmdIde - ok
21:39:29.0437 0x0a98 COMSysApp - ok
21:39:29.0453 0x0a98 Cpqarray - ok
21:39:29.0500 0x0a98 [ D01F685F8B4598D144B0CCE9FF95D8D5, A68EF814CDBD7291DEF4745FE14D5080041BD3275AB12629C7811506AF2B8E17 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:39:29.0781 0x0a98 cpudrv - ok
21:39:29.0812 0x0a98 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:39:30.0031 0x0a98 CryptSvc - ok
21:39:30.0046 0x0a98 dac2w2k - ok
21:39:30.0046 0x0a98 dac960nt - ok
21:39:30.0093 0x0a98 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:39:30.0296 0x0a98 DcomLaunch - ok
21:39:30.0343 0x0a98 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:39:30.0500 0x0a98 Dhcp - ok
21:39:30.0546 0x0a98 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:39:30.0687 0x0a98 Disk - ok
21:39:30.0687 0x0a98 dmadmin - ok
21:39:30.0796 0x0a98 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:39:30.0984 0x0a98 dmboot - ok
21:39:31.0000 0x0a98 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:39:31.0171 0x0a98 dmio - ok
21:39:31.0187 0x0a98 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:39:31.0328 0x0a98 dmload - ok
21:39:31.0343 0x0a98 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
21:39:31.0484 0x0a98 dmserver - ok
21:39:31.0515 0x0a98 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:39:31.0656 0x0a98 DMusic - ok
21:39:31.0687 0x0a98 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:39:31.0796 0x0a98 Dnscache - ok
21:39:31.0843 0x0a98 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:39:32.0015 0x0a98 Dot3svc - ok
21:39:32.0031 0x0a98 [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:39:32.0312 0x0a98 Dot4 - ok
21:39:32.0343 0x0a98 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:39:32.0640 0x0a98 Dot4Print - ok
21:39:32.0640 0x0a98 dpti2o - ok
21:39:32.0671 0x0a98 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:39:32.0828 0x0a98 drmkaud - ok
21:39:32.0843 0x0a98 [ B15F9E526BA511A48B1B1B8537815740, 5E3AD3B803FAF7EAEE8A63EF4B53ED547E95F8F5254D845AAA1BEF55068DFA9C ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
21:39:32.0859 0x0a98 drvmcdb - detected UnsignedFile.Multi.Generic ( 1 )
21:39:35.0703 0x0a98 Detect skipped due to KSN trusted
21:39:35.0703 0x0a98 drvmcdb - ok
21:39:35.0734 0x0a98 [ FA4670CAE95AE2BB857C68E535661145, 23AE41E92F03B93201BE140A41F02F2106AC4DDBD35B5A0F27FC3B7A28F36096 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
21:39:35.0750 0x0a98 drvnddm - detected UnsignedFile.Multi.Generic ( 1 )
21:39:38.0437 0x0a98 Detect skipped due to KSN trusted
21:39:38.0437 0x0a98 drvnddm - ok
21:39:38.0468 0x0a98 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:39:38.0625 0x0a98 EapHost - ok
21:39:38.0656 0x0a98 [ 8A3D77A2FE17F8909E49B66B2BAE1270, 98CA72FEFE4364D0077287D16CD6ADBDF52E0AD84A20188431487AF548BB3C03 ] ei2c C:\WINDOWS\system32\drivers\ei2c.sys
21:39:38.0687 0x0a98 ei2c - ok
21:39:38.0734 0x0a98 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:39:38.0937 0x0a98 ERSvc - ok
21:39:38.0968 0x0a98 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
21:39:39.0062 0x0a98 Eventlog - ok
21:39:39.0109 0x0a98 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
21:39:39.0234 0x0a98 EventSystem - ok
21:39:39.0265 0x0a98 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:39:39.0468 0x0a98 Fastfat - ok
21:39:39.0531 0x0a98 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:39:39.0734 0x0a98 FastUserSwitchingCompatibility - ok
21:39:39.0750 0x0a98 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:39:40.0000 0x0a98 Fdc - ok
21:39:40.0078 0x0a98 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:39:40.0312 0x0a98 Fips - ok
21:39:40.0328 0x0a98 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:39:40.0625 0x0a98 Flpydisk - ok
21:39:40.0656 0x0a98 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:39:40.0843 0x0a98 FltMgr - ok
21:39:40.0921 0x0a98 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:39:40.0937 0x0a98 FontCache3.0.0.0 - ok
21:39:40.0984 0x0a98 [ E0087225B137E57239FF40F8AE82059B, A03EF9778F267EEBBAD8F72AC0E492872AF73BCA435CCF5C336A8475046B1672 ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:39:41.0015 0x0a98 fssfltr - ok
21:39:41.0171 0x0a98 [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:39:41.0390 0x0a98 fsssvc - ok
21:39:41.0406 0x0a98 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:39:41.0640 0x0a98 Fs_Rec - ok
21:39:41.0687 0x0a98 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:39:42.0093 0x0a98 Ftdisk - ok
21:39:42.0156 0x0a98 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:39:42.0203 0x0a98 GEARAspiWDM - ok
21:39:42.0234 0x0a98 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:39:42.0437 0x0a98 Gpc - ok
21:39:42.0500 0x0a98 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:42.0515 0x0a98 gupdate - ok
21:39:42.0531 0x0a98 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:42.0546 0x0a98 gupdatem - ok
21:39:42.0609 0x0a98 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:39:42.0625 0x0a98 gusvc - ok
21:39:42.0656 0x0a98 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:39:42.0812 0x0a98 HDAudBus - ok
21:39:42.0875 0x0a98 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:39:43.0031 0x0a98 helpsvc - ok
21:39:43.0062 0x0a98 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:39:43.0234 0x0a98 HidServ - ok
21:39:43.0265 0x0a98 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:39:43.0453 0x0a98 hidusb - ok
21:39:43.0484 0x0a98 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:39:43.0671 0x0a98 hkmsvc - ok
21:39:43.0703 0x0a98 hpn - ok
21:39:43.0781 0x0a98 [ AF81F7BA6A09119006FE041A2F2F3ECE, 3488569086A851CEC0946601C4287A7C83BE6CB82F0160F5817C873A3B16FAFA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:39:43.0828 0x0a98 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:46.0359 0x0a98 Detect skipped due to KSN trusted
21:39:46.0359 0x0a98 hpqcxs08 - ok
21:39:46.0390 0x0a98 [ 7244F63DB8EA883B3DC8E730C645D073, DB83BA959D06945CEF5CC41EDF6DBBBA5691A2F52BA1BF507B79E22A0EED7FF8 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:39:46.0421 0x0a98 hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0140 0x0a98 Detect skipped due to KSN trusted
21:39:49.0140 0x0a98 hpqddsvc - ok
21:39:49.0218 0x0a98 [ 107A4D4E76BEBA6219A88B09A801E843, 24AA93581EE6DA4EC382CC343E51C422BC612F5F885BD1857B3BFCF8B1F03780 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:39:49.0296 0x0a98 HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
21:39:52.0125 0x0a98 Detect skipped due to KSN trusted
21:39:52.0125 0x0a98 HPSLPSVC - ok
21:39:52.0203 0x0a98 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:39:52.0281 0x0a98 HTTP - ok
21:39:52.0312 0x0a98 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:39:52.0546 0x0a98 HTTPFilter - ok
21:39:52.0562 0x0a98 i2omp - ok
21:39:52.0593 0x0a98 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:39:52.0796 0x0a98 i8042prt - ok
21:39:52.0875 0x0a98 [ D593517879E65167DF35F6015814AC59, 26A61B7CB147DC817AC8601E531036A536016700A5560FC45B68F1DF672F9CF2 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:39:53.0015 0x0a98 iastor - ok
21:39:53.0171 0x0a98 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:39:53.0562 0x0a98 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
21:40:03.0656 0x0a98 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:40:06.0296 0x0a98 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:06.0359 0x0a98 idsvc - ok
21:40:06.0390 0x0a98 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:06.0531 0x0a98 Imapi - ok
21:40:06.0578 0x0a98 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
21:40:06.0765 0x0a98 ImapiService - ok
21:40:06.0843 0x0a98 ini910u - ok
21:40:06.0906 0x0a98 [ 7509C548400F4C9E0211E3F6E66ABBE6, 10884F759DE3EE38F93EF74202B0DBDA3CC5D5E7532E361DC33385D4CC18B659 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:40:07.0234 0x0a98 IntelC51 - ok
21:40:07.0265 0x0a98 [ 9584FFDD41D37F2C239681D0DAC2513E, AB48DA5AA95C2D1F6C06EEF6635CC7DBCA64F90A5219E0A1501D46D5CD2944FA ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:40:07.0343 0x0a98 IntelC52 - ok
21:40:07.0375 0x0a98 [ DE2686C0E012E6AE24ACD6E79EB7FF5D, 9951F93F524C4FB26961006DE500CF93CFFA33C37F73CE398B92F0F840775FB3 ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:40:07.0390 0x0a98 IntelC53 - ok
21:40:07.0421 0x0a98 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:40:07.0546 0x0a98 IntelIde - ok
21:40:07.0578 0x0a98 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:08.0187 0x0a98 intelppm - ok
21:40:08.0218 0x0a98 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:40:08.0359 0x0a98 Ip6Fw - ok
21:40:08.0406 0x0a98 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:08.0546 0x0a98 IpFilterDriver - ok
21:40:08.0578 0x0a98 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:08.0718 0x0a98 IpInIp - ok
21:40:08.0750 0x0a98 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:08.0937 0x0a98 IpNat - ok
21:40:08.0984 0x0a98 [ C00149A7027081539A66DC5A46695EAD, 51F01CD6B37BA52B3D4DC9CAE3A9FBDDB2FA6FB6A9E779C9157BB056CEC3BEC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:40:09.0015 0x0a98 iPod Service - ok
21:40:09.0046 0x0a98 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:09.0187 0x0a98 IPSec - ok
21:40:09.0203 0x0a98 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:09.0312 0x0a98 IRENUM - ok
21:40:09.0343 0x0a98 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:09.0500 0x0a98 isapnp - ok
21:40:09.0562 0x0a98 [ E87885A59FDC241B6575943A75E495D9, 17837028307F57C85742036748D27E36DAE56BAD3D0F074149F758EF7B503A60 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:40:09.0593 0x0a98 JavaQuickStarterService - ok
21:40:09.0609 0x0a98 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:09.0750 0x0a98 Kbdclass - ok
21:40:09.0765 0x0a98 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:09.0906 0x0a98 kbdhid - ok
21:40:09.0921 0x0a98 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:40:10.0078 0x0a98 kmixer - ok
21:40:10.0109 0x0a98 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:40:10.0281 0x0a98 KSecDD - ok
21:40:10.0312 0x0a98 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:40:10.0375 0x0a98 lanmanserver - ok
21:40:10.0406 0x0a98 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:40:10.0484 0x0a98 lanmanworkstation - ok
21:40:10.0531 0x0a98 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:40:10.0671 0x0a98 LmHosts - ok
21:40:10.0703 0x0a98 [ E39FEC91892605CC434ED9E3AD9DE059, 60C8AB79011535692CE6F01B57824BC8D2EA91D993E800A5FB5DDCB9A794BA55 ] Ma730Pt C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
21:40:10.0734 0x0a98 Ma730Pt - detected UnsignedFile.Multi.Generic ( 1 )
21:40:13.0593 0x0a98 Ma730Pt ( UnsignedFile.Multi.Generic ) - warning
21:40:16.0140 0x0a98 [ 833C746986ADE2A7FF60D0805E90A117, D70010DAEB7DA8F0A58A2114274ADD1036335085D4820D70A0DB6F6CE9F836B4 ] Ma730Vad C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
21:40:16.0171 0x0a98 Ma730Vad - detected UnsignedFile.Multi.Generic ( 1 )
21:40:18.0765 0x0a98 Ma730Vad ( UnsignedFile.Multi.Generic ) - warning
21:40:21.0328 0x0a98 [ 8181CEB341CBB2F7F893F85B915D5E15, 31C4F4E6B20B8497E6CFAD4828068FF310255AD3FB1116248CDF3BFACC0DC70B ] MaVctrl C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
21:40:21.0343 0x0a98 MaVctrl - detected UnsignedFile.Multi.Generic ( 1 )
21:40:23.0937 0x0a98 Detect skipped due to KSN trusted
21:40:23.0937 0x0a98 MaVctrl - ok
21:40:23.0968 0x0a98 [ AED25CDB09FB4E56F45DAF6C9A1D3ED3, 4915FF84EE63846778C5517A90769D8EA8D25CCAF029AB5383159555648FDE1B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:40:23.0984 0x0a98 mbamchameleon - ok
21:40:24.0000 0x0a98 [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:40:24.0015 0x0a98 MBAMProtector - ok
21:40:24.0093 0x0a98 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
21:40:24.0171 0x0a98 MBAMScheduler - ok
21:40:24.0234 0x0a98 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
21:40:24.0281 0x0a98 MBAMService - ok
21:40:24.0296 0x0a98 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
21:40:24.0312 0x0a98 MBAMSwissArmy - ok
21:40:24.0343 0x0a98 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:40:24.0484 0x0a98 Messenger - ok
21:40:24.0515 0x0a98 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:40:24.0640 0x0a98 mnmdd - ok
21:40:24.0687 0x0a98 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:40:24.0812 0x0a98 mnmsrvc - ok
21:40:24.0843 0x0a98 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:40:24.0968 0x0a98 Modem - ok
21:40:25.0015 0x0a98 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:40:25.0125 0x0a98 MODEMCSA - ok
21:40:25.0140 0x0a98 [ 59B8B11FF70728EEC60E72131C58B716, EB001E1FC17D57AE2A9D4CC7B6C45DC5C6869D3602C1B86F5D4940B11AAECA0A ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:40:25.0171 0x0a98 mohfilt - ok
21:40:25.0187 0x0a98 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:40:25.0328 0x0a98 Mouclass - ok
21:40:25.0375 0x0a98 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:40:25.0500 0x0a98 mouhid - ok
21:40:25.0515 0x0a98 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:40:25.0625 0x0a98 MountMgr - ok
21:40:25.0640 0x0a98 mraid35x - ok
21:40:25.0656 0x0a98 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:25.0812 0x0a98 MRxDAV - ok
21:40:25.0875 0x0a98 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:25.0984 0x0a98 MRxSmb - ok
21:40:26.0000 0x0a98 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:40:26.0218 0x0a98 MSDTC - ok
21:40:26.0265 0x0a98 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:40:26.0375 0x0a98 Msfs - ok
21:40:26.0390 0x0a98 MSIServer - ok
21:40:26.0406 0x0a98 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:26.0515 0x0a98 MSKSSRV - ok
21:40:26.0546 0x0a98 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:26.0687 0x0a98 MSPCLOCK - ok
21:40:26.0703 0x0a98 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:40:26.0828 0x0a98 MSPQM - ok
21:40:26.0843 0x0a98 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:26.0968 0x0a98 mssmbios - ok
21:40:26.0984 0x0a98 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:40:27.0109 0x0a98 MSTEE - ok
21:40:27.0140 0x0a98 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:40:27.0187 0x0a98 Mup - ok
21:40:27.0218 0x0a98 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:40:27.0328 0x0a98 NABTSFEC - ok
21:40:27.0375 0x0a98 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:40:27.0515 0x0a98 napagent - ok
21:40:27.0546 0x0a98 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:40:27.0671 0x0a98 NDIS - ok
21:40:27.0687 0x0a98 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:40:27.0812 0x0a98 NdisIP - ok
21:40:27.0843 0x0a98 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:27.0906 0x0a98 NdisTapi - ok
21:40:27.0937 0x0a98 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:28.0062 0x0a98 Ndisuio - ok
21:40:28.0093 0x0a98 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:28.0218 0x0a98 NdisWan - ok
21:40:28.0250 0x0a98 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:40:28.0296 0x0a98 NDProxy - ok
21:40:28.0328 0x0a98 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:40:28.0328 0x0a98 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:40:30.0906 0x0a98 Detect skipped due to KSN trusted
21:40:30.0906 0x0a98 Net Driver HPZ12 - ok
21:40:30.0937 0x0a98 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:31.0046 0x0a98 NetBIOS - ok
21:40:31.0078 0x0a98 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:31.0203 0x0a98 NetBT - ok
21:40:31.0250 0x0a98 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
21:40:31.0453 0x0a98 NetDDE - ok
21:40:31.0453 0x0a98 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:40:31.0578 0x0a98 NetDDEdsdm - ok
21:40:31.0609 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:40:31.0734 0x0a98 Netlogon - ok
21:40:31.0765 0x0a98 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
21:40:31.0921 0x0a98 Netman - ok
21:40:31.0953 0x0a98 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:40:32.0046 0x0a98 NetTcpPortSharing - ok
21:40:32.0093 0x0a98 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
21:40:32.0125 0x0a98 Nla - ok
21:40:32.0156 0x0a98 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:40:32.0281 0x0a98 Npfs - ok
21:40:32.0328 0x0a98 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:40:32.0500 0x0a98 Ntfs - ok
21:40:32.0515 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:40:32.0640 0x0a98 NtLmSsp - ok
21:40:32.0687 0x0a98 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:40:32.0828 0x0a98 NtmsSvc - ok
21:40:32.0859 0x0a98 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:40:32.0968 0x0a98 Null - ok
21:40:33.0109 0x0a98 [ 6E626F7316DF8C3E672BAF8DF6ACB9B9, 0204A4F0812BDE86921CB0D889AFABD3BDEFD0F47C89E6F1EAC5558320D1A407 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:33.0312 0x0a98 nv - detected UnsignedFile.Multi.Generic ( 1 )
21:40:39.0437 0x0a98 Detect skipped due to KSN trusted
21:40:39.0437 0x0a98 nv - ok
21:40:39.0468 0x0a98 [ 89007B160D58993FA18B87A9F48B3AF3, FB12FBBA04EC736BB76A23FBE815596AB5C3F783589F891082EA46D31C58AB68 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:40:39.0484 0x0a98 NVSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:40:41.0906 0x0a98 Detect skipped due to KSN trusted
21:40:41.0906 0x0a98 NVSvc - ok
21:40:41.0937 0x0a98 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:42.0046 0x0a98 NwlnkFlt - ok
21:40:42.0078 0x0a98 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:42.0203 0x0a98 NwlnkFwd - ok
21:40:42.0250 0x0a98 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:42.0265 0x0a98 ose - ok
21:40:42.0281 0x0a98 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:40:42.0421 0x0a98 Parport - ok
21:40:42.0437 0x0a98 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:40:42.0562 0x0a98 PartMgr - ok
21:40:42.0593 0x0a98 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:40:42.0718 0x0a98 ParVdm - ok
21:40:42.0734 0x0a98 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:40:42.0859 0x0a98 PCI - ok
21:40:42.0890 0x0a98 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:43.0000 0x0a98 PCIIde - ok
21:40:43.0031 0x0a98 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:43.0171 0x0a98 Pcmcia - ok
21:40:43.0187 0x0a98 perc2 - ok
21:40:43.0203 0x0a98 perc2hib - ok
21:40:43.0234 0x0a98 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
21:40:43.0265 0x0a98 PlugPlay - ok
21:40:43.0312 0x0a98 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:40:43.0328 0x0a98 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:40:53.0328 0x0a98 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:40:55.0875 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:40:55.0984 0x0a98 PolicyAgent - ok
21:40:56.0015 0x0a98 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:56.0140 0x0a98 PptpMiniport - ok
21:40:56.0156 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:40:56.0265 0x0a98 ProtectedStorage - ok
21:40:56.0281 0x0a98 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:40:56.0406 0x0a98 PSched - ok
21:40:56.0437 0x0a98 [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:40:56.0453 0x0a98 PSI - ok
21:40:56.0484 0x0a98 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:56.0593 0x0a98 Ptilink - ok
21:40:56.0625 0x0a98 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:40:56.0656 0x0a98 PxHelp20 - ok
21:40:56.0671 0x0a98 ql1080 - ok
21:40:56.0687 0x0a98 Ql10wnt - ok
21:40:56.0687 0x0a98 ql12160 - ok
21:40:56.0703 0x0a98 ql1240 - ok
21:40:56.0718 0x0a98 ql1280 - ok
21:40:56.0734 0x0a98 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:56.0843 0x0a98 RasAcd - ok
21:40:56.0875 0x0a98 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:40:57.0000 0x0a98 RasAuto - ok
21:40:57.0015 0x0a98 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:57.0140 0x0a98 Rasl2tp - ok
21:40:57.0187 0x0a98 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:40:57.0359 0x0a98 RasMan - ok
21:40:57.0375 0x0a98 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:57.0546 0x0a98 RasPppoe - ok
21:40:57.0562 0x0a98 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:57.0703 0x0a98 Raspti - ok
21:40:57.0734 0x0a98 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:57.0843 0x0a98 Rdbss - ok
21:40:57.0859 0x0a98 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:57.0968 0x0a98 RDPCDD - ok
21:40:58.0000 0x0a98 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:40:58.0125 0x0a98 rdpdr - ok
21:40:58.0156 0x0a98 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:40:58.0296 0x0a98 RDPWD - ok
21:40:58.0343 0x0a98 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:40:58.0468 0x0a98 RDSessMgr - ok
21:40:58.0546 0x0a98 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:40:58.0562 0x0a98 RealNetworks Downloader Resolver Service - ok
21:40:58.0609 0x0a98 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:58.0734 0x0a98 redbook - ok
21:40:58.0781 0x0a98 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:40:58.0906 0x0a98 RemoteAccess - ok
21:40:58.0937 0x0a98 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:40:59.0062 0x0a98 RemoteRegistry - ok
21:40:59.0093 0x0a98 [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
21:40:59.0140 0x0a98 RimUsb - ok
21:40:59.0171 0x0a98 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:40:59.0296 0x0a98 RpcLocator - ok
21:40:59.0328 0x0a98 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:40:59.0390 0x0a98 RpcSs - ok
21:40:59.0437 0x0a98 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:40:59.0562 0x0a98 RSVP - ok
21:40:59.0578 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
21:40:59.0703 0x0a98 SamSs - ok
21:40:59.0765 0x0a98 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:40:59.0890 0x0a98 SCardSvr - ok
21:40:59.0937 0x0a98 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:41:00.0046 0x0a98 Schedule - ok
21:41:00.0078 0x0a98 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:41:00.0171 0x0a98 Secdrv - ok
21:41:00.0187 0x0a98 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:41:00.0312 0x0a98 seclogon - ok
21:41:00.0406 0x0a98 [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:41:00.0453 0x0a98 Secunia PSI Agent - ok
21:41:00.0484 0x0a98 [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:41:00.0515 0x0a98 Secunia Update Agent - ok
21:41:00.0562 0x0a98 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:41:00.0656 0x0a98 senfilt - ok
21:41:00.0687 0x0a98 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
21:41:00.0843 0x0a98 SENS - ok
21:41:00.0875 0x0a98 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:41:01.0000 0x0a98 serenum - ok
21:41:01.0031 0x0a98 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:41:01.0156 0x0a98 Serial - ok
21:41:01.0203 0x0a98 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:41:01.0312 0x0a98 Sfloppy - ok
21:41:01.0359 0x0a98 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:41:01.0484 0x0a98 SharedAccess - ok
21:41:01.0500 0x0a98 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:41:01.0531 0x0a98 ShellHWDetection - ok
21:41:01.0546 0x0a98 Simbad - ok
21:41:01.0578 0x0a98 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:41:01.0703 0x0a98 SLIP - ok
21:41:01.0750 0x0a98 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:41:01.0781 0x0a98 smwdm - ok
21:41:01.0812 0x0a98 [ E78CD3BB53A208DFAB8FC826384307E0, 64223693D4FFBF1FECE04379B0BF059981A2BC4BC9D63F61BFDC851CE1BB0E58 ] sonyhcb C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
21:41:01.0875 0x0a98 sonyhcb - ok
21:41:01.0906 0x0a98 [ 610F515FCD95D37F3252E1C250EF8C61, 9EE9F27C87B4321CF2A9BC31E6137470037EFDC883A923FFAED24CB5ED4B5243 ] sonyhcs C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
21:41:01.0937 0x0a98 sonyhcs - ok
21:41:01.0968 0x0a98 [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:41:02.0078 0x0a98 SONYPVU1 - ok
21:41:02.0078 0x0a98 Sparrow - ok
21:41:02.0109 0x0a98 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:41:02.0218 0x0a98 splitter - ok
21:41:02.0250 0x0a98 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:41:02.0312 0x0a98 Spooler - ok
21:41:02.0359 0x0a98 sprtsvc_medicsp2 - ok
21:41:02.0390 0x0a98 [ C748FB344C14DAAA63B0AB3D41CA3B9E, 0B59AC4036D8A7A7E431B717F65AB1B403570C63B9120EC919485D1018EC8833 ] Spssys C:\WINDOWS\system32\drivers\spssys.sys
21:41:02.0421 0x0a98 Spssys - detected UnsignedFile.Multi.Generic ( 1 )
21:41:05.0265 0x0a98 Detect skipped due to KSN trusted
21:41:05.0265 0x0a98 Spssys - ok
21:41:05.0281 0x0a98 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:41:05.0359 0x0a98 sr - ok
21:41:05.0484 0x0a98 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
21:41:05.0562 0x0a98 srservice - ok
21:41:05.0625 0x0a98 [ 3BAA49B99BB0FEDFE58D00F91D3643EF, 302AE570857BA27C39085B1785F4051FE85E3A53B2713AE6141893CD95E7116B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:41:05.0656 0x0a98 Srv - detected UnsignedFile.Multi.Generic ( 1 )
21:41:08.0359 0x0a98 Object is SCO, delete is not allowed
21:41:08.0359 0x0a98 Srv ( UnsignedFile.Multi.Generic ) - warning
21:41:10.0906 0x0a98 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:41:10.0921 0x0a98 sscdbhk5 - detected UnsignedFile.Multi.Generic ( 1 )
21:41:13.0625 0x0a98 Detect skipped due to KSN trusted
21:41:13.0625 0x0a98 sscdbhk5 - ok
21:41:13.0656 0x0a98 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:41:13.0734 0x0a98 SSDPSRV - ok
21:41:13.0781 0x0a98 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
21:41:13.0781 0x0a98 ssrtln - detected UnsignedFile.Multi.Generic ( 1 )
21:41:16.0203 0x0a98 Detect skipped due to KSN trusted
21:41:16.0203 0x0a98 ssrtln - ok
21:41:16.0234 0x0a98 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
21:41:16.0343 0x0a98 StillCam - ok
21:41:16.0390 0x0a98 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:41:16.0515 0x0a98 stisvc - ok
21:41:16.0546 0x0a98 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:41:16.0671 0x0a98 streamip - ok
21:41:16.0687 0x0a98 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:41:16.0828 0x0a98 swenum - ok
21:41:16.0859 0x0a98 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:41:17.0000 0x0a98 swmidi - ok
21:41:17.0015 0x0a98 SwPrv - ok
21:41:17.0031 0x0a98 symc810 - ok
21:41:17.0046 0x0a98 symc8xx - ok
21:41:17.0046 0x0a98 sym_hi - ok
21:41:17.0062 0x0a98 sym_u3 - ok
21:41:17.0078 0x0a98 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:41:17.0203 0x0a98 sysaudio - ok
21:41:17.0234 0x0a98 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:41:17.0375 0x0a98 SysmonLog - ok
21:41:17.0421 0x0a98 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:41:17.0546 0x0a98 TapiSrv - ok
21:41:17.0593 0x0a98 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:41:17.0640 0x0a98 Tcpip - ok
21:41:17.0671 0x0a98 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:41:17.0812 0x0a98 TDPIPE - ok
21:41:17.0828 0x0a98 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:41:17.0968 0x0a98 TDTCP - ok
21:41:18.0000 0x0a98 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:41:18.0125 0x0a98 TermDD - ok
21:41:18.0156 0x0a98 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
21:41:18.0312 0x0a98 TermService - ok
21:41:18.0375 0x0a98 [ 1D265CD2FB1673A0873BF8CEC19DDC7F, 04A284BA8EAB1C47BB4D5114D0E812F40E76663AFE3268E0B21C47BD9D97FBEF ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
21:41:18.0390 0x0a98 tfsnboio - detected UnsignedFile.Multi.Generic ( 1 )
21:41:21.0140 0x0a98 Detect skipped due to KSN trusted
21:41:21.0140 0x0a98 tfsnboio - ok
21:41:21.0140 0x0a98 [ 62E4901295E0467CAC78E5B4B131AE5C, A009B1E2CC024C3F638F488AB34E5CD21BA2FE67FB717D99EB932DDC2E5B49AA ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
21:41:21.0156 0x0a98 tfsncofs - detected UnsignedFile.Multi.Generic ( 1 )
21:41:23.0593 0x0a98 Detect skipped due to KSN trusted
21:41:23.0593 0x0a98 tfsncofs - ok
21:41:23.0640 0x0a98 [ A2F380F9252AB3464C859ADF91EEAD9C, 789597FA7EB2AE66C12A40F39D78FC5CBF7B13D34487E7FE9AF2555FDCB8BCC4 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
21:41:23.0640 0x0a98 tfsndrct - detected UnsignedFile.Multi.Generic ( 1 )
21:41:26.0093 0x0a98 Detect skipped due to KSN trusted
21:41:26.0093 0x0a98 tfsndrct - ok
21:41:26.0125 0x0a98 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950, F81AE604B8411A8A8EA69C07391F0FF4353BFC4BD9C5317EE8E33843863F6E88 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
21:41:26.0125 0x0a98 tfsndres - detected UnsignedFile.Multi.Generic ( 1 )
21:41:28.0750 0x0a98 Detect skipped due to KSN trusted
21:41:28.0765 0x0a98 tfsndres - ok
21:41:28.0812 0x0a98 [ 9D644EB11FEC9487450C4CFCD63A5DF4, FF75E6DD5BDECDDEF6C2A8AC0965557EC800246BB92949886F8A9870A87C1A32 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
21:41:28.0906 0x0a98 tfsnifs - detected UnsignedFile.Multi.Generic ( 1 )
21:41:33.0359 0x0a98 Detect skipped due to KSN trusted
21:41:33.0359 0x0a98 tfsnifs - ok
21:41:33.0390 0x0a98 [ E656AF05C67EDB7C0E9230A5DF71ED1B, 09A0FCF985F65EBC13A5C12044082A6324FBFFF8B3B11584791D62A5682A6CEF ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
21:41:33.0515 0x0a98 tfsnopio - detected UnsignedFile.Multi.Generic ( 1 )
21:41:38.0640 0x0a98 Detect skipped due to KSN trusted
21:41:38.0640 0x0a98 tfsnopio - ok
21:41:38.0656 0x0a98 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB, A5C1BDD7A93CBBD0286BB3EF5F1A7939F81E627295EE17EAC9F3782696714339 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
21:41:38.0671 0x0a98 tfsnpool - detected UnsignedFile.Multi.Generic ( 1 )
21:41:41.0500 0x0a98 Detect skipped due to KSN trusted
21:41:41.0500 0x0a98 tfsnpool - ok
21:41:41.0531 0x0a98 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6, E3CC788CD5A1E6CC6998D082A80D0C88C077562C3F8C3887867DB8B9EF0FB5FD ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
21:41:41.0546 0x0a98 tfsnudf - detected UnsignedFile.Multi.Generic ( 1 )
21:41:51.0546 0x0a98 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
21:41:55.0812 0x0a98 [ 79F60822224256B49BFC855DA8D651D5, 27CE1E861326CA6322EADE20137FB25D3E61EE6D952E03BF9E6A81C7E6814CBD ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
21:41:56.0062 0x0a98 tfsnudfa - detected UnsignedFile.Multi.Generic ( 1 )
21:42:06.0062 0x0a98 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
21:42:06.0062 0x0a98 Force sending object to P2P due to detect: tfsnudfa
21:42:09.0093 0x0a98 Object send P2P result: true
21:42:13.0265 0x0a98 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
21:42:13.0468 0x0a98 Themes - ok
21:42:13.0500 0x0a98 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:42:13.0843 0x0a98 TlntSvr - ok
21:42:13.0843 0x0a98 TosIde - ok
21:42:13.0921 0x0a98 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:42:14.0343 0x0a98 TrkWks - ok
21:42:14.0406 0x0a98 [ E266683FC95ABDEC17CD378564E1B54B, 88051AA353AB3E8F53AB0486F21C2DB8B13F672C39059F12D9FF47C8F378251E ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
21:42:14.0531 0x0a98 TVICHW32 - detected UnsignedFile.Multi.Generic ( 1 )
21:42:20.0218 0x0a98 Detect skipped due to KSN trusted
21:42:20.0218 0x0a98 TVICHW32 - ok
21:42:20.0265 0x0a98 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:42:20.0625 0x0a98 Udfs - ok
21:42:20.0625 0x0a98 ultra - ok
21:42:20.0656 0x0a98 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:42:21.0062 0x0a98 Update - ok
21:42:21.0109 0x0a98 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
21:42:21.0468 0x0a98 upnphost - ok
21:42:21.0484 0x0a98 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
21:42:21.0906 0x0a98 UPS - ok
21:42:21.0937 0x0a98 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:42:22.0125 0x0a98 USBAAPL - ok
21:42:22.0156 0x0a98 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:42:22.0390 0x0a98 usbaudio - ok
21:42:22.0421 0x0a98 [ D9F3BB7C292F194F3B053CE295754EB8, D594DF6E9758BA6F43B2D31ABCA2B6BA214A8EB60486E4463F13CBCC2AFFB020 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:42:22.0750 0x0a98 usbbus - ok
21:42:22.0812 0x0a98 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:42:23.0078 0x0a98 usbccgp - ok
21:42:23.0140 0x0a98 [ C4F77DA649F99FAD116EA585376FC164, D0A820F1E562E0EDFB35609DEDEB04D735355028E32878B514205BCC9ED195A0 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:42:23.0375 0x0a98 UsbDiag - ok
21:42:23.0390 0x0a98 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:42:23.0593 0x0a98 usbehci - ok
21:42:23.0625 0x0a98 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:42:24.0093 0x0a98 usbhub - ok
21:42:24.0125 0x0a98 [ C0613CE45E617BC671DE8EBB1B30D175, A6FBACFD13F671FDD8C948E2443D3437B4969493E0E1FC441DE24984147CDE74 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:42:24.0281 0x0a98 USBModem - ok
21:42:24.0296 0x0a98 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:42:24.0718 0x0a98 usbprint - ok
21:42:24.0750 0x0a98 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:42:24.0984 0x0a98 usbscan - ok
21:42:25.0000 0x0a98 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:42:25.0453 0x0a98 USBSTOR - ok
21:42:25.0468 0x0a98 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:42:26.0203 0x0a98 usbuhci - ok
21:42:26.0234 0x0a98 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:42:26.0375 0x0a98 VgaSave - ok
21:42:26.0375 0x0a98 ViaIde - ok
21:42:26.0406 0x0a98 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:42:26.0562 0x0a98 VolSnap - ok
21:42:26.0593 0x0a98 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
21:42:26.0703 0x0a98 VSS - ok
21:42:26.0734 0x0a98 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
21:42:26.0906 0x0a98 W32Time - ok
21:42:26.0953 0x0a98 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:42:27.0078 0x0a98 Wanarp - ok
21:42:27.0109 0x0a98 [ 46A247F6617526AFE38B6F12F5512120, 24931910E3D678829A7A6CF1140CFE428E05057A4D3A14086ED66B884E847D2D ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:42:27.0171 0x0a98 wceusbsh - ok
21:42:27.0203 0x0a98 [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:42:27.0250 0x0a98 WDC_SAM - ok
21:42:27.0281 0x0a98 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:27.0437 0x0a98 wdmaud - ok
21:42:27.0484 0x0a98 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
21:42:27.0796 0x0a98 WebClient - ok
21:42:27.0906 0x0a98 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:42:28.0046 0x0a98 winmgmt - ok
21:42:28.0109 0x0a98 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:42:28.0234 0x0a98 WinRM - ok
21:42:28.0296 0x0a98 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:42:28.0375 0x0a98 WmdmPmSN - ok
21:42:28.0484 0x0a98 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:42:28.0531 0x0a98 Wmi - ok
21:42:28.0593 0x0a98 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:42:28.0750 0x0a98 WmiApSrv - ok
21:42:28.0828 0x0a98 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:42:28.0906 0x0a98 WMPNetworkSvc - ok
21:42:28.0953 0x0a98 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:42:28.0984 0x0a98 WpdUsb - ok
21:42:29.0046 0x0a98 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:42:29.0093 0x0a98 WPFFontCache_v0400 - ok
21:42:29.0140 0x0a98 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:42:29.0265 0x0a98 WS2IFSL - ok
21:42:29.0296 0x0a98 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:42:29.0421 0x0a98 wscsvc - ok
21:42:29.0453 0x0a98 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:42:29.0578 0x0a98 WSTCODEC - ok
21:42:29.0609 0x0a98 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:42:29.0765 0x0a98 wuauserv - ok
21:42:29.0796 0x0a98 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:42:29.0859 0x0a98 WudfPf - ok
21:42:29.0906 0x0a98 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:42:29.0937 0x0a98 WudfRd - ok
21:42:29.0984 0x0a98 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:42:30.0015 0x0a98 WudfSvc - ok
21:42:30.0062 0x0a98 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:42:30.0218 0x0a98 WZCSVC - ok
21:42:30.0265 0x0a98 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:42:30.0421 0x0a98 xmlprov - ok
21:42:30.0437 0x0a98 ================ Scan global ===============================
21:42:30.0468 0x0a98 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:42:30.0531 0x0a98 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:42:30.0546 0x0a98 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:42:30.0578 0x0a98 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:42:30.0578 0x0a98 [ Global ] - ok
21:42:30.0578 0x0a98 ================ Scan MBR ==================================
21:42:30.0593 0x0a98 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:42:30.0828 0x0a98 \Device\Harddisk0\DR0 - ok
21:42:30.0843 0x0a98 ================ Scan VBR ==================================
21:42:30.0843 0x0a98 [ 412ACA2795E24171807B23A2272CF475 ] \Device\Harddisk0\DR0\Partition1
21:42:30.0859 0x0a98 \Device\Harddisk0\DR0\Partition1 - ok
21:42:30.0859 0x0a98 ================ Scan active images ========================
21:42:30.0875 0x0a98 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
21:42:30.0875 0x0a98 C:\WINDOWS\system32\drivers\intelppm.sys - ok
21:42:30.0875 0x0a98 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
21:42:30.0875 0x0a98 C:\WINDOWS\system32\drivers\videoprt.sys - ok
21:42:30.0875 0x0a98 [ C2B6F2161ABD498D2B453050FFC81812, 96B303963098B3342A327D071D298E501E75F1936DA0F0FF3BC89AB9DE1BF3C0 ] C:\WINDOWS\system32\drivers\ati2mtag.sys
21:42:30.0875 0x0a98 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
21:42:30.0890 0x0a98 [ 2ACF06176B9D011567D7F25B83DDD066, E34D8A2DF542ADC3FD4E5D582C3D1EFED868900CD31458012AD28AAD5BB86D40 ] C:\WINDOWS\system32\drivers\b57xp32.sys
21:42:30.0890 0x0a98 C:\WINDOWS\system32\drivers\b57xp32.sys - ok
21:42:30.0890 0x0a98 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
21:42:30.0890 0x0a98 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
21:42:30.0890 0x0a98 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] C:\WINDOWS\system32\drivers\usbehci.sys
21:42:30.0890 0x0a98 C:\WINDOWS\system32\drivers\usbehci.sys - ok
21:42:30.0906 0x0a98 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] C:\WINDOWS\system32\drivers\usbport.sys
21:42:30.0906 0x0a98 C:\WINDOWS\system32\drivers\usbport.sys - ok
21:42:30.0906 0x0a98 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
21:42:30.0906 0x0a98 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
21:42:30.0906 0x0a98 [ 7509C548400F4C9E0211E3F6E66ABBE6, 10884F759DE3EE38F93EF74202B0DBDA3CC5D5E7532E361DC33385D4CC18B659 ] C:\WINDOWS\system32\drivers\IntelC51.sys
21:42:30.0906 0x0a98 C:\WINDOWS\system32\drivers\IntelC51.sys - ok
21:42:30.0921 0x0a98 [ DE2686C0E012E6AE24ACD6E79EB7FF5D, 9951F93F524C4FB26961006DE500CF93CFFA33C37F73CE398B92F0F840775FB3 ] C:\WINDOWS\system32\drivers\IntelC53.sys
21:42:30.0921 0x0a98 C:\WINDOWS\system32\drivers\IntelC53.sys - ok
21:42:30.0921 0x0a98 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
21:42:30.0921 0x0a98 C:\WINDOWS\system32\drivers\ks.sys - ok
21:42:30.0937 0x0a98 [ 9584FFDD41D37F2C239681D0DAC2513E, AB48DA5AA95C2D1F6C06EEF6635CC7DBCA64F90A5219E0A1501D46D5CD2944FA ] C:\WINDOWS\system32\drivers\IntelC52.sys
21:42:30.0937 0x0a98 C:\WINDOWS\system32\drivers\IntelC52.sys - ok
21:42:30.0937 0x0a98 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
21:42:30.0937 0x0a98 C:\WINDOWS\system32\drivers\drmk.sys - ok
21:42:30.0937 0x0a98 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] C:\WINDOWS\system32\drivers\modem.sys
21:42:30.0937 0x0a98 C:\WINDOWS\system32\drivers\modem.sys - ok
21:42:30.0953 0x0a98 [ 59B8B11FF70728EEC60E72131C58B716, EB001E1FC17D57AE2A9D4CC7B6C45DC5C6869D3602C1B86F5D4940B11AAECA0A ] C:\WINDOWS\system32\drivers\mohfilt.sys
21:42:30.0953 0x0a98 C:\WINDOWS\system32\drivers\mohfilt.sys - ok
21:42:30.0953 0x0a98 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
21:42:30.0953 0x0a98 C:\WINDOWS\system32\drivers\portcls.sys - ok
21:42:30.0953 0x0a98 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] C:\WINDOWS\system32\drivers\senfilt.sys
21:42:30.0953 0x0a98 C:\WINDOWS\system32\drivers\senfilt.sys - ok
21:42:30.0968 0x0a98 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] C:\WINDOWS\system32\drivers\smwdm.sys
21:42:30.0968 0x0a98 C:\WINDOWS\system32\drivers\smwdm.sys - ok
21:42:30.0968 0x0a98 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
21:42:30.0968 0x0a98 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
21:42:30.0968 0x0a98 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
21:42:30.0968 0x0a98 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
21:42:30.0984 0x0a98 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] C:\WINDOWS\system32\drivers\parport.sys
21:42:30.0984 0x0a98 C:\WINDOWS\system32\drivers\parport.sys - ok
21:42:30.0984 0x0a98 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] C:\WINDOWS\system32\drivers\serenum.sys
21:42:30.0984 0x0a98 C:\WINDOWS\system32\drivers\serenum.sys - ok
21:42:30.0984 0x0a98 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
21:42:30.0984 0x0a98 C:\WINDOWS\system32\drivers\serial.sys - ok
21:42:31.0000 0x0a98 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
21:42:31.0000 0x0a98 C:\WINDOWS\system32\drivers\cdrom.sys - ok
21:42:31.0000 0x0a98 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
21:42:31.0000 0x0a98 C:\WINDOWS\system32\drivers\redbook.sys - ok
21:42:31.0000 0x0a98 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:42:31.0000 0x0a98 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
21:42:31.0015 0x0a98 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
21:42:31.0015 0x0a98 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
21:42:31.0015 0x0a98 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
21:42:31.0015 0x0a98 C:\WINDOWS\system32\drivers\imapi.sys - ok
21:42:31.0015 0x0a98 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] C:\WINDOWS\system32\drivers\serscan.sys
21:42:31.0031 0x0a98 C:\WINDOWS\system32\drivers\serscan.sys - ok
21:42:31.0031 0x0a98 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
21:42:31.0031 0x0a98 C:\WINDOWS\system32\drivers\audstub.sys - ok
21:42:31.0031 0x0a98 [ 833C746986ADE2A7FF60D0805E90A117, D70010DAEB7DA8F0A58A2114274ADD1036335085D4820D70A0DB6F6CE9F836B4 ] C:\WINDOWS\system32\drivers\Ma730Vad.sys
21:42:31.0031 0x0a98 C:\WINDOWS\system32\drivers\Ma730Vad.sys - ok
21:42:31.0046 0x0a98 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] C:\WINDOWS\system32\drivers\ndistapi.sys
21:42:31.0046 0x0a98 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
21:42:31.0046 0x0a98 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
21:42:31.0046 0x0a98 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
21:42:31.0046 0x0a98 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
21:42:31.0046 0x0a98 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
21:42:31.0062 0x0a98 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
21:42:31.0062 0x0a98 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
21:42:31.0062 0x0a98 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
21:42:31.0062 0x0a98 C:\WINDOWS\system32\drivers\raspptp.sys - ok
21:42:31.0062 0x0a98 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
21:42:31.0062 0x0a98 C:\WINDOWS\system32\drivers\tdi.sys - ok
21:42:31.0078 0x0a98 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
21:42:31.0078 0x0a98 C:\WINDOWS\system32\drivers\psched.sys - ok
21:42:31.0078 0x0a98 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
21:42:31.0078 0x0a98 C:\WINDOWS\system32\drivers\msgpc.sys - ok
21:42:31.0078 0x0a98 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
21:42:31.0078 0x0a98 C:\WINDOWS\system32\drivers\ptilink.sys - ok
21:42:31.0093 0x0a98 [ E39FEC91892605CC434ED9E3AD9DE059, 60C8AB79011535692CE6F01B57824BC8D2EA91D993E800A5FB5DDCB9A794BA55 ] C:\WINDOWS\system32\drivers\ma730Pt.sys
21:42:31.0093 0x0a98 C:\WINDOWS\system32\drivers\ma730Pt.sys - ok
21:42:31.0093 0x0a98 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
21:42:31.0093 0x0a98 C:\WINDOWS\system32\drivers\raspti.sys - ok
21:42:31.0093 0x0a98 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
21:42:31.0093 0x0a98 C:\WINDOWS\system32\drivers\mouclass.sys - ok
21:42:31.0109 0x0a98 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] C:\WINDOWS\system32\drivers\rdpdr.sys
21:42:31.0109 0x0a98 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
21:42:31.0109 0x0a98 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
21:42:31.0109 0x0a98 C:\WINDOWS\system32\drivers\swenum.sys - ok
21:42:31.0109 0x0a98 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
21:42:31.0109 0x0a98 C:\WINDOWS\system32\drivers\termdd.sys - ok
21:42:31.0125 0x0a98 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
21:42:31.0125 0x0a98 C:\WINDOWS\system32\drivers\update.sys - ok
21:42:31.0125 0x0a98 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
21:42:31.0125 0x0a98 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
21:42:31.0125 0x0a98 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] C:\WINDOWS\system32\drivers\ndproxy.sys
21:42:31.0125 0x0a98 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
21:42:31.0140 0x0a98 [ DC6957811FF95F2DD3004361B20D8D3F, 6540FB6B8CF7A3E121DAE8BF038E4F567BD12093C1F51DF96679E1F9F1C0B3A2 ] C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:42:31.0140 0x0a98 C:\WINDOWS\system32\drivers\AtiHdmi.sys - ok
21:42:31.0140 0x0a98 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] C:\WINDOWS\system32\drivers\usbd.sys
21:42:31.0140 0x0a98 C:\WINDOWS\system32\drivers\usbd.sys - ok
21:42:31.0140 0x0a98 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
21:42:31.0140 0x0a98 C:\WINDOWS\system32\drivers\usbhub.sys - ok
21:42:31.0156 0x0a98 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:42:31.0156 0x0a98 C:\WINDOWS\system32\drivers\MODEMCSA.sys - ok
21:42:31.0156 0x0a98 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
21:42:31.0156 0x0a98 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
21:42:31.0156 0x0a98 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
21:42:31.0156 0x0a98 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
21:42:31.0171 0x0a98 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
21:42:31.0171 0x0a98 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
21:42:31.0171 0x0a98 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
21:42:31.0171 0x0a98 C:\WINDOWS\system32\drivers\beep.sys - ok
21:42:31.0171 0x0a98 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
21:42:31.0171 0x0a98 C:\WINDOWS\system32\drivers\null.sys - ok
21:42:31.0187 0x0a98 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] C:\WINDOWS\system32\drivers\ssrtln.sys
21:42:31.0187 0x0a98 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
21:42:31.0187 0x0a98 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] C:\WINDOWS\system32\drivers\hidparse.sys
21:42:31.0187 0x0a98 C:\WINDOWS\system32\drivers\hidparse.sys - ok
21:42:31.0187 0x0a98 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
21:42:31.0187 0x0a98 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
21:42:31.0203 0x0a98 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
21:42:31.0203 0x0a98 C:\WINDOWS\system32\drivers\vga.sys - ok
21:42:31.0203 0x0a98 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
21:42:31.0203 0x0a98 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
21:42:31.0203 0x0a98 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
21:42:31.0203 0x0a98 C:\WINDOWS\system32\drivers\msfs.sys - ok
21:42:31.0218 0x0a98 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
21:42:31.0218 0x0a98 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
21:42:31.0218 0x0a98 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
21:42:31.0218 0x0a98 C:\WINDOWS\system32\drivers\npfs.sys - ok
21:42:31.0218 0x0a98 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
21:42:31.0218 0x0a98 C:\WINDOWS\system32\drivers\ipsec.sys - ok
21:42:31.0218 0x0a98 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
21:42:31.0218 0x0a98 C:\WINDOWS\system32\drivers\rasacd.sys - ok
21:42:31.0234 0x0a98 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
21:42:31.0234 0x0a98 C:\WINDOWS\system32\drivers\tcpip.sys - ok
21:42:31.0234 0x0a98 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
21:42:31.0234 0x0a98 C:\WINDOWS\system32\drivers\netbt.sys - ok
21:42:31.0234 0x0a98 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
21:42:31.0234 0x0a98 C:\WINDOWS\system32\drivers\ipnat.sys - ok
21:42:31.0250 0x0a98 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] C:\WINDOWS\system32\drivers\afd.sys
21:42:31.0250 0x0a98 C:\WINDOWS\system32\drivers\afd.sys - ok
21:42:31.0250 0x0a98 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
21:42:31.0250 0x0a98 C:\WINDOWS\system32\drivers\netbios.sys - ok
21:42:31.0250 0x0a98 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
21:42:31.0250 0x0a98 C:\WINDOWS\system32\drivers\wanarp.sys - ok
21:42:31.0250 0x0a98 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:42:31.0250 0x0a98 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
21:42:31.0265 0x0a98 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
21:42:31.0265 0x0a98 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
21:42:31.0265 0x0a98 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
21:42:31.0265 0x0a98 C:\WINDOWS\system32\drivers\rdbss.sys - ok
21:42:31.0265 0x0a98 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
21:42:31.0265 0x0a98 C:\WINDOWS\system32\drivers\fips.sys - ok
21:42:31.0281 0x0a98 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
21:42:31.0281 0x0a98 C:\WINDOWS\system32\smss.exe - ok
21:42:31.0281 0x0a98 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
21:42:31.0281 0x0a98 C:\WINDOWS\system32\ntdll.dll - ok
21:42:31.0281 0x0a98 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
21:42:31.0281 0x0a98 C:\WINDOWS\system32\autochk.exe - ok
21:42:31.0281 0x0a98 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
21:42:31.0281 0x0a98 C:\WINDOWS\system32\sfcfiles.dll - ok
21:42:31.0296 0x0a98 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
21:42:31.0296 0x0a98 C:\WINDOWS\system32\drivers\cdfs.sys - ok
21:42:31.0296 0x0a98 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] C:\WINDOWS\system32\drivers\usbccgp.sys
21:42:31.0296 0x0a98 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
21:42:31.0296 0x0a98 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] C:\WINDOWS\system32\drivers\wpdusb.sys
21:42:31.0296 0x0a98 C:\WINDOWS\system32\drivers\wpdusb.sys - ok
21:42:31.0312 0x0a98 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] C:\WINDOWS\system32\drivers\WudfRd.sys
21:42:31.0312 0x0a98 C:\WINDOWS\system32\drivers\WudfRd.sys - ok
21:42:31.0312 0x0a98 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] C:\WINDOWS\system32\drivers\hidclass.sys
21:42:31.0312 0x0a98 C:\WINDOWS\system32\drivers\hidclass.sys - ok
21:42:31.0312 0x0a98 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] C:\WINDOWS\system32\drivers\hidusb.sys
21:42:31.0312 0x0a98 C:\WINDOWS\system32\drivers\hidusb.sys - ok
21:42:31.0328 0x0a98 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] C:\WINDOWS\system32\drivers\mouhid.sys
21:42:31.0328 0x0a98 C:\WINDOWS\system32\drivers\mouhid.sys - ok
21:42:31.0328 0x0a98 [ D593517879E65167DF35F6015814AC59, 26A61B7CB147DC817AC8601E531036A536016700A5560FC45B68F1DF672F9CF2 ] C:\WINDOWS\system32\drivers\iaStor.sys
21:42:31.0328 0x0a98 C:\WINDOWS\system32\drivers\iaStor.sys - ok
21:42:31.0328 0x0a98 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
21:42:31.0328 0x0a98 C:\WINDOWS\system32\drivers\dxapi.sys - ok
21:42:31.0328 0x0a98 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
21:42:31.0328 0x0a98 C:\WINDOWS\system32\watchdog.sys - ok
21:42:31.0343 0x0a98 [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] C:\WINDOWS\system32\win32k.sys
21:42:31.0343 0x0a98 C:\WINDOWS\system32\win32k.sys - ok
21:42:31.0343 0x0a98 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
21:42:31.0343 0x0a98 C:\WINDOWS\system32\csrss.exe - ok
21:42:31.0343 0x0a98 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
21:42:31.0343 0x0a98 C:\WINDOWS\system32\csrsrv.dll - ok
21:42:31.0359 0x0a98 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:42:31.0359 0x0a98 C:\WINDOWS\system32\basesrv.dll - ok
21:42:31.0359 0x0a98 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:42:31.0359 0x0a98 C:\WINDOWS\system32\winsrv.dll - ok
21:42:31.0359 0x0a98 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] C:\WINDOWS\system32\gdi32.dll
21:42:31.0359 0x0a98 C:\WINDOWS\system32\gdi32.dll - ok
21:42:31.0359 0x0a98 [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] C:\WINDOWS\system32\kernel32.dll
21:42:31.0359 0x0a98 C:\WINDOWS\system32\kernel32.dll - ok
21:42:31.0375 0x0a98 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
21:42:31.0375 0x0a98 C:\WINDOWS\system32\user32.dll - ok
21:42:31.0375 0x0a98 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
21:42:31.0375 0x0a98 C:\WINDOWS\system32\drivers\dxg.sys - ok
21:42:31.0375 0x0a98 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
21:42:31.0375 0x0a98 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
21:42:31.0390 0x0a98 [ 0DBE644571AE3708B0D8C8FD5B12C6EB, 14FEBDE7F99C80E190799DA27066DAD4A3685001ADF991D15FC002CA75D2444D ] C:\WINDOWS\system32\ati2dvag.dll
21:42:31.0390 0x0a98 C:\WINDOWS\system32\ati2dvag.dll - ok
21:42:31.0390 0x0a98 [ 2A07F610B65C65F39A9873CD2E8A029C, DE0453752F571E3813365B0BF0293947A36B52FBC32E79565003D3C1A272D549 ] C:\WINDOWS\system32\ati2cqag.dll
21:42:31.0390 0x0a98 C:\WINDOWS\system32\ati2cqag.dll - ok
21:42:31.0390 0x0a98 [ 1C83E95123F4B13E64A33C8F858CCD27, D5CB7D5AC75A443E34A99F78DB1BECC25F14BED85A760733E39BE7CC069775ED ] C:\WINDOWS\system32\atikvmag.dll
21:42:31.0390 0x0a98 C:\WINDOWS\system32\atikvmag.dll - ok
21:42:31.0390 0x0a98 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
21:42:31.0390 0x0a98 C:\WINDOWS\system32\vga.dll - ok
21:42:31.0406 0x0a98 [ AC3D63AC924D97699CABC2AD9CCF2749, 1B3C1794189BB0EB50581234E3EDE27D238196936549ABF78EF00BDA4A6EAC12 ] C:\WINDOWS\system32\atiok3x2.dll
21:42:31.0406 0x0a98 C:\WINDOWS\system32\atiok3x2.dll - ok
21:42:31.0406 0x0a98 [ 9564556155BAB48E501173BEC4246488, 0EA7BFCF36F853DB798D9973F8B15A0BF67AE827A8A8C57E820D839640F200ED ] C:\WINDOWS\system32\ati3duag.dll
21:42:31.0406 0x0a98 C:\WINDOWS\system32\ati3duag.dll - ok
21:42:31.0406 0x0a98 [ 2B5B6C9596F7D7E0C2D8DDC346622291, 81E3E9C44869F13CBE5AD68ABC08FC5B28B86C89C822CD69DB1B9BC1702E445D ] C:\WINDOWS\system32\ativvaxx.dll
21:42:31.0406 0x0a98 C:\WINDOWS\system32\ativvaxx.dll - ok
21:42:31.0421 0x0a98 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
21:42:31.0421 0x0a98 C:\WINDOWS\system32\winlogon.exe - ok
21:42:31.0421 0x0a98 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll


----------



## 7dees (Oct 4, 2009)

21:42:31.0421 0x0a98 C:\WINDOWS\system32\advapi32.dll - ok
21:42:31.0421 0x0a98 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] C:\WINDOWS\system32\rpcrt4.dll
21:42:31.0421 0x0a98 C:\WINDOWS\system32\rpcrt4.dll - ok
21:42:31.0421 0x0a98 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
21:42:31.0421 0x0a98 C:\WINDOWS\system32\secur32.dll - ok
21:42:31.0437 0x0a98 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
21:42:31.0437 0x0a98 C:\WINDOWS\system32\authz.dll - ok
21:42:31.0437 0x0a98 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
21:42:31.0437 0x0a98 C:\WINDOWS\system32\msvcrt.dll - ok
21:42:31.0437 0x0a98 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] C:\WINDOWS\system32\crypt32.dll
21:42:31.0437 0x0a98 C:\WINDOWS\system32\crypt32.dll - ok
21:42:31.0453 0x0a98 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
21:42:31.0453 0x0a98 C:\WINDOWS\system32\msasn1.dll - ok
21:42:31.0453 0x0a98 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
21:42:31.0453 0x0a98 C:\WINDOWS\system32\nddeapi.dll - ok
21:42:31.0453 0x0a98 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
21:42:31.0453 0x0a98 C:\WINDOWS\system32\netapi32.dll - ok
21:42:31.0453 0x0a98 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
21:42:31.0453 0x0a98 C:\WINDOWS\system32\profmap.dll - ok
21:42:31.0468 0x0a98 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
21:42:31.0468 0x0a98 C:\WINDOWS\system32\userenv.dll - ok
21:42:31.0468 0x0a98 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
21:42:31.0468 0x0a98 C:\WINDOWS\system32\psapi.dll - ok
21:42:31.0468 0x0a98 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
21:42:31.0468 0x0a98 C:\WINDOWS\system32\regapi.dll - ok
21:42:31.0468 0x0a98 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
21:42:31.0484 0x0a98 C:\WINDOWS\system32\setupapi.dll - ok
21:42:31.0484 0x0a98 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
21:42:31.0484 0x0a98 C:\WINDOWS\system32\version.dll - ok
21:42:31.0484 0x0a98 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
21:42:31.0484 0x0a98 C:\WINDOWS\system32\winsta.dll - ok
21:42:31.0484 0x0a98 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
21:42:31.0484 0x0a98 C:\WINDOWS\system32\wintrust.dll - ok
21:42:31.0500 0x0a98 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] C:\WINDOWS\system32\imagehlp.dll
21:42:31.0500 0x0a98 C:\WINDOWS\system32\imagehlp.dll - ok
21:42:31.0500 0x0a98 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
21:42:31.0500 0x0a98 C:\WINDOWS\system32\imm32.dll - ok
21:42:31.0500 0x0a98 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
21:42:31.0500 0x0a98 C:\WINDOWS\system32\ws2help.dll - ok
21:42:31.0515 0x0a98 [ 2ED0B7F12A60F90092081C50FA0EC2B2, D29F59DA8565B3C05B69E413CAFA4BAD1FF7D41739EF1519874E02CB088B5DE9 ] C:\WINDOWS\system32\ws2_32.dll
21:42:31.0515 0x0a98 C:\WINDOWS\system32\ws2_32.dll - ok
21:42:31.0515 0x0a98 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
21:42:31.0515 0x0a98 C:\WINDOWS\system32\kbdus.dll - ok
21:42:31.0515 0x0a98 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
21:42:31.0515 0x0a98 C:\WINDOWS\system32\msgina.dll - ok
21:42:31.0515 0x0a98 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
21:42:31.0515 0x0a98 C:\WINDOWS\system32\comctl32.dll - ok
21:42:31.0531 0x0a98 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
21:42:31.0531 0x0a98 C:\WINDOWS\system32\odbc32.dll - ok
21:42:31.0531 0x0a98 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
21:42:31.0531 0x0a98 C:\WINDOWS\system32\comdlg32.dll - ok
21:42:31.0531 0x0a98 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
21:42:31.0531 0x0a98 C:\WINDOWS\system32\shell32.dll - ok
21:42:31.0546 0x0a98 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
21:42:31.0546 0x0a98 C:\WINDOWS\system32\shlwapi.dll - ok
21:42:31.0546 0x0a98 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
21:42:31.0546 0x0a98 C:\WINDOWS\system32\sxs.dll - ok
21:42:31.0546 0x0a98 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
21:42:31.0546 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
21:42:31.0546 0x0a98 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
21:42:31.0546 0x0a98 C:\WINDOWS\system32\odbcint.dll - ok
21:42:31.0562 0x0a98 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
21:42:31.0562 0x0a98 C:\WINDOWS\system32\shsvcs.dll - ok
21:42:31.0562 0x0a98 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
21:42:31.0562 0x0a98 C:\WINDOWS\system32\sfc.dll - ok
21:42:31.0562 0x0a98 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
21:42:31.0562 0x0a98 C:\WINDOWS\system32\sfc_os.dll - ok
21:42:31.0578 0x0a98 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] C:\WINDOWS\system32\ole32.dll
21:42:31.0578 0x0a98 C:\WINDOWS\system32\ole32.dll - ok
21:42:31.0578 0x0a98 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
21:42:31.0578 0x0a98 C:\WINDOWS\system32\apphelp.dll - ok
21:42:31.0578 0x0a98 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
21:42:31.0578 0x0a98 C:\WINDOWS\system32\lsass.exe - ok
21:42:31.0578 0x0a98 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:42:31.0578 0x0a98 C:\WINDOWS\system32\services.exe - ok
21:42:31.0593 0x0a98 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
21:42:31.0593 0x0a98 C:\WINDOWS\system32\lsasrv.dll - ok
21:42:31.0593 0x0a98 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
21:42:31.0593 0x0a98 C:\WINDOWS\system32\msvcp60.dll - ok
21:42:31.0593 0x0a98 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
21:42:31.0593 0x0a98 C:\WINDOWS\system32\ncobjapi.dll - ok
21:42:31.0609 0x0a98 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
21:42:31.0609 0x0a98 C:\WINDOWS\system32\scesrv.dll - ok
21:42:31.0609 0x0a98 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
21:42:31.0609 0x0a98 C:\WINDOWS\system32\umpnpmgr.dll - ok
21:42:31.0609 0x0a98 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
21:42:31.0609 0x0a98 C:\WINDOWS\system32\mpr.dll - ok
21:42:31.0609 0x0a98 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
21:42:31.0609 0x0a98 C:\WINDOWS\system32\ntdsapi.dll - ok
21:42:31.0625 0x0a98 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
21:42:31.0625 0x0a98 C:\WINDOWS\system32\shimeng.dll - ok
21:42:31.0625 0x0a98 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\acadproc.dll
21:42:31.0625 0x0a98 C:\WINDOWS\AppPatch\acadproc.dll - ok
21:42:31.0625 0x0a98 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
21:42:31.0625 0x0a98 C:\WINDOWS\system32\dnsapi.dll - ok
21:42:31.0640 0x0a98 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
21:42:31.0640 0x0a98 C:\WINDOWS\system32\wldap32.dll - ok
21:42:31.0640 0x0a98 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
21:42:31.0640 0x0a98 C:\WINDOWS\system32\samlib.dll - ok
21:42:31.0640 0x0a98 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
21:42:31.0640 0x0a98 C:\WINDOWS\system32\samsrv.dll - ok
21:42:31.0640 0x0a98 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\acgenral.dll
21:42:31.0640 0x0a98 C:\WINDOWS\AppPatch\acgenral.dll - ok
21:42:31.0656 0x0a98 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
21:42:31.0656 0x0a98 C:\WINDOWS\system32\cryptdll.dll - ok
21:42:31.0656 0x0a98 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
21:42:31.0656 0x0a98 C:\WINDOWS\system32\winmm.dll - ok
21:42:31.0656 0x0a98 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
21:42:31.0656 0x0a98 C:\WINDOWS\system32\oleaut32.dll - ok
21:42:31.0671 0x0a98 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
21:42:31.0671 0x0a98 C:\WINDOWS\system32\msacm32.dll - ok
21:42:31.0671 0x0a98 [ E73F18195CCF4AAAA87B2D22E83F791C, D15F9D27F9F2182A97AD9D221520675465487CC3B7CFA80B210925FC5D5C42E1 ] C:\WINDOWS\system32\serwvdrv.dll
21:42:31.0671 0x0a98 C:\WINDOWS\system32\serwvdrv.dll - ok
21:42:31.0671 0x0a98 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
21:42:31.0671 0x0a98 C:\WINDOWS\system32\uxtheme.dll - ok
21:42:31.0687 0x0a98 [ 83A083A42F97BCF3F8E016820178DDE2, FE051C1D74EC67F843BE1B04F1D048DF4DDBA4DFB35BAC917DC890ACB21A7AAB ] C:\WINDOWS\system32\vct3216.acm
21:42:31.0687 0x0a98 C:\WINDOWS\system32\vct3216.acm - ok
21:42:31.0687 0x0a98 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
21:42:31.0687 0x0a98 C:\WINDOWS\system32\msapsspc.dll - ok
21:42:31.0687 0x0a98 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
21:42:31.0687 0x0a98 C:\WINDOWS\system32\msvcrt40.dll - ok
21:42:31.0703 0x0a98 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
21:42:31.0703 0x0a98 C:\WINDOWS\system32\schannel.dll - ok
21:42:31.0703 0x0a98 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
21:42:31.0703 0x0a98 C:\WINDOWS\system32\digest.dll - ok
21:42:31.0718 0x0a98 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
21:42:31.0718 0x0a98 C:\WINDOWS\system32\msnsspc.dll - ok
21:42:31.0718 0x0a98 [ 3F790874A85819E94574F3E7AF9C5806, 9D398D6752ED407C1E7F9B08A79DA77ACFFC060D28FA0F357C0BD5D4DE8AAD97 ] C:\WINDOWS\system32\msctfime.ime
21:42:31.0718 0x0a98 C:\WINDOWS\system32\msctfime.ime - ok
21:42:31.0718 0x0a98 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
21:42:31.0718 0x0a98 C:\WINDOWS\system32\msprivs.dll - ok
21:42:31.0734 0x0a98 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
21:42:31.0734 0x0a98 C:\WINDOWS\system32\kerberos.dll - ok
21:42:31.0734 0x0a98 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] C:\WINDOWS\system32\atmfd.dll
21:42:31.0734 0x0a98 C:\WINDOWS\system32\atmfd.dll - ok
21:42:31.0750 0x0a98 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
21:42:31.0750 0x0a98 C:\WINDOWS\system32\msv1_0.dll - ok
21:42:31.0750 0x0a98 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
21:42:31.0750 0x0a98 C:\WINDOWS\system32\iphlpapi.dll - ok
21:42:31.0750 0x0a98 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
21:42:31.0750 0x0a98 C:\WINDOWS\system32\netlogon.dll - ok
21:42:31.0765 0x0a98 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
21:42:31.0765 0x0a98 C:\WINDOWS\system32\w32time.dll - ok
21:42:31.0765 0x0a98 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
21:42:31.0765 0x0a98 C:\WINDOWS\system32\wdigest.dll - ok
21:42:31.0781 0x0a98 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
21:42:31.0781 0x0a98 C:\WINDOWS\system32\rsaenh.dll - ok
21:42:31.0781 0x0a98 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
21:42:31.0781 0x0a98 C:\WINDOWS\system32\winscard.dll - ok
21:42:31.0781 0x0a98 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
21:42:31.0781 0x0a98 C:\WINDOWS\system32\wtsapi32.dll - ok
21:42:31.0796 0x0a98 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
21:42:31.0796 0x0a98 C:\WINDOWS\system32\scecli.dll - ok
21:42:31.0796 0x0a98 [ FA4670CAE95AE2BB857C68E535661145, 23AE41E92F03B93201BE140A41F02F2106AC4DDBD35B5A0F27FC3B7A28F36096 ] C:\WINDOWS\system32\drivers\drvnddm.sys
21:42:31.0796 0x0a98 C:\WINDOWS\system32\drivers\drvnddm.sys - ok
21:42:31.0812 0x0a98 [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] C:\WINDOWS\system32\drivers\mbam.sys
21:42:31.0812 0x0a98 C:\WINDOWS\system32\drivers\mbam.sys - ok
21:42:31.0812 0x0a98 [ AED25CDB09FB4E56F45DAF6C9A1D3ED3, 4915FF84EE63846778C5517A90769D8EA8D25CCAF029AB5383159555648FDE1B ] C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:42:31.0812 0x0a98 C:\WINDOWS\system32\drivers\mbamchameleon.sys - ok
21:42:31.0828 0x0a98 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950, F81AE604B8411A8A8EA69C07391F0FF4353BFC4BD9C5317EE8E33843863F6E88 ] C:\WINDOWS\system32\dla\tfsndres.sys
21:42:31.0828 0x0a98 C:\WINDOWS\system32\dla\tfsndres.sys - ok
21:42:31.0828 0x0a98 [ 9D644EB11FEC9487450C4CFCD63A5DF4, FF75E6DD5BDECDDEF6C2A8AC0965557EC800246BB92949886F8A9870A87C1A32 ] C:\WINDOWS\system32\dla\tfsnifs.sys
21:42:31.0828 0x0a98 C:\WINDOWS\system32\dla\tfsnifs.sys - ok
21:42:31.0828 0x0a98 [ 1D265CD2FB1673A0873BF8CEC19DDC7F, 04A284BA8EAB1C47BB4D5114D0E812F40E76663AFE3268E0B21C47BD9D97FBEF ] C:\WINDOWS\system32\dla\tfsnboio.sys
21:42:31.0828 0x0a98 C:\WINDOWS\system32\dla\tfsnboio.sys - ok
21:42:31.0843 0x0a98 [ 62E4901295E0467CAC78E5B4B131AE5C, A009B1E2CC024C3F638F488AB34E5CD21BA2FE67FB717D99EB932DDC2E5B49AA ] C:\WINDOWS\system32\dla\tfsncofs.sys
21:42:31.0843 0x0a98 C:\WINDOWS\system32\dla\tfsncofs.sys - ok
21:42:31.0843 0x0a98 [ E656AF05C67EDB7C0E9230A5DF71ED1B, 09A0FCF985F65EBC13A5C12044082A6324FBFFF8B3B11584791D62A5682A6CEF ] C:\WINDOWS\system32\dla\tfsnopio.sys
21:42:31.0843 0x0a98 C:\WINDOWS\system32\dla\tfsnopio.sys - ok
21:42:31.0859 0x0a98 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB, A5C1BDD7A93CBBD0286BB3EF5F1A7939F81E627295EE17EAC9F3782696714339 ] C:\WINDOWS\system32\dla\tfsnpool.sys
21:42:31.0859 0x0a98 C:\WINDOWS\system32\dla\tfsnpool.sys - ok
21:42:31.0859 0x0a98 [ A2F380F9252AB3464C859ADF91EEAD9C, 789597FA7EB2AE66C12A40F39D78FC5CBF7B13D34487E7FE9AF2555FDCB8BCC4 ] C:\WINDOWS\system32\dla\tfsndrct.sys
21:42:31.0859 0x0a98 C:\WINDOWS\system32\dla\tfsndrct.sys - ok
21:42:31.0875 0x0a98 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6, E3CC788CD5A1E6CC6998D082A80D0C88C077562C3F8C3887867DB8B9EF0FB5FD ] C:\WINDOWS\system32\dla\tfsnudf.sys
21:42:31.0875 0x0a98 C:\WINDOWS\system32\dla\tfsnudf.sys - ok
21:42:31.0875 0x0a98 [ 79F60822224256B49BFC855DA8D651D5, 27CE1E861326CA6322EADE20137FB25D3E61EE6D952E03BF9E6A81C7E6814CBD ] C:\WINDOWS\system32\dla\tfsnudfa.sys
21:42:31.0875 0x0a98 C:\WINDOWS\system32\dla\tfsnudfa.sys - ok
21:42:31.0875 0x0a98 [ 281D26DF656E53DAB568214EE282EC46, 6ABCAF3EBD84B20D9B5A741998E0780EDC315C81D490F7CA4F22E5FF1C5DD269 ] C:\WINDOWS\system32\ati2evxx.exe
21:42:31.0875 0x0a98 C:\WINDOWS\system32\ati2evxx.exe - ok
21:42:31.0890 0x0a98 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
21:42:31.0890 0x0a98 C:\WINDOWS\system32\powrprof.dll - ok
21:42:31.0890 0x0a98 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
21:42:31.0890 0x0a98 C:\WINDOWS\system32\cfgmgr32.dll - ok
21:42:31.0906 0x0a98 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
21:42:31.0906 0x0a98 C:\WINDOWS\system32\svchost.exe - ok
21:42:31.0906 0x0a98 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
21:42:31.0906 0x0a98 C:\WINDOWS\system32\ntmarta.dll - ok
21:42:31.0906 0x0a98 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
21:42:31.0906 0x0a98 C:\WINDOWS\system32\rpcss.dll - ok
21:42:31.0921 0x0a98 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
21:42:31.0921 0x0a98 C:\WINDOWS\system32\xpsp2res.dll - ok
21:42:31.0921 0x0a98 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
21:42:31.0921 0x0a98 C:\WINDOWS\system32\eventlog.dll - ok
21:42:31.0921 0x0a98 [ FD62E257BF1A940415197FB964315BA6, 6C611CC3CE7889997DE160F42A837DCFD07B782AB833DAA6F5E255543E36D46B ] C:\WINDOWS\system32\ati2edxx.dll
21:42:31.0921 0x0a98 C:\WINDOWS\system32\ati2edxx.dll - ok
21:42:31.0921 0x0a98 [ F90349D713FF9DA761465EA5FAC105E0, 23448AC537551CC72438935E9FD0C1363F4F7FDAACA404A7575D1765A86009E0 ] C:\WINDOWS\system32\atipdlxx.dll
21:42:31.0921 0x0a98 C:\WINDOWS\system32\atipdlxx.dll - ok
21:42:31.0937 0x0a98 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
21:42:31.0937 0x0a98 C:\WINDOWS\system32\hnetcfg.dll - ok
21:42:31.0937 0x0a98 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
21:42:31.0937 0x0a98 C:\WINDOWS\system32\mswsock.dll - ok
21:42:31.0937 0x0a98 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
21:42:31.0937 0x0a98 C:\WINDOWS\system32\winrnr.dll - ok
21:42:31.0953 0x0a98 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
21:42:31.0953 0x0a98 C:\WINDOWS\system32\wshtcpip.dll - ok
21:42:31.0953 0x0a98 [ 40947436A70E0034E41123DF5A0A7702, 5D40FD92DA5CA59C1BADB58AD509DB6A6D613F18660A9A270A53ECA85D34C3A9 ] C:\Program Files\Bonjour\mdnsNSP.dll
21:42:31.0953 0x0a98 C:\Program Files\Bonjour\mdnsNSP.dll - ok
21:42:31.0953 0x0a98 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
21:42:31.0953 0x0a98 C:\WINDOWS\system32\rasadhlp.dll - ok
21:42:31.0953 0x0a98 [ 50D2BEDFEF6800A3B64F032A67053738, F8934604A392264CD3631CAD9C64BC1093AA6E4F60CF4DDF24B6D87AAA43EBD2 ] C:\WINDOWS\system32\ati2evxx.dll
21:42:31.0953 0x0a98 C:\WINDOWS\system32\ati2evxx.dll - ok
21:42:31.0968 0x0a98 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
21:42:31.0968 0x0a98 C:\WINDOWS\system32\logonui.exe - ok
21:42:31.0968 0x0a98 [ 6110008AB366B98C4C364DD155D8FF55, F355415EC51154220DDC835A3B42620BF22A222BB5BBE7850B8817672CFB97A2 ] C:\WINDOWS\system32\atiadlxx.dll
21:42:31.0968 0x0a98 C:\WINDOWS\system32\atiadlxx.dll - ok
21:42:31.0968 0x0a98 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
21:42:31.0968 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
21:42:31.0968 0x0a98 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
21:42:31.0968 0x0a98 C:\WINDOWS\system32\duser.dll - ok
21:42:31.0984 0x0a98 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] C:\WINDOWS\system32\WudfSvc.dll
21:42:31.0984 0x0a98 C:\WINDOWS\system32\WudfSvc.dll - ok
21:42:31.0984 0x0a98 [ 5CAF91E865FE0C85048A233E594544D2, 23B16D6CB30E124D37949EFCF261BCD9D9872FE2F3852FC345F32283E3D04178 ] C:\WINDOWS\system32\WudfPlatform.dll
21:42:31.0984 0x0a98 C:\WINDOWS\system32\WudfPlatform.dll - ok
21:42:31.0984 0x0a98 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
21:42:31.0984 0x0a98 C:\WINDOWS\system32\msimg32.dll - ok
21:42:32.0000 0x0a98 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
21:42:32.0000 0x0a98 C:\WINDOWS\system32\oleacc.dll - ok
21:42:32.0000 0x0a98 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
21:42:32.0000 0x0a98 C:\WINDOWS\system32\clbcatq.dll - ok
21:42:32.0000 0x0a98 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
21:42:32.0000 0x0a98 C:\WINDOWS\system32\comres.dll - ok
21:42:32.0015 0x0a98 [ E0087225B137E57239FF40F8AE82059B, A03EF9778F267EEBBAD8F72AC0E492872AF73BCA435CCF5C336A8475046B1672 ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
21:42:32.0015 0x0a98 C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
21:42:32.0015 0x0a98 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
21:42:32.0015 0x0a98 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
21:42:32.0015 0x0a98 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
21:42:32.0015 0x0a98 C:\WINDOWS\system32\shgina.dll - ok
21:42:32.0015 0x0a98 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
21:42:32.0015 0x0a98 C:\WINDOWS\system32\dhcpcsvc.dll - ok
21:42:32.0031 0x0a98 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
21:42:32.0031 0x0a98 C:\WINDOWS\system32\cscdll.dll - ok
21:42:32.0031 0x0a98 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
21:42:32.0031 0x0a98 C:\WINDOWS\system32\dimsntfy.dll - ok
21:42:32.0031 0x0a98 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
21:42:32.0031 0x0a98 C:\WINDOWS\system32\wlnotify.dll - ok
21:42:32.0046 0x0a98 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
21:42:32.0046 0x0a98 C:\WINDOWS\system32\winspool.drv - ok
21:42:32.0046 0x0a98 [ 02CF580510234E519736559A7F19EA20, 93DC16678B01DF2E12672AB93778151FDD7FF10C30CEF7A921553D86F97C3819 ] C:\WINDOWS\system32\WgaLogon.dll
21:42:32.0046 0x0a98 C:\WINDOWS\system32\WgaLogon.dll - ok
21:42:32.0046 0x0a98 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] C:\WINDOWS\system32\msxml3.dll
21:42:32.0046 0x0a98 C:\WINDOWS\system32\msxml3.dll - ok
21:42:32.0046 0x0a98 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
21:42:32.0046 0x0a98 C:\WINDOWS\system32\lmhsvc.dll - ok
21:42:32.0062 0x0a98 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
21:42:32.0062 0x0a98 C:\WINDOWS\system32\wzcsvc.dll - ok
21:42:32.0062 0x0a98 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
21:42:32.0062 0x0a98 C:\WINDOWS\system32\eapolqec.dll - ok
21:42:32.0062 0x0a98 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
21:42:32.0062 0x0a98 C:\WINDOWS\system32\rtutils.dll - ok
21:42:32.0078 0x0a98 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
21:42:32.0078 0x0a98 C:\WINDOWS\system32\wmi.dll - ok
21:42:32.0078 0x0a98 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
21:42:32.0078 0x0a98 C:\WINDOWS\system32\atl.dll - ok
21:42:32.0078 0x0a98 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
21:42:32.0078 0x0a98 C:\WINDOWS\system32\qutil.dll - ok
21:42:32.0078 0x0a98 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
21:42:32.0078 0x0a98 C:\WINDOWS\system32\dot3api.dll - ok
21:42:32.0093 0x0a98 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
21:42:32.0093 0x0a98 C:\WINDOWS\system32\esent.dll - ok
21:42:32.0093 0x0a98 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
21:42:32.0093 0x0a98 C:\WINDOWS\system32\cryptui.dll - ok
21:42:32.0093 0x0a98 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
21:42:32.0093 0x0a98 C:\WINDOWS\system32\rastls.dll - ok
21:42:32.0109 0x0a98 [ 8AF91E4B4C1F5338EBE1548117304296, 493F46CB43496B8158924229094374D4531DA32E3C77FF4F86FCB86DEACFB79B ] C:\WINDOWS\system32\wininet.dll
21:42:32.0109 0x0a98 C:\WINDOWS\system32\wininet.dll - ok
21:42:32.0109 0x0a98 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
21:42:32.0109 0x0a98 C:\WINDOWS\system32\normaliz.dll - ok
21:42:32.0109 0x0a98 [ 1387AB5807E7A29D880699CC733F6AED, 0A3B777546E5F5EBC7914118D0BB32546279AEC726FED05519E0CF8F97DFA039 ] C:\WINDOWS\system32\urlmon.dll
21:42:32.0109 0x0a98 C:\WINDOWS\system32\urlmon.dll - ok
21:42:32.0109 0x0a98 [ 89A1EE0C4046375B4B9E0B010C90C802, 51D54DA31E30487E73B50F482F1A04F273BC812F3AB2C415D09CB44956097E11 ] C:\WINDOWS\system32\iertutil.dll
21:42:32.0109 0x0a98 C:\WINDOWS\system32\iertutil.dll - ok
21:42:32.0125 0x0a98 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
21:42:32.0125 0x0a98 C:\WINDOWS\system32\mprapi.dll - ok
21:42:32.0125 0x0a98 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
21:42:32.0125 0x0a98 C:\WINDOWS\system32\activeds.dll - ok
21:42:32.0125 0x0a98 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
21:42:32.0125 0x0a98 C:\WINDOWS\system32\adsldpc.dll - ok
21:42:32.0140 0x0a98 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
21:42:32.0140 0x0a98 C:\WINDOWS\system32\rasapi32.dll - ok
21:42:32.0140 0x0a98 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
21:42:32.0140 0x0a98 C:\WINDOWS\system32\rasman.dll - ok
21:42:32.0140 0x0a98 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
21:42:32.0140 0x0a98 C:\WINDOWS\system32\tapi32.dll - ok
21:42:32.0140 0x0a98 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
21:42:32.0140 0x0a98 C:\WINDOWS\system32\riched20.dll - ok
21:42:32.0156 0x0a98 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
21:42:32.0156 0x0a98 C:\WINDOWS\system32\raschap.dll - ok
21:42:32.0156 0x0a98 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] C:\WINDOWS\system32\schedsvc.dll
21:42:32.0156 0x0a98 C:\WINDOWS\system32\schedsvc.dll - ok
21:42:32.0156 0x0a98 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] C:\WINDOWS\system32\msidle.dll
21:42:32.0156 0x0a98 C:\WINDOWS\system32\msidle.dll - ok
21:42:32.0171 0x0a98 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
21:42:32.0171 0x0a98 C:\WINDOWS\system32\spoolsv.exe - ok
21:42:32.0171 0x0a98 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
21:42:32.0171 0x0a98 C:\WINDOWS\system32\audiosrv.dll - ok
21:42:32.0171 0x0a98 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
21:42:32.0171 0x0a98 C:\WINDOWS\system32\wkssvc.dll - ok
21:42:32.0171 0x0a98 [ 2ED5A170CF9E2ED6920DC1745D0D8029, 2705C092BC2CAFCB9B42DFD2B9C92EFB381C80002B9B255757DCBA1E7FFC09F8 ] C:\WINDOWS\system32\WudfHost.exe
21:42:32.0171 0x0a98 C:\WINDOWS\system32\WudfHost.exe - ok
21:42:32.0187 0x0a98 [ 484A95656B257D988A2A13D5954D1569, 95F9C811713E44EBBC252B449D6F9883DB5DA67AABCBA9F6A535778BC665EB07 ] C:\WINDOWS\system32\WUDFx.dll
21:42:32.0187 0x0a98 C:\WINDOWS\system32\WUDFx.dll - ok
21:42:32.0187 0x0a98 [ 5929A2A4B2A3F1B59FE9BBDC1CCF5375, 95E312B4024FF99847EB0EC323D728669E6D58C88F3679526A5363DB0F8C6B85 ] C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
21:42:32.0187 0x0a98 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll - ok
21:42:32.0187 0x0a98 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
21:42:32.0187 0x0a98 C:\WINDOWS\system32\spoolss.dll - ok
21:42:32.0203 0x0a98 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] C:\WINDOWS\system32\localspl.dll
21:42:32.0203 0x0a98 C:\WINDOWS\system32\localspl.dll - ok
21:42:32.0203 0x0a98 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
21:42:32.0203 0x0a98 C:\WINDOWS\system32\cnbjmon.dll - ok
21:42:32.0203 0x0a98 [ 71D2C211471FCF13A14ACBFEA54FEE1D, DEC82CFA913ABD4C413211D3C64292A5DD5982246F5F05515115B95CC97793DC ] C:\WINDOWS\system32\fppmon3.dll
21:42:32.0203 0x0a98 C:\WINDOWS\system32\fppmon3.dll - ok
21:42:32.0203 0x0a98 [ D4A0F21A0CA8B936586F58178DCC849D, 6C2438F5B2B70B23C0CDE45E99D7D80CFEBD1A11D183C5602B04D1B01CC0E3BE ] C:\WINDOWS\system32\fppr332.dll
21:42:32.0203 0x0a98 C:\WINDOWS\system32\fppr332.dll - ok
21:42:32.0218 0x0a98 [ 322FD75A97DBA67FC8F97A9957F857F1, 52CC0FBBE9769C0C751F886E0ED58ED263FB9175F323C603E7BAB876AE60D196 ] C:\WINDOWS\system32\mdimon.dll
21:42:32.0218 0x0a98 C:\WINDOWS\system32\mdimon.dll - ok
21:42:32.0218 0x0a98 [ 8C22083ED515DC94D575438662F0BE6A, 67DC2A393AE31764C090BE2AEFAD3E20220538152157BAEBF366112166FEAB23 ] C:\WINDOWS\system32\msi.dll
21:42:32.0218 0x0a98 C:\WINDOWS\system32\msi.dll - ok
21:42:32.0218 0x0a98 [ ABF7188176C4666BB9E66E2C80C4E7F6, 776CDF98542986B156B61AB60D936C35ACAA5EEDB39E6C4ABACF6839DB9A8839 ] C:\WINDOWS\system32\wpdmtp.dll
21:42:32.0218 0x0a98 C:\WINDOWS\system32\wpdmtp.dll - ok
21:42:32.0234 0x0a98 [ 1B56359F8D0CFCDA883AD5B189C956A5, 23CD12AE4359FBFD202C4A60612868C2093A5649023185A8AC3C245B3AFEF30B ] C:\WINDOWS\system32\wpdconns.dll
21:42:32.0234 0x0a98 C:\WINDOWS\system32\wpdconns.dll - ok
21:42:32.0234 0x0a98 [ C230E6B5322382F56C8193448E4754D5, C0D9E43D72A35A1C25DB660ACDC99A677395370C1AB84329A0EE8CCDE7A05F92 ] C:\WINDOWS\system32\wpdmtpus.dll
21:42:32.0234 0x0a98 C:\WINDOWS\system32\wpdmtpus.dll - ok
21:42:32.0234 0x0a98 [ D143125485DFF8066E4D26E7E6E35B98, 21EFE69AB8D37445FA294BB25F7867C883487B28F843744379A056E2E85410C6 ] C:\WINDOWS\system32\hpz3l4v6.dll
21:42:32.0234 0x0a98 C:\WINDOWS\system32\hpz3l4v6.dll - ok
21:42:32.0234 0x0a98 [ 195A250167FBA93B3AEAC87227AF61EF, 6556EECE79BC71C9D1C10BD8C050EF0ADBB3174142E8DAFA507EC61DDC9D24E0 ] C:\WINDOWS\system32\hpz3l4x6.dll
21:42:32.0234 0x0a98 C:\WINDOWS\system32\hpz3l4x6.dll - ok
21:42:32.0250 0x0a98 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
21:42:32.0250 0x0a98 C:\WINDOWS\system32\cscui.dll - ok
21:42:32.0250 0x0a98 [ 8AB1CF6FACFEC31E869B16E15C01ADB1, 50344668B299F7763FCD460039F1A5B156A9C8AD0ECDBE3B5B9ACA2F1FC95A95 ] C:\WINDOWS\system32\hpz3l58a.dll
21:42:32.0250 0x0a98 C:\WINDOWS\system32\hpz3l58a.dll - ok
21:42:32.0250 0x0a98 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
21:42:32.0250 0x0a98 C:\WINDOWS\system32\pjlmon.dll - ok
21:42:32.0265 0x0a98 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
21:42:32.0265 0x0a98 C:\WINDOWS\system32\tcpmon.dll - ok
21:42:32.0265 0x0a98 [ 6C26DCF01E2A92F183B97D434017268A, 0863B9AE37002CA3E1034A7FBDE80C3D0E4469A4561140EDE42EDD947E61DBD3 ] C:\WINDOWS\system32\dpcdll.dll
21:42:32.0265 0x0a98 C:\WINDOWS\system32\dpcdll.dll - ok
21:42:32.0265 0x0a98 [ 8357809E111E09393633039769D96281, F30DA86C2303B906C0BF752794F8A890F954FB9D860BDA688B72D3D1E214BECE ] C:\WINDOWS\system32\tcpmib.dll
21:42:32.0265 0x0a98 C:\WINDOWS\system32\tcpmib.dll - ok
21:42:32.0265 0x0a98 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
21:42:32.0265 0x0a98 C:\WINDOWS\system32\wdmaud.drv - ok
21:42:32.0281 0x0a98 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
21:42:32.0281 0x0a98 C:\WINDOWS\system32\wsock32.dll - ok
21:42:32.0281 0x0a98 [ 1E744353BD534405187A404667DA3DC3, ACE581FBF36BD511C64E37760526F1BB7172FD5045708BA836933D8FACC4FAFA ] C:\WINDOWS\system32\mgmtapi.dll
21:42:32.0281 0x0a98 C:\WINDOWS\system32\mgmtapi.dll - ok
21:42:32.0281 0x0a98 [ 5C1F0537E61F87B435F56E00B4F20EE8, AA4BAD8612F45125421C13536D6E7FB4C85BA6DE7D61BDE19949286FB1910B3D ] C:\WINDOWS\system32\snmpapi.dll
21:42:32.0281 0x0a98 C:\WINDOWS\system32\snmpapi.dll - ok
21:42:32.0296 0x0a98 [ 277F3E3333F1D10CA428568197FCCE70, 1AC24A8817396FA4172DC6216FBF82A1F6F8F9A1A1F87D6884FF17DCCB15C3FF ] C:\WINDOWS\system32\wsnmp32.dll
21:42:32.0296 0x0a98 C:\WINDOWS\system32\wsnmp32.dll - ok
21:42:32.0296 0x0a98 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
21:42:32.0296 0x0a98 C:\WINDOWS\system32\usbmon.dll - ok
21:42:32.0296 0x0a98 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
21:42:32.0296 0x0a98 C:\WINDOWS\system32\userinit.exe - ok
21:42:32.0296 0x0a98 [ B1296D52B0D2096EC4759EEEB806D759, 4F291E1513D5E79BD3EE54E644138468778A80D6C49DF01EA93E291897E433B5 ] C:\WINDOWS\system32\WgaTray.exe
21:42:32.0296 0x0a98 C:\WINDOWS\system32\WgaTray.exe - ok
21:42:32.0312 0x0a98 [ AC590255B6AEF7847AB6DC91DE2673A0, CF0A09E154F48FC7E800B37AF49C370C2FA243BA9F646526DA7D41E334AFB663 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
21:42:32.0312 0x0a98 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll - ok
21:42:32.0312 0x0a98 [ C7D2C931A1A2CBD3A2D335FE86303174, F58AF824B6AFD38A3D56C27A0760F7E55F0AE759DB8B4FA0D254145407EB1FCE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4x6.dll
21:42:32.0312 0x0a98 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4x6.dll - ok
21:42:32.0312 0x0a98 [ 2A356FA2650E30E139F0476979548BF6, C11BC218A72A6978E0590FD09CC0EDD8800B497441777F2A282DAF8F14F5AB76 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
21:42:32.0312 0x0a98 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
21:42:32.0328 0x0a98 [ 253FC59ADE0525A9FD42070B309EC235, 1E58BFDB28BBDB7481E17FDDEA8D53B83FFA484975942BD080AC2A9304E99D46 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp58a.dll
21:42:32.0328 0x0a98 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp58a.dll - ok
21:42:32.0328 0x0a98 [ EA8647A21BCB56C5F15712D4B7407501, E6479992B84BD336E672B0A724A3C9FB90AC28CEFD186FCC628006061C9927C0 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
21:42:32.0328 0x0a98 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
21:42:32.0328 0x0a98 [ 0E37FBFA79D349D672456923EC5FBBE3, 8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18 ] C:\WINDOWS\system32\msvcr100.dll
21:42:32.0328 0x0a98 C:\WINDOWS\system32\msvcr100.dll - ok
21:42:32.0343 0x0a98 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
21:42:32.0343 0x0a98 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
21:42:32.0343 0x0a98 [ BC83108B18756547013ED443B8CDB31B, B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671 ] C:\WINDOWS\system32\msvcp100.dll
21:42:32.0343 0x0a98 C:\WINDOWS\system32\msvcp100.dll - ok
21:42:32.0343 0x0a98 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
21:42:32.0343 0x0a98 C:\WINDOWS\explorer.exe - ok
21:42:32.0343 0x0a98 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
21:42:32.0343 0x0a98 C:\WINDOWS\system32\browseui.dll - ok
21:42:32.0359 0x0a98 [ FE2571A8C9FFAB1D45502D6B0BF472AA, 1442FC0180B555BC4F9B97B9A0D7674F75E67A6F61B87A6D690A20AE7D1EF360 ] C:\WINDOWS\system32\xp_eos.exe
21:42:32.0359 0x0a98 C:\WINDOWS\system32\xp_eos.exe - ok
21:42:32.0359 0x0a98 [ E0564E0B6D729D7D25B3C3F71CEDEC21, A8D1214580389912C70A40AE271BB2BB10EFD936310C16952AA4586C1180C642 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
21:42:32.0359 0x0a98 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
21:42:32.0359 0x0a98 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] C:\Program Files\Google\Update\GoogleUpdate.exe
21:42:32.0359 0x0a98 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
21:42:32.0375 0x0a98 [ 26CB10FA893F940AB09713FF46DCDADE, B113E03877FF2073ABAC1A7DF53A575F15915438C5EB10401FFEF7CAAEA902BC ] C:\WINDOWS\system32\shdocvw.dll
21:42:32.0375 0x0a98 C:\WINDOWS\system32\shdocvw.dll - ok
21:42:32.0375 0x0a98 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] C:\WINDOWS\system32\win32spl.dll
21:42:32.0375 0x0a98 C:\WINDOWS\system32\win32spl.dll - ok
21:42:32.0375 0x0a98 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
21:42:32.0375 0x0a98 C:\WINDOWS\system32\netrap.dll - ok
21:42:32.0375 0x0a98 [ 77E585EDD4C7EB7AB2ACC36BC1DC32A5, 57BF4D683CA66AAC2A4B7FEDF9F7FB254860BE77E1F4A6DD2C40410783B5C113 ] C:\Program Files\Google\Update\1.3.24.15\goopdate.dll
21:42:32.0375 0x0a98 C:\Program Files\Google\Update\1.3.24.15\goopdate.dll - ok
21:42:32.0390 0x0a98 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
21:42:32.0390 0x0a98 C:\WINDOWS\system32\inetpp.dll - ok
21:42:32.0390 0x0a98 [ 3F33D9CB732275D87D5E583CF87A6D3A, 9C2CB8909067517FECDE3CF69C01036AF2BC0A3D9BCFE000A361BBFCE22FCB13 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
21:42:32.0390 0x0a98 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
21:42:32.0390 0x0a98 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
21:42:32.0390 0x0a98 C:\WINDOWS\system32\cryptnet.dll - ok
21:42:32.0406 0x0a98 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
21:42:32.0406 0x0a98 C:\WINDOWS\system32\sensapi.dll - ok
21:42:32.0406 0x0a98 [ E3CD8CA170EBFE8ABAC23E7CA44B6292, CB3922E37CDFECC2693FC64285B403AB9C0FE99A2D8A48EE41091F16D5547709 ] C:\Documents and Settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll
21:42:32.0406 0x0a98 C:\Documents and Settings\Dave\Application Data\Dropbox\bin\DropboxExt.22.dll - ok
21:42:32.0406 0x0a98 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
21:42:32.0406 0x0a98 C:\WINDOWS\system32\winhttp.dll - ok
21:42:32.0406 0x0a98 [ B6E6F3F5B63053D5DC1F4EE32992492F, 089F9C92B677A138BABA4817624E8CA49B7E507B7D6FA0B1A3B4302B354B5C7E ] C:\WINDOWS\system32\dbghelp.dll
21:42:32.0406 0x0a98 C:\WINDOWS\system32\dbghelp.dll - ok
21:42:32.0421 0x0a98 [ 4C39358EBDD2FFCD9132A30E1EC31E16, 06918CF99AD26CD6CF106881C0D5BDB212DC0BAC4549805C9F5906E3D03D152C ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
21:42:32.0421 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
21:42:32.0421 0x0a98 [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
21:42:32.0421 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
21:42:32.0421 0x0a98 [ CC26451A90025F6C55F64146C333DEA5, D03CED69EEA39C6F97FBC7DC3558D52EE43EE7DE6FDC4DC8AEC57B09D64A8C82 ] C:\WINDOWS\system32\LegitCheckControl.dll
21:42:32.0421 0x0a98 C:\WINDOWS\system32\LegitCheckControl.dll - ok
21:42:32.0437 0x0a98 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
21:42:32.0437 0x0a98 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
21:42:32.0437 0x0a98 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
21:42:32.0437 0x0a98 C:\WINDOWS\system32\desk.cpl - ok
21:42:32.0437 0x0a98 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] C:\WINDOWS\system32\themeui.dll
21:42:32.0437 0x0a98 C:\WINDOWS\system32\themeui.dll - ok
21:42:32.0437 0x0a98 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
21:42:32.0437 0x0a98 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
21:42:32.0453 0x0a98 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
21:42:32.0453 0x0a98 C:\WINDOWS\system32\actxprxy.dll - ok
21:42:32.0453 0x0a98 [ 22358578CB321F3325496A3723029409, 44535E0EFC20714CEF8FFAE51294CFC6AC53F12E464E048ECD92CDC2CA54A312 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
21:42:32.0453 0x0a98 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
21:42:32.0453 0x0a98 [ F5721D7D711BF05A757662532A2EF6DA, 2E6FACEB9ECC173EB45776760F6E2E559F2BCE0BFB3C2CCCCAD14CB19203C2DD ] C:\WINDOWS\system32\PortableDeviceClassExtension.dll
21:42:32.0453 0x0a98 C:\WINDOWS\system32\PortableDeviceClassExtension.dll - ok
21:42:32.0468 0x0a98 [ FA4A79DBB0E3CA56E1F0B1FD372559A8, 87BBE8A70DB7C1E3F3A9F42112D5D3A81645FB23A4120DFB926AF7D089ACA462 ] C:\WINDOWS\system32\ieframe.dll
21:42:32.0468 0x0a98 C:\WINDOWS\system32\ieframe.dll - ok
21:42:32.0468 0x0a98 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
21:42:32.0468 0x0a98 C:\WINDOWS\system32\cmd.exe - ok
21:42:32.0468 0x0a98 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:32.0468 0x0a98 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
21:42:32.0484 0x0a98 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
21:42:32.0484 0x0a98 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
21:42:32.0484 0x0a98 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
21:42:32.0484 0x0a98 C:\WINDOWS\system32\drivers\splitter.sys - ok
21:42:32.0484 0x0a98 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
21:42:32.0484 0x0a98 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
21:42:32.0484 0x0a98 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
21:42:32.0484 0x0a98 C:\WINDOWS\system32\drivers\aec.sys - ok
21:42:32.0500 0x0a98 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
21:42:32.0500 0x0a98 C:\WINDOWS\system32\drivers\swmidi.sys - ok
21:42:32.0500 0x0a98 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\dmusic.sys
21:42:32.0500 0x0a98 C:\WINDOWS\system32\drivers\dmusic.sys - ok
21:42:32.0500 0x0a98 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
21:42:32.0500 0x0a98 C:\WINDOWS\system32\drivers\kmixer.sys - ok
21:42:32.0515 0x0a98 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
21:42:32.0515 0x0a98 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
21:42:32.0515 0x0a98 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
21:42:32.0515 0x0a98 C:\WINDOWS\system32\msacm32.drv - ok
21:42:32.0515 0x0a98 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
21:42:32.0515 0x0a98 C:\WINDOWS\system32\midimap.dll - ok
21:42:32.0515 0x0a98 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
21:42:32.0515 0x0a98 C:\WINDOWS\system32\webclnt.dll - ok
21:42:32.0531 0x0a98 [ 8181CEB341CBB2F7F893F85B915D5E15, 31C4F4E6B20B8497E6CFAD4828068FF310255AD3FB1116248CDF3BFACC0DC70B ] C:\WINDOWS\system32\drivers\MaVc2K.sys
21:42:32.0531 0x0a98 C:\WINDOWS\system32\drivers\MaVc2K.sys - ok
21:42:32.0531 0x0a98 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] C:\WINDOWS\system32\drivers\parvdm.sys
21:42:32.0531 0x0a98 C:\WINDOWS\system32\drivers\parvdm.sys - ok
21:42:32.0531 0x0a98 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:42:32.0531 0x0a98 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
21:42:32.0546 0x0a98 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC, 372AF797353F9335915CD06D4076BAB8410775DCAF2DAC0593197D7C41BBFFB2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
21:42:32.0546 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
21:42:32.0546 0x0a98 [ 80942B137077DA7D2375B3041DA9127F, B3EB3C63A8E1EB55C2F3AEF975E3C9638A2BFF6F5C2D10FF16E7B5E12EE75BE7 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
21:42:32.0546 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
21:42:32.0546 0x0a98 [ 6D41F6AA35220E7A54543075B27E8F83, 3350373F3443954B4DABE39955FD9B3C7FC223B73CC1429793A920ED17FB8A06 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
21:42:32.0546 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
21:42:32.0546 0x0a98 [ 6953E980ADCA0BE816C7FF463695499A, 86FF463C3997B790BC6CFE8D5605FE858BF0FF841A61481C8890C7EFCEE28351 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
21:42:32.0546 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
21:42:32.0562 0x0a98 [ 54152706627F5F33952340D90ADA50EE, 5D7F240B054AD448B24E339E00C4A2C6ECC65F6CF43CB8C76ACDC4486CDF34EA ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
21:42:32.0562 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
21:42:32.0562 0x0a98 [ 397D14958D6C9C2B365469A857B2AC4E, 1465D7DC50A27A2C75FFC477E8A453B0884D1E298F804233483B63A47634B7EA ] C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
21:42:32.0562 0x0a98 C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe - ok
21:42:32.0562 0x0a98 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] C:\WINDOWS\system32\mstask.dll
21:42:32.0562 0x0a98 C:\WINDOWS\system32\mstask.dll - ok
21:42:32.0578 0x0a98 [ 78865ABC5F5D13190F8B35BD9044714A, A16E0158129AE76AE459D9424D246C01ECECCC87A27C40D8DB0232330D2F5458 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
21:42:32.0578 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
21:42:32.0578 0x0a98 [ FF9831030678C7B6D70BAC00F68F8976, BFA9DA98F93910B8FE09EA06F917AB1F5435FCE9F786EABDF1970E19B2C63FDC ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
21:42:32.0578 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
21:42:32.0578 0x0a98 [ E5B6D88B36BDDAD5039764FBF80284DD, DAEA4712E2ACA7055279DFFEF317FCEE923AC240D7FC26419B1DCEA48CA832B1 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
21:42:32.0578 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
21:42:32.0593 0x0a98 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
21:42:32.0593 0x0a98 C:\WINDOWS\system32\cabinet.dll - ok
21:42:32.0593 0x0a98 [ 1D75BC73585969F41BA7EF0C882DFF2B, 86DD31172DAAAAB5F7848ADA46A8848F891D413E84FAF732C7F4DE16526AAC9F ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
21:42:32.0593 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
21:42:32.0593 0x0a98 [ FC7A868DECC3AB027F29178EC8A7F252, 69623FF219EDF12CC0A49E7FFE9AFBB5E09EE2F6FA7A29DBF190AFB7592D9DE6 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
21:42:32.0593 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
21:42:32.0593 0x0a98 [ F6FD367C9EAAEDF90CD7A7952AE0B336, 65DF0688F18EC3DEC27E725DC3A2F0D656F321832BDFA45253C0933620214AAF ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
21:42:32.0593 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
21:42:32.0609 0x0a98 [ 4D9B3DFBAB2EA93B594B74D47E0B4E5D, 01DD03D27E27BC7E8B454543C36F83D9F71BD7A17D39D72B815DA5F5AFF115BF ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
21:42:32.0609 0x0a98 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
21:42:32.0609 0x0a98 [ 062373995EAE5F0EAC9EAA9192136BFB, 0392D5656BD677C4C5CB74C96E7B85B0867F2535A37950AEC7F5C4A1A70D19AE ] C:\WINDOWS\system32\dnssd.dll
21:42:32.0609 0x0a98 C:\WINDOWS\system32\dnssd.dll - ok
21:42:32.0609 0x0a98 [ 54AB078660E536DA72B21A27F56B035B, 41FA4D644EBC12AC8768D3D0EC12FF4E31FE0A7FE5E049432132710A1ED4E500 ] C:\WINDOWS\system32\drivers\ASPI32.SYS
21:42:32.0609 0x0a98 C:\WINDOWS\system32\drivers\ASPI32.SYS - ok
21:42:32.0625 0x0a98 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] C:\Program Files\Bonjour\mDNSResponder.exe
21:42:32.0625 0x0a98 C:\Program Files\Bonjour\mDNSResponder.exe - ok
21:42:32.0625 0x0a98 [ FBDC1D23E595C22805BFE35D677732DA, C2D17DB780F45D408AC14296B4CE2F4C32CDC479599DCB176CA7708A57CDA5A2 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
21:42:32.0625 0x0a98 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
21:42:32.0625 0x0a98 [ A84509C6AB1C764C592F192AA89DA830, 1A6DA207875BF886BDB93725BC87C2137543D9DD6B0CAD49A2A0B78C90735801 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
21:42:32.0625 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
21:42:32.0625 0x0a98 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:42:32.0625 0x0a98 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
21:42:32.0640 0x0a98 [ A7DDDDE163F16AB49DF3DE9EEC715495, 00F83712F55C4B54F5B54595CDA2BCCDFCB72F0B31EED8274F87232106995EA6 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
21:42:32.0640 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
21:42:32.0640 0x0a98 [ E5F7C30EDF0892667933BE879F067D67, E4BA45F4C6C74A0CDE9B12A00C91E2F5EF83536C89C9053DEC507CBB4F130A12 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
21:42:32.0640 0x0a98 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
21:42:32.0640 0x0a98 [ 08A73B0E7EE6E32983B5F9E540A8E380, D9FC89B19C9131C2246D82942D5E6A09F20CB488C26EF007695F1CABB53C8F91 ] C:\WINDOWS\system32\mscoree.dll
21:42:32.0640 0x0a98 C:\WINDOWS\system32\mscoree.dll - ok
21:42:32.0656 0x0a98 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
21:42:32.0656 0x0a98 C:\WINDOWS\system32\cryptsvc.dll - ok
21:42:32.0656 0x0a98 [ 0A855F27A1E48991D14C593CB930D2B2, 43D11DDFA64BE9A2EEB94574F21FD45334E4598506F3D5AE1446C7A0ADD10300 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
21:42:32.0656 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
21:42:32.0656 0x0a98 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
21:42:32.0656 0x0a98 C:\WINDOWS\system32\certcli.dll - ok
21:42:32.0671 0x0a98 [ 8A3D77A2FE17F8909E49B66B2BAE1270, 98CA72FEFE4364D0077287D16CD6ADBDF52E0AD84A20188431487AF548BB3C03 ] C:\WINDOWS\system32\drivers\ei2c.sys
21:42:32.0671 0x0a98 C:\WINDOWS\system32\drivers\ei2c.sys - ok
21:42:32.0671 0x0a98 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] C:\WINDOWS\system32\dmserver.dll
21:42:32.0671 0x0a98 C:\WINDOWS\system32\dmserver.dll - ok
21:42:32.0671 0x0a98 [ B284E6B52A5EFDD420B4A1AAA8137149, FCC86B193E9B1770779D6A186AC1B419D932DCB4F7346F1B51F9DD713930634D ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
21:42:32.0671 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
21:42:32.0671 0x0a98 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
21:42:32.0671 0x0a98 C:\WINDOWS\system32\ersvc.dll - ok
21:42:32.0687 0x0a98 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
21:42:32.0687 0x0a98 C:\WINDOWS\system32\es.dll - ok
21:42:32.0687 0x0a98 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:42:32.0687 0x0a98 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - ok
21:42:32.0687 0x0a98 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
21:42:32.0687 0x0a98 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
21:42:32.0703 0x0a98 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] C:\WINDOWS\system32\hidserv.dll
21:42:32.0703 0x0a98 C:\WINDOWS\system32\hidserv.dll - ok
21:42:32.0703 0x0a98 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
21:42:32.0703 0x0a98 C:\WINDOWS\system32\hid.dll - ok
21:42:32.0703 0x0a98 [ 7244F63DB8EA883B3DC8E730C645D073, DB83BA959D06945CEF5CC41EDF6DBBBA5691A2F52BA1BF507B79E22A0EED7FF8 ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:42:32.0703 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
21:42:32.0718 0x0a98 [ E87885A59FDC241B6575943A75E495D9, 17837028307F57C85742036748D27E36DAE56BAD3D0F074149F758EF7B503A60 ] C:\Program Files\Java\jre7\bin\jqs.exe
21:42:32.0718 0x0a98 C:\Program Files\Java\jre7\bin\jqs.exe - ok
21:42:32.0718 0x0a98 [ 4806BE4CA46DBAEBD015BE6A2B5884FF, F62670E77DAF392467EF494092F286861A9B31B46EA4432781A5D0FFF5A01D0D ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
21:42:32.0718 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
21:42:32.0718 0x0a98 [ BF38660A9125935658CFA3E53FDC7D65, 60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA ] C:\Program Files\Java\jre7\bin\msvcr100.dll
21:42:32.0718 0x0a98 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
21:42:32.0718 0x0a98 [ 62CF83A6989312A0DD39BBFFB3D1C166, 05FB7F06444B4958BE3EFC6909614D516BE5FE3929E0F58D2C13C2A211C1F86A ] C:\WINDOWS\system32\pdh.dll
21:42:32.0718 0x0a98 C:\WINDOWS\system32\pdh.dll - ok
21:42:32.0734 0x0a98 [ 369F7B1A4F358B976176556A1A331F36, 65A60C4C5D816D53DDAA208FEEDD4F8C185A77BACB8736EADCAE2F454C8FFC08 ] C:\WINDOWS\system32\odbcbcp.dll
21:42:32.0734 0x0a98 C:\WINDOWS\system32\odbcbcp.dll - ok
21:42:32.0734 0x0a98 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
21:42:32.0734 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe - ok
21:42:32.0734 0x0a98 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] C:\WINDOWS\system32\srvsvc.dll
21:42:32.0734 0x0a98 C:\WINDOWS\system32\srvsvc.dll - ok
21:42:32.0734 0x0a98 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
21:42:32.0734 0x0a98 C:\WINDOWS\system32\netmsg.dll - ok
21:42:32.0750 0x0a98 [ ABFB673B24A9B3287761D497529FB5B9, FD0DEC392BE1632C33E90981D799DD5C11C9D257F0B1D3190FA32658EB706F0A ] C:\WINDOWS\system32\perfdisk.dll
21:42:32.0750 0x0a98 C:\WINDOWS\system32\perfdisk.dll - ok
21:42:32.0750 0x0a98 [ ACDAFCD14EC0ECE89198503746A5C147, F90876961B6966915C4A1847F91F45282FFA48140D01503EF9013E774661C4E8 ] C:\WINDOWS\system32\perfos.dll
21:42:32.0750 0x0a98 C:\WINDOWS\system32\perfos.dll - ok
21:42:32.0750 0x0a98 [ 9B48E38C35F08FA831B387A0B27C40AA, A36F22314DC6D183DE1853FCAB4ED8A9C7A851B62F34A7DD5E059B6485B34C2C ] C:\Program Files\Malwarebytes Anti-Malware\mbamsrv.dll
21:42:32.0750 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbamsrv.dll - ok
21:42:32.0765 0x0a98 [ 30490EED6A1E20E8259C0B9C58F488FE, C8CE687EFFED31AD75D79A52D49E83F39BEE5FD9A1A67EC586BA930650A73D6C ] C:\Program Files\Malwarebytes Anti-Malware\QtCore4.dll
21:42:32.0765 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\QtCore4.dll - ok
21:42:32.0765 0x0a98 [ E4B829081E639E42985853BAE754A53D, C94E8E6CE2999ED05D6738A2498F1FD521CE68466CDD3EDC3DDAD71278497879 ] C:\Program Files\Malwarebytes Anti-Malware\msvcp100.dll
21:42:32.0765 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\msvcp100.dll - ok
21:42:32.0765 0x0a98 [ 80FCEDBE920E9CBE30D9D3665BD6EFED, 5BCA95D4EADADE3046F5F95F9FAD97DF585638B49CCA2184BD0157AE374727C8 ] C:\Program Files\Malwarebytes Anti-Malware\msvcr100.dll
21:42:32.0765 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\msvcr100.dll - ok
21:42:32.0765 0x0a98 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
21:42:32.0765 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe - ok
21:42:32.0781 0x0a98 [ F722FA26739EAFCBD8D5F3829B632CD7, 8C7356AFF03748C4D565F3B6CBD4E289910253A3CA6CAE3A118F2C7E419CF649 ] C:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll
21:42:32.0781 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbamcore.dll - ok
21:42:32.0781 0x0a98 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] C:\WINDOWS\system32\HPZinw12.dll
21:42:32.0781 0x0a98 C:\WINDOWS\system32\HPZinw12.dll - ok
21:42:32.0781 0x0a98 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
21:42:32.0781 0x0a98 C:\WINDOWS\system32\netman.dll - ok
21:42:32.0796 0x0a98 [ 89007B160D58993FA18B87A9F48B3AF3, FB12FBBA04EC736BB76A23FBE815596AB5C3F783589F891082EA46D31C58AB68 ] C:\WINDOWS\system32\nvsvc32.exe
21:42:32.0796 0x0a98 C:\WINDOWS\system32\nvsvc32.exe - ok
21:42:32.0796 0x0a98 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
21:42:32.0796 0x0a98 C:\WINDOWS\system32\netshell.dll - ok
21:42:32.0796 0x0a98 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
21:42:32.0796 0x0a98 C:\WINDOWS\system32\credui.dll - ok
21:42:32.0812 0x0a98 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
21:42:32.0812 0x0a98 C:\WINDOWS\system32\dot3dlg.dll - ok
21:42:32.0812 0x0a98 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
21:42:32.0812 0x0a98 C:\WINDOWS\system32\onex.dll - ok
21:42:32.0812 0x0a98 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
21:42:32.0812 0x0a98 C:\WINDOWS\system32\eappcfg.dll - ok
21:42:32.0812 0x0a98 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
21:42:32.0812 0x0a98 C:\WINDOWS\system32\eappprxy.dll - ok
21:42:32.0828 0x0a98 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
21:42:32.0828 0x0a98 C:\WINDOWS\system32\wzcsapi.dll - ok
21:42:32.0828 0x0a98 [ 68A845057391FD4E2539DB42B2BFDC54, 12028FA7F1D2AAE584F7CEA27216BED3B25B10F11476969A0545F2B3AC8F5BA2 ] C:\WINDOWS\system32\nvcpl.dll
21:42:32.0828 0x0a98 C:\WINDOWS\system32\nvcpl.dll - ok
21:42:32.0828 0x0a98 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
21:42:32.0828 0x0a98 C:\WINDOWS\system32\ipsecsvc.dll - ok
21:42:32.0843 0x0a98 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] C:\WINDOWS\system32\HPZipm12.dll
21:42:32.0843 0x0a98 C:\WINDOWS\system32\HPZipm12.dll - ok
21:42:32.0843 0x0a98 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] C:\WINDOWS\system32\oakley.dll
21:42:32.0843 0x0a98 C:\WINDOWS\system32\oakley.dll - ok
21:42:32.0843 0x0a98 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
21:42:32.0843 0x0a98 C:\WINDOWS\system32\winipsec.dll - ok
21:42:32.0843 0x0a98 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:42:32.0843 0x0a98 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
21:42:32.0859 0x0a98 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
21:42:32.0859 0x0a98 C:\WINDOWS\system32\psbase.dll - ok
21:42:32.0859 0x0a98 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] C:\WINDOWS\system32\pstorsvc.dll
21:42:32.0859 0x0a98 C:\WINDOWS\system32\pstorsvc.dll - ok
21:42:32.0859 0x0a98 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
21:42:32.0859 0x0a98 C:\WINDOWS\system32\dssenh.dll - ok
21:42:32.0875 0x0a98 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] C:\WINDOWS\system32\drivers\secdrv.sys
21:42:32.0875 0x0a98 C:\WINDOWS\system32\drivers\secdrv.sys - ok
21:42:32.0875 0x0a98 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] C:\WINDOWS\system32\regsvc.dll
21:42:32.0875 0x0a98 C:\WINDOWS\system32\regsvc.dll - ok
21:42:32.0875 0x0a98 [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] C:\Program Files\Secunia\PSI\sua.exe
21:42:32.0875 0x0a98 C:\Program Files\Secunia\PSI\sua.exe - ok
21:42:32.0875 0x0a98 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
21:42:32.0875 0x0a98 C:\WINDOWS\system32\seclogon.dll - ok
21:42:32.0890 0x0a98 [ 4FBC630768570E6AC35C3DE8F6EC79F5, CF4E271683AA4AADF763A5B3081B8135C9D69F2C6D9DED9C3717B085A1BF14CF ] C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
21:42:32.0890 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbam.exe - ok
21:42:32.0890 0x0a98 [ D32C2A98859CB22D57A665F15F351E7D, CD50473C7DD0E57F2784B137F3490DF710BEEAA31E4961DCC90CF6A70632B481 ] C:\Program Files\Malwarebytes Anti-Malware\mbam.dll
21:42:32.0890 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\mbam.dll - ok
21:42:32.0890 0x0a98 [ 15E21AA7D0C0C994CD565EEB96D13C20, 6B9AC59F8C17C639929E9BF911C20DA55459FA55F490E7E0CC284A9FBC077274 ] C:\Program Files\Malwarebytes Anti-Malware\QtGui4.dll
21:42:32.0890 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\QtGui4.dll - ok
21:42:32.0906 0x0a98 [ D7588D42E29080C32A003BEE465160D8, 03C23580F133C976A93F0BB5088E811BC2EC8AEB20A81FE54C9ED608B010C506 ] C:\Program Files\Malwarebytes Anti-Malware\QtNetwork4.dll
21:42:32.0906 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\QtNetwork4.dll - ok
21:42:32.0906 0x0a98 [ 97926EFA3179A0525A3F8D7CA4ECE225, 1415E7E0DAB63A147532B17771B26A1BD8C6F4AFE1ECFA91229AAD97B67C3F9E ] C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
21:42:32.0906 0x0a98 C:\Program Files\twc\medicsp2\bin\sprtsvc.exe - ok
21:42:32.0906 0x0a98 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
21:42:32.0906 0x0a98 C:\WINDOWS\system32\sens.dll - ok
21:42:32.0906 0x0a98 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
21:42:32.0906 0x0a98 C:\WINDOWS\system32\srsvc.dll - ok
21:42:32.0921 0x0a98 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
21:42:32.0921 0x0a98 C:\WINDOWS\system32\wiaservc.dll - ok
21:42:32.0921 0x0a98 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] C:\WINDOWS\system32\trkwks.dll
21:42:32.0921 0x0a98 C:\WINDOWS\system32\trkwks.dll - ok
21:42:32.0921 0x0a98 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
21:42:32.0921 0x0a98 C:\WINDOWS\system32\mscms.dll - ok
21:42:32.0937 0x0a98 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
21:42:32.0937 0x0a98 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
21:42:32.0937 0x0a98 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
21:42:32.0937 0x0a98 C:\WINDOWS\system32\vssapi.dll - ok
21:42:32.0937 0x0a98 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
21:42:32.0937 0x0a98 C:\WINDOWS\system32\wuauserv.dll - ok
21:42:32.0953 0x0a98 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\WINDOWS\system32\wuaueng.dll
21:42:32.0953 0x0a98 C:\WINDOWS\system32\wuaueng.dll - ok
21:42:32.0953 0x0a98 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
21:42:32.0953 0x0a98 C:\WINDOWS\system32\mspatcha.dll - ok
21:42:32.0953 0x0a98 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
21:42:32.0953 0x0a98 C:\WINDOWS\system32\ipnathlp.dll - ok
21:42:32.0953 0x0a98 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
21:42:32.0953 0x0a98 C:\WINDOWS\system32\wscsvc.dll - ok
21:42:32.0968 0x0a98 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\WINDOWS\system32\wups.dll
21:42:32.0968 0x0a98 C:\WINDOWS\system32\wups.dll - ok
21:42:32.0968 0x0a98 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\WINDOWS\system32\wups2.dll
21:42:32.0968 0x0a98 C:\WINDOWS\system32\wups2.dll - ok
21:42:32.0968 0x0a98 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
21:42:32.0968 0x0a98 C:\WINDOWS\system32\comsvcs.dll - ok
21:42:32.0968 0x0a98 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
21:42:32.0968 0x0a98 C:\WINDOWS\system32\colbact.dll - ok
21:42:32.0984 0x0a98 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
21:42:32.0984 0x0a98 C:\WINDOWS\system32\mtxclu.dll - ok
21:42:32.0984 0x0a98 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
21:42:32.0984 0x0a98 C:\WINDOWS\system32\clusapi.dll - ok
21:42:32.0984 0x0a98 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
21:42:32.0984 0x0a98 C:\WINDOWS\system32\resutils.dll - ok
21:42:33.0000 0x0a98 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
21:42:33.0000 0x0a98 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
21:42:33.0000 0x0a98 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
21:42:33.0000 0x0a98 C:\WINDOWS\system32\wbem\esscli.dll - ok
21:42:33.0000 0x0a98 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
21:42:33.0000 0x0a98 C:\WINDOWS\system32\wbem\fastprox.dll - ok
21:42:33.0000 0x0a98 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
21:42:33.0000 0x0a98 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
21:42:33.0015 0x0a98 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
21:42:33.0015 0x0a98 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
21:42:33.0015 0x0a98 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
21:42:33.0015 0x0a98 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
21:42:33.0015 0x0a98 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] C:\WINDOWS\system32\wuauclt.exe
21:42:33.0015 0x0a98 C:\WINDOWS\system32\wuauclt.exe - ok
21:42:33.0031 0x0a98 [ F00AA02110EDBCC52A3303E0EDC0147C, 04CD7A210A9B3305A6637ED16D73F5BDC2B973A97519F7442861290F58A1D969 ] C:\WINDOWS\system32\hpwwiax2.dll
21:42:33.0031 0x0a98 C:\WINDOWS\system32\hpwwiax2.dll - ok
21:42:33.0031 0x0a98 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
21:42:33.0031 0x0a98 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
21:42:33.0031 0x0a98 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
21:42:33.0031 0x0a98 C:\WINDOWS\system32\wbem\wbemess.dll - ok
21:42:33.0031 0x0a98 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\WINDOWS\system32\wuapi.dll
21:42:33.0031 0x0a98 C:\WINDOWS\system32\wuapi.dll - ok
21:42:33.0046 0x0a98 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
21:42:33.0046 0x0a98 C:\WINDOWS\system32\wbem\ncprov.dll - ok
21:42:33.0046 0x0a98 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
21:42:33.0046 0x0a98 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
21:42:33.0046 0x0a98 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] C:\WINDOWS\system32\termsrv.dll
21:42:33.0046 0x0a98 C:\WINDOWS\system32\termsrv.dll - ok
21:42:33.0062 0x0a98 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] C:\WINDOWS\system32\icaapi.dll
21:42:33.0062 0x0a98 C:\WINDOWS\system32\icaapi.dll - ok
21:42:33.0062 0x0a98 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] C:\WINDOWS\system32\mstlsapi.dll
21:42:33.0062 0x0a98 C:\WINDOWS\system32\mstlsapi.dll - ok
21:42:33.0062 0x0a98 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
21:42:33.0062 0x0a98 C:\WINDOWS\system32\tapisrv.dll - ok
21:42:33.0062 0x0a98 [ 31B365149665E966705ACA035162FB12, A05BC15FBB0912BDE19C01C9839FD610BAAD3584E67D2FE2F530265A457569FA ] C:\Program Files\Java\jre7\bin\awt.dll
21:42:33.0062 0x0a98 C:\Program Files\Java\jre7\bin\awt.dll - ok
21:42:33.0078 0x0a98 [ 7C9A9C86D1EB8F530F0DFE96A12E742D, B7BAEAE579A6FAE1EAF99C059C9E623691330998C9D8DBC37D7E17314ADEA0D6 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
21:42:33.0078 0x0a98 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
21:42:33.0078 0x0a98 [ 82E546C3DF73103C068170FB20AEF975, BAB19DBBE822C99C4CB0DC8E64E8A270E5D4B4F3A048D684D33AFD9C9A2133CA ] C:\Program Files\Java\jre7\bin\dcpr.dll
21:42:33.0078 0x0a98 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
21:42:33.0078 0x0a98 [ EEE1603FDFB1E9FA9C08786F022B2151, EA986287D9622ECF8BA11EFBABB03951A4AD01AB1C787B7EB6F515D12A19CA96 ] C:\Program Files\Java\jre7\bin\deploy.dll
21:42:33.0078 0x0a98 C:\Program Files\Java\jre7\bin\deploy.dll - ok
21:42:33.0093 0x0a98 [ 89698673625D9E952185D5153E832E11, 3B9AC23D3FD03178F837F17D6964A9E04FFDC0E2CC3BB53534BB03EFFA0AF858 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
21:42:33.0093 0x0a98 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
21:42:33.0093 0x0a98 [ 82312DF735AB5896BED807BBC784D0EF, 389CA1F5903A8CD878463F8A6FAF4AA3149B1FDD448733C75D38421685C5D2A1 ] C:\Program Files\Java\jre7\bin\java.dll
21:42:33.0093 0x0a98 C:\Program Files\Java\jre7\bin\java.dll - ok
21:42:33.0093 0x0a98 [ ECB3AB701D6E26F5E54C58957E34E719, AA82DF2210BC7A9D05E8D070544DF016478C046D6F04DFFCC22CDE3B43A4B1F6 ] C:\Program Files\Java\jre7\bin\javaw.exe
21:42:33.0093 0x0a98 C:\Program Files\Java\jre7\bin\javaw.exe - ok
21:42:33.0093 0x0a98 [ 4BADC60C2D6AD780287F98EE5D364C7A, F6B8F5223ACD46D6CA79851DBCB39C15E8D0C20C30A161FE507E171A5E7EF7F8 ] C:\Program Files\Java\jre7\bin\jp2native.dll
21:42:33.0109 0x0a98 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
21:42:33.0109 0x0a98 [ 66342F1FAE4F8E366531938EC6C8A232, F0EDBFD63A2EDC7A784258E3408088352786707500EB206522839E2FD83A95FA ] C:\Program Files\Java\jre7\bin\jpeg.dll
21:42:33.0109 0x0a98 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
21:42:33.0109 0x0a98 [ 1C0D269E3ABA99C6B986736D92157DDF, 561FD36788738D5BE1278AF74D41948B63DAD56B6A5933D55160F677260E2687 ] C:\Program Files\Java\jre7\bin\net.dll
21:42:33.0109 0x0a98 C:\Program Files\Java\jre7\bin\net.dll - ok
21:42:33.0109 0x0a98 [ 3D6926234DC39E76D0559E19EE3CAA92, 8EC51F37C234265B83FFFC3591BD93A51797D6F8A060606007D10ECD34D6840D ] C:\Program Files\Java\jre7\bin\nio.dll
21:42:33.0109 0x0a98 C:\Program Files\Java\jre7\bin\nio.dll - ok
21:42:33.0125 0x0a98 [ 96259295C6939AFFC49EF494D99C089B, A15300E6811237FC41AA203BA29367A6350995C0722E454DF38D5BE66081A5D9 ] C:\Program Files\Java\jre7\bin\verify.dll
21:42:33.0125 0x0a98 C:\Program Files\Java\jre7\bin\verify.dll - ok
21:42:33.0125 0x0a98 [ CD45747240B888AC6CC0A28F19BF5044, 8D9C2AF7918961EB5551710986994BB4AD5D96EDF8D696C4E379BC091BE87B26 ] C:\Program Files\Java\jre7\bin\zip.dll
21:42:33.0125 0x0a98 C:\Program Files\Java\jre7\bin\zip.dll - ok
21:42:33.0125 0x0a98 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{AEA1063C-C9DF-4744-B4AF-5102637958AD}.exe
21:42:33.0125 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{AEA1063C-C9DF-4744-B4AF-5102637958AD}.exe - ok
21:42:33.0140 0x0a98 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
21:42:33.0140 0x0a98 C:\WINDOWS\system32\mlang.dll - ok
21:42:33.0140 0x0a98 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
21:42:33.0140 0x0a98 C:\WINDOWS\system32\linkinfo.dll - ok
21:42:33.0140 0x0a98 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
21:42:33.0140 0x0a98 C:\WINDOWS\system32\ntshrui.dll - ok
21:42:33.0156 0x0a98 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
21:42:33.0156 0x0a98 C:\WINDOWS\system32\verclsid.exe - ok
21:42:33.0156 0x0a98 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{660C64E7-54F8-4303-BD1A-0349653A5B88}.tmp
21:42:33.0156 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{660C64E7-54F8-4303-BD1A-0349653A5B88}.tmp - ok
21:42:33.0156 0x0a98 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{02D0DA78-658C-431E-9CD3-DB9DBE29862F}.tmp
21:42:33.0156 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{02D0DA78-658C-431E-9CD3-DB9DBE29862F}.tmp - ok
21:42:33.0171 0x0a98 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{F1827E4C-8932-4CF9-B43E-98464362250C}.tmp
21:42:33.0171 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{F1827E4C-8932-4CF9-B43E-98464362250C}.tmp - ok
21:42:33.0171 0x0a98 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
21:42:33.0171 0x0a98 C:\WINDOWS\system32\upnp.dll - ok
21:42:33.0171 0x0a98 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
21:42:33.0171 0x0a98 C:\Program Files\Analog Devices\Core\smax4pnp.exe - ok
21:42:33.0171 0x0a98 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
21:42:33.0171 0x0a98 C:\WINDOWS\system32\ssdpapi.dll - ok
21:42:33.0187 0x0a98 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{4966F1DB-30BD-4504-A688-38D0213110D9}.tmp
21:42:33.0187 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{4966F1DB-30BD-4504-A688-38D0213110D9}.tmp - ok
21:42:33.0187 0x0a98 [ 790490F273B0E3BCF05DC3C308ABCC0B, DD105D8BE907544DA1F06B96C01F1DB4F5DACD44F21AF73D880D8B581E18CD8A ] C:\WINDOWS\system32\dla\tfswctrl.exe
21:42:33.0187 0x0a98 C:\WINDOWS\system32\dla\tfswctrl.exe - ok
21:42:33.0187 0x0a98 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{14B2D594-D4C7-4ECF-8790-CA39D73F5FE2}.tmp
21:42:33.0187 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{14B2D594-D4C7-4ECF-8790-CA39D73F5FE2}.tmp - ok
21:42:33.0203 0x0a98 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{CCE0AB8B-D52A-4353-BEA5-EC2DBEA5DF09}.tmp
21:42:33.0203 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{CCE0AB8B-D52A-4353-BEA5-EC2DBEA5DF09}.tmp - ok
21:42:33.0203 0x0a98 [ 52B80C30225DE81D7AC989DFE7311877, B7F6704B2F1584B46E15EBB65F17EF68A0795919AAF41FE403CBA13F0027A0EF ] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
21:42:33.0203 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe - ok
21:42:33.0203 0x0a98 [ 037B1E7798960E0420003D05BB577EE6, DEE53D6D332DADD40C0CE34A425A6C0781F611765DCD4299D869F2B1EE80AE66 ] C:\WINDOWS\system32\rundll32.exe
21:42:33.0203 0x0a98 C:\WINDOWS\system32\rundll32.exe - ok
21:42:33.0203 0x0a98 [ 17CC0A9B3ABB69ED96D1EEB8117DF856, 7143D93398E8C71D0B6595CAD2A58725B4E316FEAFC550F9FC6C1F4F65B33C97 ] C:\Program Files\Analog Devices\Core\smwdmif.dll
21:42:33.0203 0x0a98 C:\Program Files\Analog Devices\Core\smwdmif.dll - ok
21:42:33.0218 0x0a98 [ B93C4070F24E46B0097648C276B5039E, 5113AAB400D456A5C11EF47E40755755F227BB4A7134C0E2C81F6199C896BD98 ] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
21:42:33.0218 0x0a98 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe - ok
21:42:33.0218 0x0a98 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{B3AFBF4F-4A7C-4F44-88A6-7545ABDDBEA7}.tmp
21:42:33.0218 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{B3AFBF4F-4A7C-4F44-88A6-7545ABDDBEA7}.tmp - ok
21:42:33.0218 0x0a98 [ B9D2D59FF389A8C824308A08665C97F2, 901F5545A9B435DEA8ADB5458AE7C9A5564083AF3F9606CC7F4DFD90DDFCCCA0 ] C:\WINDOWS\system32\Edcrypt.dll
21:42:33.0218 0x0a98 C:\WINDOWS\system32\Edcrypt.dll - ok
21:42:33.0218 0x0a98 [ F52302769ECAACFCC45A01FC6EE82288, 28D32603E5C037EABF1630385E6B2AF9E377809FC5A7C3F81C9E30882AAAD73B ] C:\WINDOWS\system32\tfswapi.dll
21:42:33.0218 0x0a98 C:\WINDOWS\system32\tfswapi.dll - ok
21:42:33.0234 0x0a98 [ 14C215962679FA00F5869291CBCA14F8, DD42290A05D670BD2896DC6AD965CEBD954C001106AB55EFFC037BC420C98B50 ] C:\WINDOWS\system32\dla\tfswcres.dll
21:42:33.0234 0x0a98 C:\WINDOWS\system32\dla\tfswcres.dll - ok
21:42:33.0234 0x0a98 [ 02CC265A18DCF41A608FC1090BA37540, F8DF688626986491A497366D41148E880329C32FBB107E396177C96D9895BF84 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
21:42:33.0234 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe - ok
21:42:33.0234 0x0a98 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{435F9595-ED2D-434E-AF8C-C4173EF722B1}.tmp
21:42:33.0234 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{435F9595-ED2D-434E-AF8C-C4173EF722B1}.tmp - ok
21:42:33.0250 0x0a98 [ 76848CB1AA5818DB47D5F5986E0A7485, 03BAB6981C6F447E41B78A96187FA619E4755C2101FF1A0B2ABF111BE53D9F92 ] C:\WINDOWS\system32\mfc42.dll
21:42:33.0250 0x0a98 C:\WINDOWS\system32\mfc42.dll - ok
21:42:33.0250 0x0a98 [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
21:42:33.0250 0x0a98 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe - ok
21:42:33.0250 0x0a98 [ 5EEB29C046539548988C85D96423429D, E6B3965BA459E119F2A34C9FA467A32EEF97873F5F54D0032954D576032CE3FC ] C:\Program Files\Common Files\Sonic\Update Manager\sus.dll
21:42:33.0250 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\sus.dll - ok
21:42:33.0265 0x0a98 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:42:33.0265 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
21:42:33.0265 0x0a98 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
21:42:33.0265 0x0a98 C:\WINDOWS\system32\netcfgx.dll - ok
21:42:33.0265 0x0a98 [ EB624E6D79393F0499BEFBABAE78684B, 12C1A7A196B627B0BE9888C8E9750ABA0AB2998A7C6947783E5711B4A4F80D65 ] C:\Program Files\Common Files\Sonic\Update Manager\vxhttp.dll
21:42:33.0265 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\vxhttp.dll - ok
21:42:33.0265 0x0a98 [ 62742C53A41BF972274BA51AE39945C4, 10FCA239D6146EE9F5E3DEFD25CB710DC03971A26C554BF4651CB8B320CA7762 ] C:\Program Files\Common Files\Sonic\Update Manager\sfcwall31.dll
21:42:33.0265 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\sfcwall31.dll - ok
21:42:33.0281 0x0a98 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{04430AA0-1615-493F-AFE2-CB9A2EE28409}.tmp
21:42:33.0281 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{04430AA0-1615-493F-AFE2-CB9A2EE28409}.tmp - ok
21:42:33.0281 0x0a98 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{5C277324-097D-469B-96B8-6FEF5D2C987F}.tmp


----------



## 7dees (Oct 4, 2009)

21:42:33.0281 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\{43202191-D445-450A-A3D7-254820AD4947}\{5C277324-097D-469B-96B8-6FEF5D2C987F}.tmp - ok
21:42:33.0281 0x0a98 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:42:33.0281 0x0a98 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
21:42:33.0296 0x0a98 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
21:42:33.0296 0x0a98 C:\WINDOWS\system32\rasmans.dll - ok
21:42:33.0296 0x0a98 [ D4931277DF5393E84A48B27DF40914E3, 35B175E750B0EFE45ECBBB692561F8D56368ADF36FC7A61A2E9EB78FF8D649B9 ] C:\WINDOWS\system32\riched32.dll
21:42:33.0296 0x0a98 C:\WINDOWS\system32\riched32.dll - ok
21:42:33.0296 0x0a98 [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] C:\Program Files\Real\RealPlayer\Update\realsched.exe
21:42:33.0296 0x0a98 C:\Program Files\Real\RealPlayer\Update\realsched.exe - ok
21:42:33.0296 0x0a98 [ DFF1FD65B50F10FB4F9DEB0BBC2F7280, EF85FAB2CE39248FC7F210213AF8CD28FEC29FE4BC1C60C65514ECDF2FAB4D9B ] C:\Program Files\Common Files\Sonic\Update Manager\trayrenu.dll
21:42:33.0296 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\trayrenu.dll - ok
21:42:33.0312 0x0a98 [ B2387FD351A3D4780A917E4C00A83310, D23AADD424B1FC3D2C3A388252EEDA05F9B05922472A74E0CF4EEE7E005EADE1 ] C:\Program Files\iTunes\iTunesHelper.exe
21:42:33.0312 0x0a98 C:\Program Files\iTunes\iTunesHelper.exe - ok
21:42:33.0312 0x0a98 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A, 52D1A8AA992AF2F727DA4B16522D604648D700997B1620CCB67D05838C127674 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
21:42:33.0312 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok
21:42:33.0312 0x0a98 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
21:42:33.0312 0x0a98 C:\WINDOWS\system32\webcheck.dll - ok
21:42:33.0328 0x0a98 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] C:\WINDOWS\system32\dsound.dll
21:42:33.0328 0x0a98 C:\WINDOWS\system32\dsound.dll - ok
21:42:33.0328 0x0a98 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
21:42:33.0328 0x0a98 C:\WINDOWS\system32\stobject.dll - ok
21:42:33.0328 0x0a98 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
21:42:33.0328 0x0a98 C:\WINDOWS\system32\oledlg.dll - ok
21:42:33.0328 0x0a98 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
21:42:33.0328 0x0a98 C:\WINDOWS\system32\batmeter.dll - ok
21:42:33.0343 0x0a98 [ 045E228F71C31901084B64BE59093499, BA463D9EC2C2D266A34DBAC542CFA0403BFB03DDF3037FBD043BB691A8E493FA ] C:\WINDOWS\system32\WPDShServiceObj.dll
21:42:33.0343 0x0a98 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
21:42:33.0343 0x0a98 [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
21:42:33.0343 0x0a98 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
21:42:33.0343 0x0a98 [ 5C4ADB808B54126C1ED2FBA0EAE06C63, E1EC1F435C5B552DF878449AE2F81F74F9A33412088F0A7A5E2FE6EF99B656C9 ] C:\WINDOWS\system32\upnpui.dll
21:42:33.0343 0x0a98 C:\WINDOWS\system32\upnpui.dll - ok
21:42:33.0359 0x0a98 [ 28A09777D2D952122567A8A82F1A2C7B, 772260DF36AE85A0619C51402DE416E0C329976B724C8E9C4F8C013CBB7C7289 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
21:42:33.0359 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok
21:42:33.0359 0x0a98 [ 538A270F35A713C360B7ED4168BB7521, 47D8784C811FCADD1E78A907AF56D3D0FA5ABE9AC7DA7CB41AF60D304CAA06BA ] C:\WINDOWS\system32\mydocs.dll
21:42:33.0359 0x0a98 C:\WINDOWS\system32\mydocs.dll - ok
21:42:33.0359 0x0a98 [ 165AE7A443F2139DD2C078AD87699F91, 7DAA39FA20AA399548FE907B0614D9AA88A2FF9C0FA7E40F51BE7A0395AF31FB ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
21:42:33.0359 0x0a98 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
21:42:33.0359 0x0a98 [ A03C933F94D952723293CD5092289BC3, 6BEAE7AA43679F8A619335097A3E4F51FE99932290E490A979DA893BFF067110 ] C:\Program Files\iTunes\iTunesHelper.dll
21:42:33.0359 0x0a98 C:\Program Files\iTunes\iTunesHelper.dll - ok
21:42:33.0375 0x0a98 [ 831F1CD855299D8C8482621C52E635C8, ED180CA6E78F8153F98FB59B00BA60C0BE5B301090F86058E1516B28F4D8C50A ] C:\WINDOWS\system32\vxblock.dll
21:42:33.0375 0x0a98 C:\WINDOWS\system32\vxblock.dll - ok
21:42:33.0375 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:33.0375 0x0a98 C:\WINDOWS\system32\ctfmon.exe - ok
21:42:33.0375 0x0a98 [ 9D45B2201D0ECF9F42136C7B99DEB8B2, 0251BE4C23EAACE2A9725243936C5E5AC4C0BCEE10EDE85017D91936FEE8CB31 ] C:\WINDOWS\system32\PortableDeviceApi.dll
21:42:33.0375 0x0a98 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
21:42:33.0390 0x0a98 [ D4A0F21A0CA8B936586F58178DCC849D, 6C2438F5B2B70B23C0CDE45E99D7D80CFEBD1A11D183C5602B04D1B01CC0E3BE ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppr332.dll
21:42:33.0390 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppr332.dll - ok
21:42:33.0390 0x0a98 [ 317C54DCAB9EE29CD4B9F55D197A90D1, 050B753DD504324CA6F36DD825B588F8DBD586440FCDA438C49BFD11D6F176EA ] C:\WINDOWS\system32\msisip.dll
21:42:33.0390 0x0a98 C:\WINDOWS\system32\msisip.dll - ok
21:42:33.0390 0x0a98 [ 3A6D465F379E5C815F4AD565391E654C, EE40580ED71282B1D5D95752DD843DCC30689196B22051AF8CDF6127B985411E ] C:\WINDOWS\system32\wshext.dll
21:42:33.0390 0x0a98 C:\WINDOWS\system32\wshext.dll - ok
21:42:33.0406 0x0a98 [ 7943A80F1A6FD37969AACD411B511F91, 6281EC7671DA42A5799C2B6DFEF587DCCD156E357A32FD701BC49D1D8761F057 ] C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
21:42:33.0406 0x0a98 C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll - ok
21:42:33.0406 0x0a98 [ 40FA2F035ED88108850757CA51DAD942, C892EDD33F20FED5E8BFDFAC9DC58799B3DBE82BA1ED191929BEBEC3B626B6B0 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
21:42:33.0406 0x0a98 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
21:42:33.0406 0x0a98 [ 679694A6E0FF1E3F75483F36072504A9, DFD72A93F4AF7F86B2EFB84BBFC7DE4CD1098A489B63849183ABC5006FC1BBA1 ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
21:42:33.0406 0x0a98 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
21:42:33.0406 0x0a98 [ 1BA45CDEF852381DA4A95D056DDB4B48, D11E537C18DE41BE9AAB8D153D5098A615E41DFDEC003A503A557503BE170FE9 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
21:42:33.0406 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
21:42:33.0421 0x0a98 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\msctf.dll
21:42:33.0421 0x0a98 C:\WINDOWS\system32\msctf.dll - ok
21:42:33.0421 0x0a98 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
21:42:33.0421 0x0a98 C:\WINDOWS\system32\msutb.dll - ok
21:42:33.0421 0x0a98 [ B0D1AE51DA367A27F8447F6846A949E2, 8576D836AB600F6EDFC4FC6D1A5FC3B28CE349A98F1B9AA2FC6A3F23D79ED291 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppui3a.dll
21:42:33.0421 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppui3a.dll - ok
21:42:33.0437 0x0a98 [ 897D719D3B4E514505985AB74D029EEF, E226FAA23E18AB0A8419D9D87311EAF0958CBA417D2E4219499339435B40612E ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
21:42:33.0437 0x0a98 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
21:42:33.0437 0x0a98 [ 337461F2DDD051EFE30B3FEB5854059E, 9B4834CD42E3267C98502B240DA55AB7F0E4991C140635C5E20DD7C50C0933BB ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
21:42:33.0437 0x0a98 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
21:42:33.0437 0x0a98 [ EB0AB6EA8A5781AF844901040A621F18, CBC691CC9BE19C6032A8AF3D31B017C160EFAD2A13C247DCE8B737F2864CFEB9 ] C:\Program Files\Real\RealPlayer\Update\setu3270.dll
21:42:33.0437 0x0a98 C:\Program Files\Real\RealPlayer\Update\setu3270.dll - ok
21:42:33.0437 0x0a98 [ 2172E043FAE957AE85DBB0B1D19E4B64, A53F7DB0A7C2ACAB24230DE139DC0B683F84BE7983BC9B5968939788F6FAF327 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdes3a.dll
21:42:33.0437 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdes3a.dll - ok
21:42:33.0453 0x0a98 [ 13DD3D51C35EBFB917D62B3482C11E31, D56EFD2507AC01158058BA3A65CB1121EFA45CA24A16FBDC4384449F201F3E7A ] C:\Program Files\Common Files\Sonic\Update Manager\dimpls\dmdimpls.dll
21:42:33.0453 0x0a98 C:\Program Files\Common Files\Sonic\Update Manager\dimpls\dmdimpls.dll - ok
21:42:33.0453 0x0a98 [ 13820B972D74B3DE4F6552A57AC799A7, B85C6840A98E93BE928A61E46F8C712874B10D942BB9A8377045623AC877F8E4 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
21:42:33.0453 0x0a98 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
21:42:33.0453 0x0a98 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\sptip.dll
21:42:33.0453 0x0a98 C:\WINDOWS\ime\sptip.dll - ok
21:42:33.0468 0x0a98 [ CCCDC7B64CFF96C977B0FADC24434628, 4E9FE8A70848B103FD551E3A770EBA71DCE945D408856EDFDC3FA6F0E9EB89FF ] C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
21:42:33.0468 0x0a98 C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe - ok
21:42:33.0468 0x0a98 [ 29ECDA17BA5E6D98430F698587569ACC, 9C37D92CCBED1F9ED4E585F98E7FB17C6AD083712B078ABCB40476310BCDB7F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
21:42:33.0468 0x0a98 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
21:42:33.0468 0x0a98 [ D95E8831CC262AC9D19274664AFAC86C, 0D01D7D640F9B0FF4C073EB81765251FA9639AB254C85CCB05AB8DFBF0EAFD52 ] C:\WINDOWS\system32\atmlib.dll
21:42:33.0468 0x0a98 C:\WINDOWS\system32\atmlib.dll - ok
21:42:33.0468 0x0a98 [ 6A1CEF0161D136DD323339D2EDF7789B, 1D2E46890B4775BCF57D0B214EA7EFE041A1EE192686B0CC044549A1EF4BA2F3 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppgraf3.dll
21:42:33.0468 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppgraf3.dll - ok
21:42:33.0484 0x0a98 [ 3F7CD7873FA942C38F9831F286698414, 5D7F7D7E999BD5A4DD0D31D5DFFC325E53F52496B14D2DA179192FDB149DCF0A ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
21:42:33.0484 0x0a98 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
21:42:33.0484 0x0a98 [ 8BFED9E4D674EED28441445B957F092B, 88A67BF781544ABE059D385423745526261FF09BD5AD6D21B4F2F41FD09E6D88 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppint3.dll
21:42:33.0484 0x0a98 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppint3.dll - ok
21:42:33.0484 0x0a98 [ 447FC81330CD96CA26459DB2E86C3630, BF58F8A394DD3343DE671757FEDD9F648B22481DB823158064844A2202D9DBA1 ] C:\Program Files\Real\RealPlayer\realplay.exe
21:42:33.0484 0x0a98 C:\Program Files\Real\RealPlayer\realplay.exe - ok
21:42:33.0500 0x0a98 [ AF81F7BA6A09119006FE041A2F2F3ECE, 3488569086A851CEC0946601C4287A7C83BE6CB82F0160F5817C873A3B16FAFA ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:42:33.0500 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
21:42:33.0500 0x0a98 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
21:42:33.0500 0x0a98 C:\WINDOWS\system32\shfolder.dll - ok
21:42:33.0500 0x0a98 [ 2EE693BE96C0D9E885CBC0FAC177D379, 893E602670925E1FDD3849FE944F48CDD04505D82F8190FF25E3C91187496C9A ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
21:42:33.0500 0x0a98 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
21:42:33.0500 0x0a98 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
21:42:33.0500 0x0a98 C:\WINDOWS\system32\rastapi.dll - ok
21:42:33.0515 0x0a98 [ 107A4D4E76BEBA6219A88B09A801E843, 24AA93581EE6DA4EC382CC343E51C422BC612F5F885BD1857B3BFCF8B1F03780 ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:42:33.0515 0x0a98 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
21:42:33.0515 0x0a98 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
21:42:33.0515 0x0a98 C:\WINDOWS\system32\unimdm.tsp - ok
21:42:33.0515 0x0a98 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] C:\WINDOWS\system32\drivers\http.sys
21:42:33.0515 0x0a98 C:\WINDOWS\system32\drivers\http.sys - ok
21:42:33.0546 0x0a98 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
21:42:33.0546 0x0a98 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
21:42:33.0546 0x0a98 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
21:42:33.0546 0x0a98 C:\WINDOWS\system32\uniplat.dll - ok
21:42:33.0546 0x0a98 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
21:42:33.0546 0x0a98 C:\WINDOWS\system32\ssdpsrv.dll - ok
21:42:33.0546 0x0a98 [ 354D0D3FA5CD831509CE97DAFF2174D5, 841C31954A3AFDC48D73144A14386124110FE5D653BD0DC9047A15F5A824AAEB ] C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
21:42:33.0546 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll - ok
21:42:33.0546 0x0a98 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] C:\WINDOWS\system32\imapi.exe
21:42:33.0546 0x0a98 C:\WINDOWS\system32\imapi.exe - ok
21:42:33.0546 0x0a98 [ 4A36E63080922A2377C3AB4B313D97B6, 11C48280A3C22A6EB59A596C8776101647280DE24D8CAB47FCE963244CC38170 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
21:42:33.0546 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc - ok
21:42:33.0546 0x0a98 [ B768327A1B2F192CAA67267A89AF3A31, 1F01C380688587E06D55BF952EC9981083F1503E6D31A127799C74371F8EE189 ] C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
21:42:33.0546 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll - ok
21:42:33.0562 0x0a98 [ C00149A7027081539A66DC5A46695EAD, 51F01CD6B37BA52B3D4DC9CAE3A9FBDDB2FA6FB6A9E779C9157BB056CEC3BEC9 ] C:\Program Files\iPod\bin\iPodService.exe
21:42:33.0562 0x0a98 C:\Program Files\iPod\bin\iPodService.exe - ok
21:42:33.0562 0x0a98 [ 19AE6CBA05B9005698A6DEDCC88F202E, 047016D4989FB1460BE11C0C22E10858E3D6598EBA31C98B8489413C1A350A9C ] C:\WINDOWS\system32\unimdmat.dll
21:42:33.0562 0x0a98 C:\WINDOWS\system32\unimdmat.dll - ok
21:42:33.0562 0x0a98 [ 6895427873D6C37A6D6DA7C3DB37DA14, 199E55B171752B32E172913BDD79D86E7298C7C6B838F871E937B5E1DF8C59F4 ] C:\WINDOWS\system32\licwmi.dll
21:42:33.0562 0x0a98 C:\WINDOWS\system32\licwmi.dll - ok
21:42:33.0562 0x0a98 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
21:42:33.0562 0x0a98 C:\WINDOWS\system32\wbem\framedyn.dll - ok
21:42:33.0578 0x0a98 [ FE4A73CDBC882A19D070F1C01586E81A, EAF450BA7E168EA41EAA7556E14CBDFCF1B96D7E57A17EC20C3BECFDA9FDFD9A ] C:\WINDOWS\system32\modemui.dll
21:42:33.0578 0x0a98 C:\WINDOWS\system32\modemui.dll - ok
21:42:33.0578 0x0a98 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
21:42:33.0578 0x0a98 C:\WINDOWS\system32\security.dll - ok
21:42:33.0578 0x0a98 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
21:42:33.0578 0x0a98 C:\WINDOWS\system32\kmddsp.tsp - ok
21:42:33.0593 0x0a98 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
21:42:33.0593 0x0a98 C:\WINDOWS\system32\ndptsp.tsp - ok
21:42:33.0593 0x0a98 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] C:\WINDOWS\system32\ksuser.dll
21:42:33.0593 0x0a98 C:\WINDOWS\system32\ksuser.dll - ok
21:42:33.0593 0x0a98 [ A693A49A67673F2C8D76797EA9A628D0, 479B6AE531EACC2A8C1B6BDE2AC1F6938753105790B0F04F81477F4CCD1C276E ] C:\WINDOWS\system32\licdll.dll
21:42:33.0593 0x0a98 C:\WINDOWS\system32\licdll.dll - ok
21:42:33.0593 0x0a98 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
21:42:33.0593 0x0a98 C:\WINDOWS\system32\ipconf.tsp - ok
21:42:33.0609 0x0a98 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
21:42:33.0609 0x0a98 C:\WINDOWS\system32\alg.exe - ok
21:42:33.0609 0x0a98 [ BD2B4C1303EE66A664C24ABE390BA80B, C85F05BF8F220D3F6978F645475BDBDFB69FD50974480CA9356F3A68EB12C238 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
21:42:33.0609 0x0a98 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
21:42:33.0609 0x0a98 [ 5E2699DCF0BDBB083049A730D3FE2497, 2E481B0EC7D64F2D099999C51ACD81EE6CEAFFBE336E6D29913E5319DB561ACD ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
21:42:33.0609 0x0a98 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
21:42:33.0625 0x0a98 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
21:42:33.0625 0x0a98 C:\WINDOWS\system32\h323.tsp - ok
21:42:33.0625 0x0a98 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
21:42:33.0625 0x0a98 C:\WINDOWS\system32\hidphone.tsp - ok
21:42:33.0625 0x0a98 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
21:42:33.0625 0x0a98 C:\WINDOWS\system32\rasppp.dll - ok
21:42:33.0625 0x0a98 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9, 8CF9C8882C1DF59E51E2D65425C595E1C37005E6F94C47EBCDEBFF991788C162 ] C:\WINDOWS\system32\msxml6.dll
21:42:33.0625 0x0a98 C:\WINDOWS\system32\msxml6.dll - ok
21:42:33.0640 0x0a98 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
21:42:33.0640 0x0a98 C:\WINDOWS\system32\ntlsapi.dll - ok
21:42:33.0640 0x0a98 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
21:42:33.0640 0x0a98 C:\WINDOWS\system32\rasqec.dll - ok
21:42:33.0640 0x0a98 [ 63ED6DEDACEDAC71005A29428C1D4382, 134E111A3126934F39BD2145191AC06A0403F82E5BA56C74D27B3064BE0AD9B1 ] C:\Documents and Settings\Dave\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
21:42:33.0640 0x0a98 C:\Documents and Settings\Dave\Application Data\Dropbox\bin\wxmsw28uh_vc.dll - ok
21:42:33.0656 0x0a98 [ FE181F58353FBE4D6D96276CE523D2CB, 249D559D19A98DB8437DD1E08FF3FB2108779440EEE52E55001BAB030C492923 ] C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
21:42:33.0656 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll - ok
21:42:33.0656 0x0a98 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
21:42:33.0656 0x0a98 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
21:42:33.0656 0x0a98 [ E5098D864BEF8822A1879A7F7282D79E, C06DC4685205972E0B3D93D5D25FCD23DCE51CCA42A867AFF9C04394B3120607 ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
21:42:33.0656 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll - ok
21:42:33.0671 0x0a98 [ 8BA0BC4503A1234917A5FEA9C8988CC0, 4B4EA4A71CAEAE050E37413B0D261195D5D254A1F160B7E49813190CEE8F2953 ] C:\Program Files\Real\RealPlayer\rpwa3260.dll
21:42:33.0671 0x0a98 C:\Program Files\Real\RealPlayer\rpwa3260.dll - ok
21:42:33.0671 0x0a98 [ 9435C1C2D2111573111367F92F208C1F, BB49ED0292602541148C0722902B628F793B5E860249968E780CBD289E60014E ] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
21:42:33.0671 0x0a98 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE - ok
21:42:33.0671 0x0a98 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
21:42:33.0671 0x0a98 C:\WINDOWS\system32\rasdlg.dll - ok
21:42:33.0671 0x0a98 [ 7E1DA97E3E188411AD25D5180E5E5CF1, 5771BE7EDE2823192DB7EB1889BA0E5A5A32FDB8BDF6E062FEB075A97FBB1120 ] C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
21:42:33.0671 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc - ok
21:42:33.0687 0x0a98 [ 6178AE08FD8DBD12AC49E98AE7DBCC46, 9A169047A7306A9CACBE660A72A329FF8D3012BA9943EA4FFAB2E1BE76A4E580 ] C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
21:42:33.0687 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll - ok
21:42:33.0687 0x0a98 [ E59F533C26C8375CD120B4791482217E, FFF66E33DB80C549BD77FAC31FA54C0C5FBD505E2BCE7DDB10B873EA4471D55F ] C:\Program Files\Malwarebytes Anti-Malware\imageformats\qgif4.dll
21:42:33.0687 0x0a98 C:\Program Files\Malwarebytes Anti-Malware\imageformats\qgif4.dll - ok
21:42:33.0687 0x0a98 [ DB0C8A9E46C6F52B397C6B4BBB1F0546, 7919E0A83B40E99F71FF072623FDED707C1EE91EB308EAD52A47158A51C3F7DB ] C:\Program Files\Sony\Content Transfer\ContentTransfer.exe
21:42:33.0687 0x0a98 C:\Program Files\Sony\Content Transfer\ContentTransfer.exe - ok
21:42:33.0703 0x0a98 [ 7E7882073B5CBE571F37240A8766418D, 7395448D63BD6E24C440C881EACD03A667FD7612B074B58DD334F2CB53D5D524 ] C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
21:42:33.0703 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll - ok
21:42:33.0703 0x0a98 [ DFFEC6479C5E00A103A44AC33A1058AA, 518C660B2F7FE29E21241780BA9C5DF2615A8F84B04D5FE500CD6BE6C1DE99A6 ] C:\WINDOWS\system32\WMVCore.dll
21:42:33.0703 0x0a98 C:\WINDOWS\system32\WMVCore.dll - ok
21:42:33.0703 0x0a98 [ 7365B5CA9747C84178D42CCA72486277, C056EA9FCDA15964409DAAEB7B6FB2C21A306AA2744B1F1A19E6277A4351BD97 ] C:\WINDOWS\system32\wmasf.dll
21:42:33.0703 0x0a98 C:\WINDOWS\system32\wmasf.dll - ok
21:42:33.0718 0x0a98 [ 9184FDC009B4F1226E3103DCED0A1B27, C5C9BAFBF509599B5ED74EA5A9A54855B221451E7FAAF6F77FFF3B3AE82C19C1 ] C:\Program Files\Sony\Content Transfer\Resources\ContentTransferResource.dll
21:42:33.0718 0x0a98 C:\Program Files\Sony\Content Transfer\Resources\ContentTransferResource.dll - ok
21:42:33.0718 0x0a98 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1, 997E33546757AFD04B084F91E2EDA623D1328ECB9F3D18BA8F62C257FFB4547D ] C:\WINDOWS\system32\httpapi.dll
21:42:33.0718 0x0a98 C:\WINDOWS\system32\httpapi.dll - ok
21:42:33.0718 0x0a98 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] C:\WINDOWS\system32\w3ssl.dll
21:42:33.0718 0x0a98 C:\WINDOWS\system32\w3ssl.dll - ok
21:42:33.0718 0x0a98 [ 4A93B65CFB514F2EA76B59568D5F39CE, E94994AC5E88579786FDB95F95661ABE93992F7DC381A8C5189AE0D02AFAA46A ] C:\WINDOWS\system32\strmfilt.dll
21:42:33.0718 0x0a98 C:\WINDOWS\system32\strmfilt.dll - ok
21:42:33.0734 0x0a98 [ CDC71D9902D36F3B7B8C72A441518E98, 5FDB0DB47BBA161E93B2192EF16E74FE824D055BF9195A7A06EF8354C85F339A ] C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
21:42:33.0734 0x0a98 C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll - ok
21:42:33.0734 0x0a98 [ 880F7ED2DF24DB14AF96C6D797958796, 294183E3E3928FC1796BDD180034F92C71DF2843877D35F75C8AA2E50600C66C ] C:\WINDOWS\system32\wbem\wbemdisp.dll
21:42:33.0734 0x0a98 C:\WINDOWS\system32\wbem\wbemdisp.dll - ok
21:42:33.0734 0x0a98 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
21:42:33.0734 0x0a98 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
21:42:33.0734 0x0a98 [ 5634C601025C31032A0AF1590B4C0CA6, 3DF781004543874DD62C78A1D60AE538FFD590F42CFBAC177810B3BB550D40DD ] C:\DOCUME~1\Dave\LOCALS~1\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq1rzts.dll
21:42:33.0734 0x0a98 C:\DOCUME~1\Dave\LOCALS~1\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq1rzts.dll - ok
21:42:33.0750 0x0a98 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0, 275821BBD4A5B853C611A5847DECA513C83E4A4B81A7999D255D55CCD820F957 ] C:\WINDOWS\system32\icm32.dll
21:42:33.0750 0x0a98 C:\WINDOWS\system32\icm32.dll - ok
21:42:33.0750 0x0a98 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
21:42:33.0750 0x0a98 C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys - ok
21:42:33.0750 0x0a98 ================ Scan generic autorun ======================
21:42:33.0828 0x0a98 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
21:42:33.0984 0x0a98 SoundMAXPnP - ok
21:42:34.0015 0x0a98 [ 790490F273B0E3BCF05DC3C308ABCC0B, DD105D8BE907544DA1F06B96C01F1DB4F5DACD44F21AF73D880D8B581E18CD8A ] C:\WINDOWS\system32\dla\tfswctrl.exe
21:42:34.0031 0x0a98 dla - detected UnsignedFile.Multi.Generic ( 1 )
21:42:36.0468 0x0a98 Detect skipped due to KSN trusted
21:42:36.0468 0x0a98 dla - ok
21:42:36.0500 0x0a98 [ 52B80C30225DE81D7AC989DFE7311877, B7F6704B2F1584B46E15EBB65F17EF68A0795919AAF41FE403CBA13F0027A0EF ] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
21:42:36.0515 0x0a98 UpdateManager - detected UnsignedFile.Multi.Generic ( 1 )
21:42:39.0250 0x0a98 Detect skipped due to KSN trusted
21:42:39.0250 0x0a98 UpdateManager - ok
21:42:39.0265 0x0a98 NvCplDaemon - ok
21:42:39.0312 0x0a98 [ B93C4070F24E46B0097648C276B5039E, 5113AAB400D456A5C11EF47E40755755F227BB4A7134C0E2C81F6199C896BD98 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
21:42:39.0328 0x0a98 HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
21:42:42.0156 0x0a98 Detect skipped due to KSN trusted
21:42:42.0156 0x0a98 HP Software Update - ok
21:42:42.0218 0x0a98 [ 02CC265A18DCF41A608FC1090BA37540, F8DF688626986491A497366D41148E880329C32FBB107E396177C96D9895BF84 ] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
21:42:42.0250 0x0a98 pdfFactory Dispatcher v3 - detected UnsignedFile.Multi.Generic ( 1 )
21:42:44.0671 0x0a98 Detect skipped due to KSN trusted
21:42:44.0671 0x0a98 pdfFactory Dispatcher v3 - ok
21:42:44.0734 0x0a98 [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
21:42:44.0765 0x0a98 ContentTransferWMDetector.exe - ok
21:42:44.0828 0x0a98 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:42:44.0843 0x0a98 APSDaemon - ok
21:42:44.0937 0x0a98 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:42:44.0984 0x0a98 Adobe ARM - ok
21:42:45.0078 0x0a98 [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] C:\Program Files\real\realplayer\update\realsched.exe
21:42:45.0093 0x0a98 TkBellExe - ok
21:42:45.0140 0x0a98 [ B2387FD351A3D4780A917E4C00A83310, D23AADD424B1FC3D2C3A388252EEDA05F9B05922472A74E0CF4EEE7E005EADE1 ] C:\Program Files\iTunes\iTunesHelper.exe
21:42:45.0156 0x0a98 iTunesHelper - ok
21:42:45.0234 0x0a98 [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
21:42:45.0250 0x0a98 SunJavaUpdateSched - ok
21:42:45.0281 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:45.0406 0x0a98 ctfmon.exe - ok
21:42:45.0421 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:45.0531 0x0a98 ctfmon.exe - ok
21:42:45.0531 0x0a98 DW7 - ok
21:42:45.0546 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:45.0671 0x0a98 ctfmon.exe - ok
21:42:45.0718 0x0a98 swg - ok
21:42:45.0937 0x0a98 [ CCEAA8D97341E1335AFC353C03456288, 2AE80C0D0AB3A6D4B4E1CE1E6322D0E5917993AA02E28C61590AE3D91334791D ] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
21:42:46.0125 0x0a98 MsnMsgr - ok
21:42:46.0375 0x0a98 [ DB06B12E8DE572AB8B8C482E3EE574F5, AAB132A61D270BAB488E69D0F608F15C1FAF5E71C8D4431B93DB70B2B178EC7B ] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
21:42:46.0593 0x0a98 Messenger (Yahoo!) - ok
21:42:46.0625 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:46.0734 0x0a98 ctfmon.exe - ok
21:42:46.0906 0x0a98 [ DB06B12E8DE572AB8B8C482E3EE574F5, AAB132A61D270BAB488E69D0F608F15C1FAF5E71C8D4431B93DB70B2B178EC7B ] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
21:42:47.0062 0x0a98 Yahoo! Pager - ok
21:42:47.0078 0x0a98 swg - ok
21:42:47.0218 0x0a98 [ CCEAA8D97341E1335AFC353C03456288, 2AE80C0D0AB3A6D4B4E1CE1E6322D0E5917993AA02E28C61590AE3D91334791D ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
21:42:47.0359 0x0a98 msnmsgr - ok
21:42:47.0375 0x0a98 Uniblue RegistryBooster 2 - ok
21:42:47.0375 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:47.0500 0x0a98 ctfmon.exe - ok
21:42:47.0687 0x0a98 [ CCEAA8D97341E1335AFC353C03456288, 2AE80C0D0AB3A6D4B4E1CE1E6322D0E5917993AA02E28C61590AE3D91334791D ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
21:42:47.0859 0x0a98 msnmsgr - ok
21:42:47.0875 0x0a98 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:42:48.0000 0x0a98 ctfmon.exe - ok
21:42:48.0187 0x0a98 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
21:42:48.0203 0x0a98 Google Update - ok
21:42:48.0203 0x0a98 Waiting for KSN requests completion. In queue: 18
21:42:49.0203 0x0a98 Waiting for KSN requests completion. In queue: 18
21:42:50.0203 0x0a98 Waiting for KSN requests completion. In queue: 18
21:42:51.0515 0x0a98 AV detected via SS1: avast! Antivirus, 5.0.150996965, disabled, updated
21:42:51.0515 0x0a98 Win FW state via NFM: enabled
21:42:54.0062 0x0a98 ============================================================
21:42:54.0062 0x0a98 Scan finished
21:42:54.0062 0x0a98 ============================================================
21:42:54.0062 0x0970 Detected object count: 7
21:42:54.0062 0x0970 Actual detected object count: 7
21:45:10.0453 0x0970 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 Ma730Pt ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 Ma730Pt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 Ma730Vad ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 Ma730Vad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:10.0453 0x0970 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:10.0453 0x0970 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

Thank you again Eddie.
7dees - Dave


----------



## 7dees (Oct 4, 2009)

Eddie - Is there any hope?


----------



## eddie5659 (Mar 19, 2001)

What the? Where did my reply go to?? I posted on Saturday, and it was there.

Okay, will post again, hang on


----------



## eddie5659 (Mar 19, 2001)

Can you run this tool, so that we can see what is left:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*ask.com*.*
*SearchFlyBar*.*
*conduit*.*
*ArcadeSafari*.*
*85D1F3B2-2A21-11D7-97B9-0010DC2A6243*.*
*0F9B4CA4-A30F-480A-841D-69B45C50A8F8*.*
*securelogin*.*
*securelogin-devel*.*
*AktiveSekurity*.*
*Viewpoint*.*
*Supreme Savings*.*
*Crossrider*.*
*protectorbho*.*
*isearch*.*
*licjnkifamhpbaefhdpacpmihicfbomb*.*
:folderfind
*ask.com*
*SearchFlyBar*
*conduit*
*ArcadeSafari*
*85D1F3B2-2A21-11D7-97B9-0010DC2A6243*
*0F9B4CA4-A30F-480A-841D-69B45C50A8F8*
*securelogin*
*securelogin-devel*
*AktiveSekurity*
*Viewpoint*
*Supreme Savings*
*Crossrider*
*protectorbho*
*isearch*
*licjnkifamhpbaefhdpacpmihicfbomb*
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1842B0EE-B597-11D4-8997-00104BD12D94} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB1D69B-A780-4BE1-876E-F3D488877135} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{428A9DEF-F057-402B-9F2D-A5887F4544ED} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} /sub
:dir
C:\WINDOWS\System32\nuhukugo /sub
:regfind
ask.com
SearchFlyBar
conduit
ArcadeSafari
85D1F3B2-2A21-11D7-97B9-0010DC2A6243
0F9B4CA4-A30F-480A-841D-69B45C50A8F8
securelogin
securelogin-devel
AktiveSekurity
Viewpoint
Supreme Savings
Crossrider
protectorbho
isearch
licjnkifamhpbaefhdpacpmihicfbomb
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

Thanks

eddie


----------



## 7dees (Oct 4, 2009)

Been having trouble with iaStor.sys blue screens. I'm not sure what to do at this point the computer will freeze. Trouble lights displayed a memory module issue so i tried new memory but that does not correct the issue. I have had it running in safe mode without networking for almost two days now and no freezing. My whole intention has been to back-up family data to DVD's or a cloud but began having the issues first reported. 
I have not attempted to complete your last set of instructions.
Please advise.


----------



## eddie5659 (Mar 19, 2001)

Sorry to hear you're having blue screens, they're not nice as I know from experience as my computer had them a while back.

Just looking through the OTL scan, and I see one thing that needs fixing. It may help, as its the same file that you're getting bluescreens with. You can do this in Safe Mode:

-----------------

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\iaStor.sys:SummaryInformation
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

---------------

Then, we have another tool that is similar to OTL (as in the length etc) but it looks at a few other things. Can you run this for me as well. If Safe Mode is still the only way, that's fine as well:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will produce a log called *FRST.txt* in the same directory the tool is run from. 
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

-----

eddie


----------



## 7dees (Oct 4, 2009)

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== OTL ==========
ADS C:\WINDOWS\System32\drivers\iaStor.sys:SummaryInformation deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.KITCHEN.003
->Temp folder emptied: 502951 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Brian

User: Dave
->Temp folder emptied: 2801879 bytes
->Temporary Internet Files folder emptied: 1915301 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 16383710 bytes
->Flash cache emptied: 506 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fred
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Terri
->Temp folder emptied: 398487 bytes
->Temporary Internet Files folder emptied: 18034547 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 90112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174649 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 21129 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 94208 bytes

Total Files Cleaned = 39.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.KITCHEN

User: Administrator.KITCHEN.001

User: Administrator.KITCHEN.002

User: Administrator.KITCHEN.003
->Flash cache emptied: 0 bytes

User: All Users

User: Brian

User: Dave
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fred
->Flash cache emptied: 0 bytes

User: Kevin

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Terri
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07222014_205158


----------



## 7dees (Oct 4, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by Administrator (administrator) on KITCHEN on 22-07-2014 21:04:30
Running from C:\Documents and Settings\Administrator.KITCHEN.003\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================
HKLM\...\RunOnce: [OTL] => C:\Documents and Settings\Dave\Desktop\OTL.exe [602112 2014-07-01] (OldTimer Tools)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-287218729-682003330-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator.KITCHEN.003 [0 2013-07-20] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator.KITCHEN.003\Application Data\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Documents and Settings\Fred\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3EF36792A407CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-07-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-14]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01]
Chrome: 
=======
CHR Extension: (Docs) - C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2006-12-19] (Adobe Systems) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
S3 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-05-16] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-29] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [139331 2004-12-15] (NVIDIA Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S2 sprtsvc_medicsp2; C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [202280 2007-03-07] (SupportSoft, Inc.)
==================== Drivers (Whitelisted) ====================
S2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2005-11-21] (Adaptec) [File not signed]
S3 bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
S2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) [File not signed]
S2 ei2c; C:\WINDOWS\system32\drivers\ei2c.sys [18224 2014-05-17] (Nicomsoft Ltd.)
S2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
S3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
S3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [60949 2004-03-05] (Intel Corporation)
S3 Ma730Pt; C:\WINDOWS\System32\DRIVERS\Ma730Pt.sys [103040 2006-09-21] (Mobile Action Technology Inc.) [File not signed]
S3 Ma730Vad; C:\WINDOWS\System32\DRIVERS\Ma730Vad.sys [23376 2005-11-22] (Mobile Action Technology Inc.) [File not signed]
S2 MaVctrl; C:\WINDOWS\System32\DRIVERS\MaVc2K.sys [11986 2007-01-16] (Mobile Action Technology Inc.) [File not signed]
S2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-20] (Malwarebytes Corporation)
S3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [3329504 2004-12-15] (NVIDIA Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R0 sonyhcb; C:\WINDOWS\System32\DRIVERS\sonyhcb.sys [6097 2001-11-05] (Sony Corporation)
S3 sonyhcs; C:\WINDOWS\System32\DRIVERS\sonyhcs.sys [299923 2001-11-05] (Sony Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 Spssys; C:\WINDOWS\System32\drivers\spssys.sys [164256 2004-05-07] (Toshiba Corporation) [File not signed]
S3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
S2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) [File not signed]
S2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) [File not signed]
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2007-08-23] (EnTech Taiwan) [File not signed]
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [12672 2007-04-09] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [21248 2007-04-09] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [22912 2007-04-09] (LG Electronics Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2099-12-31 63184:161 - 2009-03-04 21:13 - 00006456 ____H () C:\WINDOWS\system32\nuhukugo
2014-07-22 21:04 - 2014-07-22 21:04 - 00020880 _____ () C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\FRST.txt
2014-07-22 21:03 - 2014-07-22 21:04 - 00000000 ____D () C:\FRST
2014-07-22 20:58 - 2014-07-22 20:58 - 01080320 _____ (Farbar) C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\FRST.exe
2014-07-20 16:48 - 2014-07-20 16:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-03.dmp
2014-07-20 09:14 - 2014-07-20 09:14 - 00001813 _____ () C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\Google Chrome.lnk
2014-07-20 09:01 - 2014-07-20 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-02.dmp
2014-07-20 08:42 - 2014-07-20 08:42 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-16 21:34 - 2014-07-16 21:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Dave\Desktop\tdsskiller.exe
2014-07-16 21:30 - 2014-07-16 21:30 - 00078904 _____ () C:\Documents and Settings\Dave\Desktop\7dees OTL 3.Txt
2014-07-16 21:15 - 2014-07-16 21:15 - 00025718 _____ () C:\Documents and Settings\Dave\Desktop\7dees OTL 2.txt
2014-07-16 21:00 - 2014-07-16 21:00 - 00000000 ____D () C:\_OTL
2014-07-16 20:49 - 2014-07-16 20:49 - 00000000 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document (2).txt
2014-07-13 21:49 - 2014-07-13 21:54 - 00000120 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document.txt
2014-07-13 21:44 - 2014-07-13 21:43 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071314-02.dmp
2014-07-13 08:12 - 2014-07-13 08:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:49 - 2014-07-13 07:51 - 00000062 _____ () C:\Documents and Settings\Dave\Desktop\STOP notes.txt
2014-07-12 18:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-12 18:19 - 2014-07-16 20:28 - 00000000 ____D () C:\AdwCleaner
2014-07-12 18:17 - 2014-07-12 18:17 - 01348263 _____ () C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
2014-07-12 17:52 - 2014-07-12 17:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071214-01.dmp
2014-07-12 07:17 - 2014-07-12 07:17 - 20060384 _____ (SUPERAntiSpyware) C:\Documents and Settings\Dave\Desktop\SUPERAntiSpyware.exe
2014-07-08 10:44 - 2014-07-08 10:44 - 00044012 _____ () C:\Documents and Settings\Terri\Desktop\Terri Carr CLEARED TO WORK MCG.eml
2014-07-08 07:42 - 2014-07-08 07:42 - 00000817 _____ () C:\Documents and Settings\Terri\Desktop\Shortcut to Brown_Carr_ Family.lnk
2014-07-08 05:43 - 2014-07-08 05:43 - 00023746 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document123.txt
2014-07-08 05:42 - 2014-07-08 05:42 - 00023746 _____ () C:\Documents and Settings\Dave\Desktop\123.txt
2014-07-07 21:30 - 2014-07-22 21:04 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00023746 _____ () C:\ComboFix.txt
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.002\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.001\Local Settings\temp
2014-07-07 20:41 - 2014-07-07 20:41 - 00000000 _RSHD () C:\cmdcons
2014-07-07 20:37 - 2014-07-07 21:30 - 00000000 ____D () C:\Qoobox
2014-07-07 20:37 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-07-07 20:37 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-07-07 20:37 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-07-07 20:37 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-07-07 20:26 - 2014-07-07 20:26 - 05215766 ____R (Swearware) C:\Documents and Settings\Dave\Desktop\username123.exe
2014-07-07 11:32 - 2014-07-07 11:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-01 22:58 - 2014-07-16 21:27 - 00078904 _____ () C:\Documents and Settings\Dave\Desktop\OTL.Txt
2014-07-01 22:12 - 2014-07-01 22:12 - 00000152 _____ () C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
2014-07-01 21:58 - 2014-07-01 21:58 - 00066590 _____ () C:\Documents and Settings\Dave\Desktop\7Dees Extras.Txt
2014-07-01 21:57 - 2014-07-01 21:57 - 02458146 _____ () C:\Documents and Settings\Dave\Desktop\7Dees OTL.Txt
2014-07-01 20:54 - 2014-07-01 20:55 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Dave\Desktop\OTL.exe
2014-06-29 16:54 - 2014-06-29 16:53 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-29 16:54 - 2014-06-29 16:53 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-29 16:53 - 2014-06-29 16:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-29 16:53 - 2014-06-29 16:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-29 16:53 - 2014-06-29 16:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-29 16:53 - 2014-06-29 16:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-29 16:38 - 2014-06-29 16:38 - 29405096 _____ (Oracle Corporation) C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
2014-06-29 15:55 - 2014-06-29 15:54 - 00094208 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
==================== One Month Modified Files and Folders =======
2014-07-22 21:04 - 2014-07-22 21:04 - 00020880 _____ () C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\FRST.txt
2014-07-22 21:04 - 2014-07-22 21:03 - 00000000 ____D () C:\FRST
2014-07-22 21:04 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\temp
2014-07-22 21:02 - 2006-01-18 20:34 - 00000278 ___SH () C:\Documents and Settings\Dave\ntuser.ini
2014-07-22 21:01 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-22 21:00 - 2006-01-18 20:34 - 00000000 ____D () C:\Documents and Settings\Dave\Local Settings\Temp
2014-07-22 20:58 - 2014-07-22 20:58 - 01080320 _____ (Farbar) C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\FRST.exe
2014-07-22 20:52 - 2006-01-19 03:38 - 00000000 ____D () C:\Documents and Settings\Terri\Local Settings\Temp
2014-07-22 20:52 - 2006-01-18 20:26 - 01461219 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 20:46 - 2008-06-29 14:27 - 00000000 __SHD () C:\WINDOWS\CSC
2014-07-20 19:38 - 2009-04-15 03:37 - 00928100 _____ () C:\WINDOWS\setupapi.log
2014-07-20 19:02 - 2009-11-22 10:42 - 00005632 ___SH () C:\Documents and Settings\Dave\Desktop\Thumbs.db
2014-07-20 19:00 - 2009-11-01 19:05 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job
2014-07-20 18:54 - 2010-06-18 17:15 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job
2014-07-20 18:50 - 2014-04-05 20:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 18:50 - 2014-04-05 19:01 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-20 18:50 - 2013-06-23 08:44 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
2014-07-20 18:50 - 2013-05-27 13:36 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
2014-07-20 18:50 - 2013-01-24 23:58 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
2014-07-20 18:50 - 2010-03-29 13:51 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job
2014-07-20 18:50 - 2010-03-29 01:32 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job
2014-07-20 18:50 - 2010-03-23 14:43 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job
2014-07-20 18:50 - 2010-03-13 16:25 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job
2014-07-20 18:50 - 2010-03-13 12:53 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job
2014-07-20 18:50 - 2010-02-04 22:55 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 18:50 - 2006-01-18 20:30 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-20 18:50 - 2006-01-18 20:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-20 18:50 - 2006-01-18 15:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-20 18:50 - 2006-01-18 15:19 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-20 17:20 - 2012-04-01 19:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 17:04 - 2010-02-04 22:55 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 16:48 - 2006-02-20 10:22 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-20 16:47 - 2014-07-20 16:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-03.dmp
2014-07-20 14:53 - 2011-06-22 11:26 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-07-20 09:14 - 2014-07-20 09:14 - 00001813 _____ () C:\Documents and Settings\Administrator.KITCHEN.003\Desktop\Google Chrome.lnk
2014-07-20 09:01 - 2014-07-20 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-02.dmp
2014-07-20 08:45 - 2014-04-13 21:05 - 00000000 ___RD () C:\Documents and Settings\Dave\My Documents\Dropbox
2014-07-20 08:45 - 2014-04-13 21:02 - 00000000 ____D () C:\Documents and Settings\Dave\Application Data\DropboxMaster
2014-07-20 08:45 - 2014-04-13 21:01 - 00000000 ____D () C:\Documents and Settings\Dave\Application Data\Dropbox
2014-07-20 08:45 - 2012-12-24 14:54 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
2014-07-20 08:42 - 2014-07-20 08:42 - 00094208 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-19 19:12 - 2006-01-19 03:38 - 00000278 ___SH () C:\Documents and Settings\Terri\ntuser.ini
2014-07-19 15:54 - 2010-03-29 13:51 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job
2014-07-19 13:13 - 2014-04-29 11:00 - 00000000 ____D () C:\Documents and Settings\Terri\My Documents\Motorcycle Safety Foundation - RiderCourse Enrollment System_files
2014-07-19 13:13 - 2006-05-21 08:28 - 00633856 ___SH () C:\Documents and Settings\Terri\My Documents\Thumbs.db
2014-07-16 21:44 - 2011-04-30 21:39 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job
2014-07-16 21:34 - 2014-07-16 21:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Dave\Desktop\tdsskiller.exe
2014-07-16 21:30 - 2014-07-16 21:30 - 00078904 _____ () C:\Documents and Settings\Dave\Desktop\7dees OTL 3.Txt
2014-07-16 21:27 - 2014-07-01 22:58 - 00078904 _____ () C:\Documents and Settings\Dave\Desktop\OTL.Txt
2014-07-16 21:15 - 2014-07-16 21:15 - 00025718 _____ () C:\Documents and Settings\Dave\Desktop\7dees OTL 2.txt
2014-07-16 21:11 - 2006-01-18 20:34 - 00000000 ____D () C:\Documents and Settings\Dave
2014-07-16 21:03 - 2006-01-19 03:58 - 00000000 ____D () C:\Documents and Settings\Fred\Local Settings\Temp
2014-07-16 21:00 - 2014-07-16 21:00 - 00000000 ____D () C:\_OTL
2014-07-16 20:49 - 2014-07-16 20:49 - 00000000 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document (2).txt
2014-07-16 20:28 - 2014-07-12 18:19 - 00000000 ____D () C:\AdwCleaner
2014-07-16 09:47 - 2012-12-25 14:11 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
2014-07-16 07:57 - 2014-04-13 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-14 22:25 - 2006-01-19 03:38 - 00000000 ____D () C:\Documents and Settings\Terri
2014-07-13 21:54 - 2014-07-13 21:49 - 00000120 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document.txt
2014-07-13 21:54 - 2014-05-17 20:53 - 00040746 _____ () C:\Documents and Settings\Dave\Desktop\ark.txt.txt
2014-07-13 21:43 - 2014-07-13 21:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071314-02.dmp
2014-07-13 08:12 - 2014-07-13 08:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:51 - 2014-07-13 07:49 - 00000062 _____ () C:\Documents and Settings\Dave\Desktop\STOP notes.txt
2014-07-12 18:17 - 2014-07-12 18:17 - 01348263 _____ () C:\Documents and Settings\Dave\Desktop\AdwCleaner.exe
2014-07-12 17:52 - 2014-07-12 17:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini071214-01.dmp
2014-07-12 11:29 - 2010-03-13 12:53 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job
2014-07-12 07:17 - 2014-07-12 07:17 - 20060384 _____ (SUPERAntiSpyware) C:\Documents and Settings\Dave\Desktop\SUPERAntiSpyware.exe
2014-07-10 22:58 - 2013-01-24 23:58 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
2014-07-10 22:58 - 2010-03-23 14:43 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job
2014-07-10 03:06 - 2013-07-13 13:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 03:00 - 2009-03-17 03:00 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 07:20 - 2012-04-01 19:32 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 07:20 - 2011-05-15 10:28 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 10:44 - 2014-07-08 10:44 - 00044012 _____ () C:\Documents and Settings\Terri\Desktop\Terri Carr CLEARED TO WORK MCG.eml
2014-07-08 07:42 - 2014-07-08 07:42 - 00000817 _____ () C:\Documents and Settings\Terri\Desktop\Shortcut to Brown_Carr_ Family.lnk
2014-07-08 05:43 - 2014-07-08 05:43 - 00023746 _____ () C:\Documents and Settings\Dave\Desktop\New Text Document123.txt
2014-07-08 05:42 - 2014-07-08 05:42 - 00023746 _____ () C:\Documents and Settings\Dave\Desktop\123.txt
2014-07-07 22:30 - 2010-03-29 01:32 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job
2014-07-07 21:30 - 2014-07-07 21:30 - 00023746 _____ () C:\ComboFix.txt
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.002\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 21:30 - 00000000 ____D () C:\Documents and Settings\Administrator.KITCHEN.001\Local Settings\temp
2014-07-07 21:30 - 2014-07-07 20:37 - 00000000 ____D () C:\Qoobox
2014-07-07 21:26 - 2004-08-04 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-07 20:41 - 2014-07-07 20:41 - 00000000 _RSHD () C:\cmdcons
2014-07-07 20:41 - 2006-01-18 15:16 - 00000277 __RSH () C:\boot.ini
2014-07-07 20:37 - 2009-10-10 09:34 - 00000000 ____D () C:\ComboFix
2014-07-07 20:36 - 2009-10-07 18:37 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-07-07 20:26 - 2014-07-07 20:26 - 05215766 ____R (Swearware) C:\Documents and Settings\Dave\Desktop\username123.exe
2014-07-07 11:32 - 2014-07-07 11:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-01 22:12 - 2014-07-01 22:12 - 00000152 _____ () C:\Documents and Settings\Dave\Desktop\showthread.php-t=1126162&goto=newpost.url
2014-07-01 21:58 - 2014-07-01 21:58 - 00066590 _____ () C:\Documents and Settings\Dave\Desktop\7Dees Extras.Txt
2014-07-01 21:57 - 2014-07-01 21:57 - 02458146 _____ () C:\Documents and Settings\Dave\Desktop\7Dees OTL.Txt
2014-07-01 20:55 - 2014-07-01 20:54 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Dave\Desktop\OTL.exe
2014-07-01 13:11 - 2010-03-13 16:25 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job
2014-06-29 16:54 - 2006-02-11 00:40 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-29 16:53 - 2014-06-29 16:54 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-29 16:53 - 2014-06-29 16:54 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-29 16:53 - 2014-06-29 16:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-29 16:53 - 2014-06-29 16:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-29 16:53 - 2014-06-29 16:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-29 16:53 - 2014-06-29 16:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-29 16:38 - 2014-06-29 16:38 - 29405096 _____ (Oracle Corporation) C:\Documents and Settings\Dave\Desktop\jre-7u60-windows-i586.exe
2014-06-29 15:54 - 2014-06-29 15:55 - 00094208 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
Files to move or delete:
====================
C:\Documents and Settings\Fred\jagex_runescape_preferences.dat
C:\Documents and Settings\Kevin\jagex_runescape_preferences.dat
C:\Documents and Settings\Kevin\jagex_runescape_preferences2.dat

==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================


----------



## 7dees (Oct 4, 2009)

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by Administrator at 2014-07-22 21:06:02
Running from C:\Documents and Settings\Administrator.KITCHEN.003\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{91E9B920-0BA0-8020-496A-622AF456337F}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.0.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares Tube 3.0 (HKLM\...\Ares Tube_is1) (Version: - Ares Tube)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVS DVDtoGO 1.4.2 (HKLM\...\AVS DVDtoGO_is1) (Version: - Online Media Technologies Ltd.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
BitPim 1.0.6 (HKLM\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.6 - Joe Pham <[email protected]>)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1116.1445.26409 - Advanced Micro Devices, Inc.) Hidden
CCScore (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
cladDVD .NET v3.5.6 (HKLM\...\{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}) (Version: 3.5.6 - CloneAD)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
e-Saver version 3.1 (HKLM\...\{C97CA73D-E96B-4B42-830E-D0F7BD780FB8}_is1) (Version: 3.1 - AOC)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESSBrwr (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 5.03.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESShelp (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (Version: 5.03.0000.0201 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 5.3.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
essvcpt (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.379 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.379 - Ancestry.com) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Team Garry)
Global Star Software (HKLM\...\Global Star Software) (Version: - )
Google Apps (HKLM\...\{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}) (Version: 1.2.279.2381 - Google Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Handbrake 2.4.1 (HKLM\...\Handbrake) (Version: 2.4.1 - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Driver Diagnostics (HKLM\...\{4CCC7F68-A437-4559-A840-F5E010934951}) (Version: 1.03.0009 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Officejet Pro All-In-One Series (HKLM\...\{868EA922-5675-4E91-BDA6-BBD0F923C5EF}) (Version: 1.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.2 - Hewlett-Packard Company)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Image Plugin (HKLM\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.04.0226 - Snap-on Business Solutions)
Intel(R) 537EP V9x DF PCI Modem (HKLM\...\Intel(R) 537EP V9x DF PCI Modem) (Version: - )
iPodRip (HKLM\...\{B1B3A995-2FA8-46F1-9C3F-B3913CD0C3D4}) (Version: 2.0.0 - The Little App Factory)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
KSU (Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
L7600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
LG USB Drivers (HKLM\...\LG USB Drivers) (Version: - )
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
LimeWire 5.5.8 (HKLM\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing 17 (HKLM\...\Mavis Beacon Teaches Typing 17) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Cubicle Chaos for Pocket PC (Remove Only) (HKLM\...\Microsoft Cubicle Chaos for Pocket PC) (Version: - )
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Plus! for Windows XP (HKLM\...\{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}) (Version: 1.00.01.0732 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MPM (HKLM\...\{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}) (Version: 1.00.0000 - Hewlett-Packard)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
NetDeviceManager (Version: 90.0.192.000 - Hewlett-Packard) Hidden
NoniGPSPlot (HKLM\...\NoniGPSPlot) (Version: - )
Notifier (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
NWZ-E350 WALKMAN Guide (HKLM\...\{9D7E5329-5751-435B-B585-0EFF51783A20}) (Version: 2.1.0.17210 - Sony Corporation)
OfotoXMI (Version: 5.03.0000.0302 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OTtBP (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OTtBPSDK (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
pdfFactory (HKLM\...\pdfFactory) (Version: - )
Pivot Stickfigure Animator (HKLM\...\{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}) (Version: 2.2.5 - Peter Bone)
Portal (HKLM\...\Steam App 400) (Version: - Valve)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Qtrax 0.2beta (20080125) (HKLM\...\Qtrax 20080125) (Version: - )
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Road Runner Medic 6.1 (HKLM\...\RoadRunnerMedic6.1_is1) (Version: 6.1.31 - )
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - ) <==== ATTENTION
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SFR (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
SKIN0001 (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 5.3.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Source SDK (HKLM\...\Steam App 211) (Version: - Valve)
Source SDK Base (HKLM\...\Steam App 215) (Version: - Valve)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
staticcr (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TOSHIBA gigabeat applications (HKLM\...\{3d64690e-3f92-4b47-b197-0ce4b689798b}) (Version: - )
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
URGE (HKLM\...\{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}) (Version: 1.1.9060.0 - MTV Networks)
V CAST Music (HKLM\...\{3249FD43-B24B-413F-B786-F8FEA32FA747}) (Version: 1.08.0057 - Smith Micro Software Inc.)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VPRINTOL (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - )
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WIRELESS (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
Xfire (remove only) (HKLM\...\Xfire) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Restore Points =========================
21-04-2014 21:39:18 System Checkpoint
23-04-2014 08:30:03 System Checkpoint
29-04-2014 17:09:09 System Checkpoint
30-04-2014 17:22:39 System Checkpoint
01-05-2014 17:53:58 System Checkpoint
03-05-2014 03:08:08 System Checkpoint
03-05-2014 07:00:18 Software Distribution Service 3.0
04-05-2014 07:21:14 System Checkpoint
05-05-2014 08:57:43 System Checkpoint
06-05-2014 14:02:46 System Checkpoint
07-05-2014 10:15:28 avast! antivirus system restore point
08-05-2014 10:28:13 System Checkpoint
09-05-2014 16:39:07 System Checkpoint
14-05-2014 01:33:14 System Checkpoint
15-05-2014 01:37:06 System Checkpoint
15-05-2014 07:00:20 Software Distribution Service 3.0
16-05-2014 08:01:06 System Checkpoint
17-05-2014 08:37:06 System Checkpoint
18-05-2014 17:50:38 Revo Uninstaller's restore point - CA Personal Firewall
18-05-2014 17:51:10 Removed .
23-05-2014 15:03:08 System Checkpoint
24-05-2014 15:56:28 System Checkpoint
31-05-2014 06:06:11 System Checkpoint
01-06-2014 17:16:29 System Checkpoint
02-06-2014 18:49:45 System Checkpoint
03-06-2014 21:31:47 System Checkpoint
05-06-2014 00:33:23 System Checkpoint
06-06-2014 01:04:18 System Checkpoint
07-06-2014 02:43:10 System Checkpoint
07-06-2014 19:33:54 Restore Operation
07-06-2014 19:41:10 Restore Operation
07-06-2014 19:45:23 Restore Operation
07-06-2014 19:51:35 Restore Operation
09-06-2014 02:03:41 System Checkpoint
12-06-2014 07:00:21 Software Distribution Service 3.0
13-06-2014 22:53:12 System Checkpoint
14-06-2014 03:51:05 avast! antivirus system restore point
14-06-2014 05:49:25 avast! antivirus system restore point
16-06-2014 18:20:44 System Checkpoint
17-06-2014 18:24:00 System Checkpoint
18-06-2014 18:44:04 System Checkpoint
19-06-2014 18:46:37 System Checkpoint
21-06-2014 04:44:53 System Checkpoint
29-06-2014 20:45:04 Removed Java 7 Update 55
29-06-2014 20:53:38 Installed Java 7 Update 60
02-07-2014 01:08:39 OTL Restore Point - 7/1/2014 9:08:31 PM
02-07-2014 02:21:50 OTL Restore Point - 7/1/2014 10:21:42 PM
03-07-2014 02:30:48 System Checkpoint
03-07-2014 08:40:02 avast! antivirus system restore point
08-07-2014 00:37:39 ComboFix created restore point
09-07-2014 10:31:28 avast! antivirus system restore point
09-07-2014 10:33:56 avast! antivirus system restore point
09-07-2014 11:29:49 avast! antivirus system restore point
10-07-2014 07:00:24 Software Distribution Service 3.0
11-07-2014 09:47:44 System Checkpoint
12-07-2014 14:03:09 System Checkpoint
13-07-2014 11:08:27 Revo Uninstaller's restore point - TOSHIBA gigabeat applications
15-07-2014 02:28:53 avast! antivirus system restore point
16-07-2014 11:47:45 Revo Uninstaller's restore point - avast! Free Antivirus
16-07-2014 11:48:37 avast! antivirus system restore point
16-07-2014 11:52:36 Revo Uninstaller's restore point - avast! Free Antivirus
17-07-2014 01:01:17 OTL Restore Point - 7/16/2014 9:01:10 PM
19-07-2014 18:21:48 System Checkpoint
20-07-2014 18:45:23 System Checkpoint
==================== Hosts content: ==========================
2004-08-04 08:00 - 2014-07-07 21:26 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-287218729-682003330-500Core.job => C:\Documents and Settings\Administrator.KITCHEN.003\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-287218729-682003330-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-287218729-682003330-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B27C5EDB-EFD7-4884-8A5F-38D50EA39E09}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2C0F754-E0A4-4261-A96B-E8E72AB75132}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2006-02-14 20:10 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\DeQuarantine.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStor.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87405443.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87405443.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM7\aim.exe" /d locale=en-US
MSCONFIG\startupreg: medicsp2 => C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
MSCONFIG\startupreg: TosGbWatcher => C:\Program Files\TOSHIBA\gigabeat room\TosGbWatcher.exe
==================== Faulty Device Manager Devices =============
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2014 08:48:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (07/22/2014 08:47:53 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (07/20/2014 05:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
Error: (07/20/2014 05:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00063285.
Processing media-specific event for [explorer.exe!ws!]
Error: (07/16/2014 08:45:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (07/22/2014 09:03:03 PM) (Source: DCOM) (EventID: 10005) (User: KITCHEN)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (07/22/2014 09:02:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (07/22/2014 09:02:25 PM) (Source: DCOM) (EventID: 10005) (User: KITCHEN)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (07/22/2014 09:01:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (07/22/2014 09:01:14 PM) (Source: DCOM) (EventID: 10005) (User: KITCHEN)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (07/22/2014 08:55:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
%%2001
Error: (07/22/2014 08:55:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Fips
intelppm
Error: (07/22/2014 08:55:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%2001
Error: (07/22/2014 08:54:30 PM) (Source: DCOM) (EventID: 10005) (User: KITCHEN)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (07/22/2014 08:54:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (07/22/2014 08:48:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C
Error: (07/22/2014 08:47:53 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C
Error: (07/20/2014 05:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
Error: (07/20/2014 05:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512shlwapi.dll6.0.2900.591200063285
Error: (07/16/2014 08:45:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000

==================== Memory info =========================== 
Percentage of memory in use: 10%
Total physical RAM: 3070.08 MB
Available physical RAM: 2739.97 MB
Total Pagefile: 4449.41 MB
Available Pagefile: 4338.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.01 GB) (Free:92.79 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## eddie5659 (Mar 19, 2001)

Thanks, looks like we have a something there, so can you run this to have a detailed look:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.


----------



## 7dees (Oct 4, 2009)

Eddie - For some reason I couldn't use the keyboard untill I restarted in safe mode (with networking). 
I then ran RogeKiller as instructed but a dialogue box kept telling me that it was outdated and asked me to update on the website yes or no I clicked no and it seemed to work correctly. 
Here is the report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Dave [Admin rights]
Mode : Scan -- Date : 07/26/2014 13:48:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : OTL ("C:\Documents and Settings\Dave\Desktop\OTL.exe") [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ARRAY +++++
--- User ---
[MBR] 85fcf4ec20e9242278c66ebd835164fe
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305164 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_07262014_02d1348.txt >>
RKreport[1]_S_07262014_02d1348.txt


----------



## 7dees (Oct 4, 2009)

Eddie - I know that I should not have made any changes while you complete your investigation so I wanted you to know that I removed Avast in an effort to remove Grimefighter. Before we started al this I mistakenly paid for Grimefighter thinking I was buying the antivirus suite. Grimefighter now defaults instead of windows and it just hangs at the black screen with a flashing cursor untill I restart and select start windows normally. I'm sorry if I have caused another unrelated issue. - Thanks 7dees


----------



## eddie5659 (Mar 19, 2001)

About Grimefighter: I know its annoying, I have it popping up all the time, but there is a way to disable the reminder so you don't need to think to buy it. If you reinstall Avast, will it reinstall Grimefighter?

If so, we'll look at a different antivirus for you. Some like MSE, but I'm not a big fan of it. Comodo do a free one:

http://www.comodo.com/home/internet-security/antivirus.php

But there are many others.

Now, onto the issue you have. Firstly, the scan you did above. It is the latest version, so thats fine. Plus it came up clear. So, lets run a fix with FRST, but afterwards I would like to check your drivers, as it appears that the bsod's may be hardware related.

======================

So, onto the fix first:

Can you uninstall this via the Control Panel:

*Coupon Printer for Windows Version: 4.0.*

--

Then, download attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

eddie


----------



## 7dees (Oct 4, 2009)

Eddie,
When I uninstalled Avast, Grimefighter stayed in the startup. Now when I turn on the computer i must F8 to the black screen to choose grimefighter or windows otherwise grimefighter will start automatically and then it hang up. If I'm quick enough to choose windows first it starts normally.

Here is the FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by Administrator at 2014-07-28 19:25:47 Run:1
Running from C:\Documents and Settings\Administrator.KITCHEN.003\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\WINDOWS\system32\nuhukugo
C:\Documents and Settings\Fred\jagex_runescape_preferences.dat
C:\Documents and Settings\Kevin\jagex_runescape_preferences.dat
C:\Documents and Settings\Kevin\jagex_runescape_preferences2.dat
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
AlternateDataStreams: C:\DeQuarantine.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStor.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\WINDOWS\system32\nuhukugo => Moved successfully.
C:\Documents and Settings\Fred\jagex_runescape_preferences.dat => Moved successfully.
C:\Documents and Settings\Kevin\jagex_runescape_preferences.dat => Moved successfully.
C:\Documents and Settings\Kevin\jagex_runescape_preferences2.dat => Moved successfully.
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\DeQuarantine.txt => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\Drivers\iaStor.sys => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
==== End of Fixlog ====


----------



## eddie5659 (Mar 19, 2001)

Okay, so its only on bootup. Lets take a look at that process

There is a file in the root of your hard drive called *C:\boot.ini*. I would like you to *COPY* this file to your Desktop - please do not mess with the original as it makes bad things happen!!! You may need to make it visible, in which case you can follow the instructions *Here*

Once done, rename the file to *"boot.txt"* Using quotation marks stops XP from altering the file extension to what it thinks it should be, so don't forget them - they will disappear once the rename is completed. Then simply open the file and copy and paste the contents into your next reply.

eddie


----------



## 7dees (Oct 4, 2009)

[boot loader]
timeout=2
default=C:\stage0
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
C:\stage0="Run GrimeFighter"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\="Back to Windows"

FYI - The computer has been running in safe mode with networking for well over a week. No other use other than following your instructions.

PS Thanks again


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, Eddie won't be able to continue here due to some family matters so I'll help you to fix the boot.ini file to eliminate Grimefighter as a boot option.

I haven't read through the entire thread but I assume this is all that needs to be done at this point. If not, please advise me of any other problems that remain.

The boot.txt file that you saved on your Desktop will serve as your backup file so please don't delete that for the time being.

Also, be sure that you have backed up any important documents, photos, music, emails, etc. to external medial (external hard drive or CDs/DVDs) before proceeding.

Now, go to *Start *- *Run *- type *cmd *and press enter to open a command prompt.

Copy the following line and paste it at the command prompt:

*attrib -s -h -r C:\boot.ini*

Then hit Enter.

The above command will remove the file attributes that prevent editing. We will change them back after the edit to protect the file from alteration.

Go to the C:\boot.ini file and right-click the file and open it with Notepad. It should look exactly like the contents that you posted here earlier. Remove ALL of the text in that file so that it's empty and replace it with the text in the code box below (do NOT copy the word "code" but rather just the contents of that box):


```
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
```
Then click on "File" and "Save As" then go down to "Save as type" and click on the downward arrow and change the file type from "Text Documents (*.txt) to "*All Files (*.*)*". If you don't do this it will have a .txt file extension and won't work.

Do NOT change the file name (it needs to remain boot.ini).

Do NOT boot the machine yet until we're sure you have saved the file correctly.

Please confirm that the name of the file and the path to it is *C:\boot.ini* (and not C:\boot.txt).

Right-click the file and select to open it in Notepad and verify that the contents match what I posted above in the code box.

Do not make any changes but click on Cancel in Notepad to close it out.

If you are confident that you've made the change correctly then reboot the machine. Otherwise, do NOT reboot and post any questions or concerns.

The machine will still have a 2 second delay but then it should boot directly to Windows. The reason for the delay is that the Recovery Console has been installed and can be selected as a boot option if needed. But the default boot option is Windows so it will automatically to go Windows after the 2 second delay with no intervention on your part.

If the machine boots correctly then you can proceed with another command at the command prompt to reset the file attributes as they were before. Please run the following command at the command prompt and hit Enter.

*attrib +s +h +r C:\Boot.ini*

Let me know how it goes.


----------



## Cookiegal (Aug 27, 2003)

Have you run into some difficulties with this?


----------



## 7dees (Oct 4, 2009)

No I've been away.
I've read this multiple times to be sure I'm clear and I just getting ready to reboot.
Question: When I copied your first instruction into the command promt I never had the chance to hit enter, it just immediatly returned the previous command prompt exactly like this:
C:\Documents and Settings\Dave>
C:\Documents and Settings\Dave>


----------



## Cookiegal (Aug 27, 2003)

That should be fine. As long as you were able to edit the boot.ini file and it looks like it should then the attributes were removed.


----------



## 7dees (Oct 4, 2009)

OK thanks.
So far so good it booted exactly as you described however OTL.exe wants to run but I'm getting:
Open File - Security Warning because of Unknown Publisher.

I believe this is a program Eddie previously instructed me to download and use.

It's asking me to RUN or CANCEL


----------



## Cookiegal (Aug 27, 2003)

You can cancel that.

Are there any problems remaining with the machine?

As I said, I haven't had a chance to review the entire thread.


----------



## 7dees (Oct 4, 2009)

Restarted now without any difficulty. I just finished your last command prompt instructions.
Eddie thought that there could be a hardware issue but we never determined that.
The following will have to wait till the weekend.
Install a new antivirus program since removing AVAST and then try running a full scan.
If I can run a full scan without getting a blue screen then I will mark the thread solved.
Thanks for your help.


----------



## Cookiegal (Aug 27, 2003)

OK. Please let me know. I'll take a look over the thread tomorrow so I'm up to speed on the issues.


----------



## Cookiegal (Aug 27, 2003)

You should get an anti-virus program on there right away though if you don't have one. You can hold off running a scan until you have the time.


----------



## Cookiegal (Aug 27, 2003)

Do you still have this printer?

Officejet Pro L7600


----------



## 7dees (Oct 4, 2009)

Yes on the home network


----------



## Cookiegal (Aug 27, 2003)

I had a look through this thread and the initial DDS scan indicated there's a problem with the printer driver. There were also errors involving drivers from CA (Computer Associates) but I believe you uninstalled CA, correct?

Let's see if those errors still appear. Can you run DDS again and post the log? I assume you still have it on your desktop. It will only produce one log this time.


----------



## 7dees (Oct 4, 2009)

Yes I had uninstalled CA a long time ago but found an instance with REVO and finished removing it but did not make the registry changes.
I installed the free version of Bit Defender last night as well.
DDS was in the recycle bin already. I moved it back ran it tonight and here are both files.
DDS.txt ----->
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.67.2
Run by Dave at 21:35:13 on 2014-08-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1730 [GMT -4:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dave\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356485608921
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345999640203
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FABA57E8-3BAA-4FB3-B0FA-B10C8B8A4711} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-8-6 633344]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-2-7 6097]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2006-2-14 164256]
R2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-5-17 18224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-2-6 54760]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\bitdefender\antivirus free edition\gzserv.exe [2014-8-6 57520]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-4-5 53208]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-5 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-5 860472]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-8-6 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-8-6 486536]
R3 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-8-6 164952]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [2007-10-5 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2007-10-5 23376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-9 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-5 110296]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-6-29 202280]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-2-7 299923]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-08-07 01:47:28 172937 ----a-w- c:\documents and settings\all users\application data\1407375976.bdinstall.bin
2014-08-07 01:47:10 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-08-07 01:46:54 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-08-07 01:46:47 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-07 01:46:47 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-07 01:46:47 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-08-07 01:46:46 -------- d-----w- c:\program files\Bitdefender
2014-08-07 01:46:36 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-08-07 01:46:35 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-08-07 00:36:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-07 00:36:44 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-23 01:03:47 -------- d-----w- C:\FRST
2014-07-17 01:00:58 -------- d-----w- C:\_OTL
2014-07-12 22:22:04 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-12 22:19:30 -------- d-----w- C:\AdwCleaner
.
==================== Find3M ====================
.
2014-08-08 01:25:49 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 11:20:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 11:20:32 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-17 22:29:07 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
2014-05-12 11:26:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:36:34.83 ===============

Attach.txt----->
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2006 7:28:52 PM
System Uptime: 8/6/2014 7:48:38 PM (26 hours ago)
.
Motherboard: Dell Inc. | | 0GH003
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 91.392 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: 
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\PRINTER\0000
Service: 
.
==== System Restore Points ===================
.
RP3331: 4/21/2014 5:39:18 PM - System Checkpoint
RP3332: 4/23/2014 4:30:03 AM - System Checkpoint
RP3333: 4/29/2014 1:09:09 PM - System Checkpoint
RP3334: 4/30/2014 1:22:39 PM - System Checkpoint
RP3335: 5/1/2014 1:53:58 PM - System Checkpoint
RP3336: 5/2/2014 11:08:08 PM - System Checkpoint
RP3337: 5/3/2014 3:00:18 AM - Software Distribution Service 3.0
RP3338: 5/4/2014 3:21:14 AM - System Checkpoint
RP3339: 5/5/2014 4:57:43 AM - System Checkpoint
RP3340: 5/6/2014 10:02:46 AM - System Checkpoint
RP3341: 5/7/2014 6:15:28 AM - avast! antivirus system restore point
RP3342: 5/8/2014 6:28:13 AM - System Checkpoint
RP3343: 5/9/2014 12:39:07 PM - System Checkpoint
RP3344: 5/13/2014 9:33:14 PM - System Checkpoint
RP3345: 5/14/2014 9:37:06 PM - System Checkpoint
RP3346: 5/15/2014 3:00:20 AM - Software Distribution Service 3.0
RP3347: 5/16/2014 4:01:06 AM - System Checkpoint
RP3348: 5/17/2014 4:37:06 AM - System Checkpoint
RP3349: 5/18/2014 1:50:38 PM - Revo Uninstaller's restore point - CA Personal Firewall
RP3350: 5/18/2014 1:51:10 PM - Removed .
RP3351: 5/23/2014 11:03:08 AM - System Checkpoint
RP3352: 5/24/2014 11:56:28 AM - System Checkpoint
RP3353: 5/31/2014 2:06:11 AM - System Checkpoint
RP3354: 6/1/2014 1:16:29 PM - System Checkpoint
RP3355: 6/2/2014 2:49:45 PM - System Checkpoint
RP3356: 6/3/2014 5:31:47 PM - System Checkpoint
RP3357: 6/4/2014 8:33:23 PM - System Checkpoint
RP3358: 6/5/2014 9:04:18 PM - System Checkpoint
RP3359: 6/6/2014 10:43:10 PM - System Checkpoint
RP3360: 6/7/2014 3:33:54 PM - Restore Operation
RP3361: 6/7/2014 3:41:10 PM - Restore Operation
RP3362: 6/7/2014 3:45:23 PM - Restore Operation
RP3363: 6/7/2014 3:51:35 PM - Restore Operation
RP3364: 6/8/2014 10:03:41 PM - System Checkpoint
RP3365: 6/12/2014 3:00:21 AM - Software Distribution Service 3.0
RP3366: 6/13/2014 6:53:12 PM - System Checkpoint
RP3367: 6/13/2014 11:51:05 PM - avast! antivirus system restore point
RP3368: 6/14/2014 1:49:25 AM - avast! antivirus system restore point
RP3369: 6/16/2014 2:20:44 PM - System Checkpoint
RP3370: 6/17/2014 2:24:00 PM - System Checkpoint
RP3371: 6/18/2014 2:44:04 PM - System Checkpoint
RP3372: 6/19/2014 2:46:37 PM - System Checkpoint
RP3373: 6/21/2014 12:44:53 AM - System Checkpoint
RP3374: 6/29/2014 4:45:04 PM - Removed Java 7 Update 55
RP3375: 6/29/2014 4:53:38 PM - Installed Java 7 Update 60
RP3376: 7/1/2014 9:08:39 PM - OTL Restore Point - 7/1/2014 9:08:31 PM
RP3377: 7/1/2014 10:21:50 PM - OTL Restore Point - 7/1/2014 10:21:42 PM
RP3378: 7/2/2014 10:30:48 PM - System Checkpoint
RP3379: 7/3/2014 4:40:02 AM - avast! antivirus system restore point
RP3380: 7/7/2014 8:37:39 PM - ComboFix created restore point
RP3381: 7/9/2014 6:31:28 AM - avast! antivirus system restore point
RP3382: 7/9/2014 6:33:56 AM - avast! antivirus system restore point
RP3383: 7/9/2014 7:29:49 AM - avast! antivirus system restore point
RP3384: 7/10/2014 3:00:24 AM - Software Distribution Service 3.0
RP3385: 7/11/2014 5:47:44 AM - System Checkpoint
RP3386: 7/12/2014 10:03:09 AM - System Checkpoint
RP3387: 7/13/2014 7:08:27 AM - Revo Uninstaller's restore point - TOSHIBA gigabeat applications
RP3388: 7/14/2014 10:28:53 PM - avast! antivirus system restore point
RP3389: 7/16/2014 7:47:45 AM - Revo Uninstaller's restore point - avast! Free Antivirus
RP3390: 7/16/2014 7:48:37 AM - avast! antivirus system restore point
RP3391: 7/16/2014 7:52:36 AM - Revo Uninstaller's restore point - avast! Free Antivirus
RP3392: 7/16/2014 9:01:17 PM - OTL Restore Point - 7/16/2014 9:01:10 PM
RP3393: 7/19/2014 2:21:48 PM - System Checkpoint
RP3394: 7/20/2014 2:45:23 PM - System Checkpoint
RP3395: 8/6/2014 8:08:32 PM - System Checkpoint
RP3396: 8/6/2014 8:36:14 PM - Installed Java 7 Update 67
RP3397: 8/6/2014 9:03:18 PM - Revo Uninstaller's restore point - CA Anti-Spyware
RP3398: 8/6/2014 9:03:31 PM - Removed .
RP3399: 8/6/2014 9:47:10 PM - Installed Windows XP Wdf01009.
RP3400: 8/7/2014 3:00:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7500_7600_7700_Help
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.07)
AIM 7
AMD Catalyst Install Manager
Any Video Converter 5.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares Tube 3.0
Audacity 1.2.6
AVS DVDtoGO 1.4.2
Bing Maps 3D
Bitdefender Antivirus Free Edition
BitPim 1.0.6
Bonjour
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center InstallProxy
CCScore
Cisco Connect
cladDVD .NET v3.5.6
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Content Transfer
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceManagementQFolder
Dropbox
e-Saver version 3.1
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
eSupportQFolder
Family Tree Maker 2011
Fax
Free WMA to MP3 Converter 1.16
Garry's Mod
Global Star Software
Google Apps
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Grand Theft Auto: San Andreas
Half-Life 2: Episode One
Half-Life 2: Episode Two
Handbrake 2.4.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Image Plugin
Intel(R) 537EP V9x DF PCI Modem
iPodRip
iTunes
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
kgcbase
Kodak EasyShare software
KSU
L7600
LG USB Drivers
LG USB Modem driver
LimeWire 5.5.8
Malwarebytes Anti-Malware version 2.0.2.1012
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Cubicle Chaos for Pocket PC (Remove Only)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WSE 3.0 Runtime
MPM
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
NetDeviceManager
NoniGPSPlot
Notifier
NWZ-E350 WALKMAN Guide
OfotoXMI
OGA Notifier 2.0.0048.0
OTtBP
OTtBPSDK
pdfFactory
Pivot Stickfigure Animator
Portal
ProductContext
Qtrax 0.2beta (20080125)
Quicken 2006
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.95
Road Runner Medic 6.1
Savings Bond Wizard
Scan
SeaTools for Windows
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
SKIN0001
SKINXSDK
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SoundMAX
Source SDK
Source SDK Base
SpywareBlaster 5.0
staticcr
Status
System Requirements Lab for Intel
Team Fortress 2
Toolbox
TOSHIBA gigabeat applications
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
V CAST Music
VC 9.0 Runtime
VPRINTOL
WebFldrs XP
WebReg
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WOT for Internet Explorer
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/6/2014 7:49:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
8/6/2014 7:49:37 PM, error: Ma730Pt [18] - 
8/6/2014 7:49:34 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: The specified driver is invalid.
8/6/2014 7:49:34 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The specified driver is invalid.
8/6/2014 7:49:21 PM, error: Print [23] - Printer HP OfficeJet T Series Printer failed to initialize because a suitable HP OfficeJet T Series Printer driver could not be found.
8/6/2014 7:48:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/6/2014 7:29:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================

Thank you


----------



## Cookiegal (Aug 27, 2003)

I'll review that log and post further instructions tomorrow as I'm signing off for the night.

But are you having any problems with that printer?


----------



## 7dees (Oct 4, 2009)

Not recently. It would act up at times by randomly changing its ip address but since I knew that I could always get it running quickly.
Thank you again


----------



## Cookiegal (Aug 27, 2003)

There was an error logged for the printer in the last log so I would uninstall the printer then reboot the machine and reinstall the printer software.

When did you have the last BSOD and what were you doing at the time?


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*kmx*
*avast*
:folderfind
*avast*
:regfind
kmx
avast
grimefighter
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## 7dees (Oct 4, 2009)

Since you questioned it I recall having issues with the HP software from time to time. I have uninstalled it for now and will reinstall it tomorrow after trying to run the virus scan tonight.

The last few instances of BSOD ocurred while running virus scans.

SystemLook 04.09.10 by jpshortstuff
Log created at 23:00 on 08/08/2014 by Dave
Administrator - Elevation successful
========== filefind ==========
Searching for "*kmx*"
No files found.
Searching for "*avast*"
C:\Documents and Settings\All Users\Application Data\Google Updater\icons\images_avast.gif ------- 1029 bytes [11:49 08/09/2010] [21:43 09/09/2011] 6A240DA24BAF2B6F362E51374EBFB341
C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.avast.com_0.localstorage --a---- 7168 bytes [17:54 13/04/2014] [18:10 13/04/2014] 6C6A38EDA50690A96BC23817DC16DB09
C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.avast.com_0.localstorage-journal --a---- 7736 bytes [17:54 13/04/2014] [18:10 13/04/2014] B81178889C47652262D905E8DB54D6CC
C:\Documents and Settings\Dave\My Documents\Downloads\avast_free_antivirus_setup.exe --a---- 88551496 bytes [18:11 13/04/2014] [18:12 13/04/2014] 24B463CCAA6D911EE1A149FCD0418E9A
C:\Documents and Settings\Dave\My Documents\Downloads\avast_free_antivirus_setup_online.exe --a---- 4862664 bytes [11:27 09/07/2014] [11:27 09/07/2014] 4AF4D1D156DF61FC7364D1193862A068
C:\Program Files\Bitdefender\Antivirus Free Edition\Install\extern\avast5.xml --a---- 1030 bytes [01:47 07/08/2014] [19:28 27/01/2012] B3637B22722AB98E9CC0C1A5DC16F0DF
C:\WINDOWS\WinSxS\Manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2.cat --a---- 9249 bytes [18:14 13/04/2014] [11:33 09/07/2014] F181BD5627947025E1254E2F786AE2BE
C:\WINDOWS\WinSxS\Manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2.manifest --a---- 2376 bytes [18:14 13/04/2014] [11:33 09/07/2014] 176B3BE4AE48CC8A7FACBB8E89A2131E
========== folderfind ==========
Searching for "*avast*"
C:\Documents and Settings\All Users\Application Data\AVAST Software d------ [18:12 13/04/2014]
C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast d------ [18:12 13/04/2014]
C:\Documents and Settings\Dave\Local Settings\Application Data\Temp\avastBCLTMP d------ [19:23 13/04/2014]
C:\Documents and Settings\Terri\Local Settings\Application Data\Temp\avastBCLTMP d------ [01:44 14/04/2014]
C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2 d------ [18:14 13/04/2014]
C:\WINDOWS\WinSxS\Policies\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_x-ww_96cea1b1 d------ [18:14 13/04/2014]
========== regfind ==========
Searching for "kmx"
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\rpplugins\PluginHandlerData\PluginInfo1]
@="D~XhQYabJitWkmHuobmCdFLpQ==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~Xxz1o1BmLU06ODPfQwm5QVw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XeWtoVH+PkkK6CxbP8MgRqA==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XmJmmKBElw0yadMrBZhGe0Q==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XTL/NRyDGR0yH0fwC2pKcWw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XbIz1IzqqrUOYZVvWNpUnjg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XO3MSrJhZMUC/pz+1OzVxOg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XEPPsQ6a7Vk2lDkK5TiLtfw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XxOit5O71f0S7yJ8uX6mITA==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XlFclZ7SP/0Wjr/FeNgoVGg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~Xov7afFUdU0WQWBBv1CHsvw==}
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\rpplugins\PluginHandlerData\PluginInfo3]
@="rolactor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XJpZAm/6YuE6BAfaLHDlzUQ==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpvideowindow~PluginFilename~Srpmn3260.dll~ComponentCLSID~XupjUR5UPr0O0CB30jQMo5g==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpvideoresizerwindow~PluginFilename~Srpmn3260.dll~ComponentCLSID~XHL7W4qblBkiPePKPSDLXwg==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpcontentwindowlayout~PluginFilename~Srpmn3260.dll~ComponentCLSID~XUNUn2AwMzkO3b2Gel1TQtg==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:RPPlayControlsActor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XNBuKyY7eCkO3ZYUW1tsBWA==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:RPMessageActor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XcLqkH1AQvEiyzeR+VwgVCg==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpvisuicomp
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll]
"System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573""="%EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*[email protected]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010\Features]
"ReaderPDFIntegration"="y*LkN?!)RAKft[lNW8Nz]kMXt{[email protected]!g_javLWH9ND.hxI[98%vV`jvHqE{lJ+!m*u}[email protected]{[email protected][{em1*Z)DM9DQ*9J[d4ujdve4._k_n,w3Q?f=3qRMTAx-&[email protected]%@($w^U8e'.=]Z7A~pCM%~nSne_4,F9n5oW=)iufw?UH2M,cO'@fMr^[email protected]=+'T=Abh[[email protected]^4v9J5Kvp!9_wa^zvtQABWO!X~7MbLReaderProgramFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C911C9FD62F79B54394DC773C2BBAB11\Features]
"iTunes"="[email protected]]6YQx=3485p[-tfn}en=MCS'[email protected][email protected]}`2h98(`S()[email protected][email protected]?kX_GU2[p=n+7YA(D~CnWx3g?Vyj3mic$?9V0w]z[By,[email protected]][email protected]?}RQ!'TZx.qM]h()[email protected][zER4cO9nDwowDX%}t_pGGkZzLh9r3NU)LvJSVSkCIHffW`@Xg7l2d2''UQCj*zCQQz8oUZ5(fRDLY0L0c.J.Pt?p^g$mCOr5odFsVxY,_3?t3axt)YZJAZ[Il'f`C.?a~f-xmu.JuEkcIr]70~98ufRSxITDzVzO*_2dt,[email protected]*[email protected](S-yyVM7+1*w%l]Cz=}Cm?t^oWW7!Es`[email protected]``wmVun,[email protected]=tSt7),`PjUmpC=k2`A8%19C]2_O4VPQzF2_U293&Qcg]4[laDdyzU_7l)?fgWNHc5QLt)='[[email protected]`riTeol&7rMC+vAJh(2`uG'-lVnY3!nmMupd^?Wl^BAMmje(EH]pPD6Hr?f'VlgR&KeqM5pfL_Ktg(l*d=J%lrLWGseJ3%dyV9_6Eha8hfVzI.=?_w*3]9wpw2TNA2j!MR(K&gwxF?)-tP6upAq$2s9yT=&oJ?p(@S+mRqFecx{VnRa{[email protected]!E19.Iikyt+X!56yhKIN5][email protected]]3L7xry2a86}Bj8ob.J.Q5S_&t2HIY=^8?9$fzxArf&rsr(7L0^QhQ=1n~3!arsg*{W{$2+6=k?e0{PX_4kuTTC+jXR~M(A$,'+b^G5i+%R1Du][email protected]_&`J&=+Wb6dh!Wm=p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"Redist_Package"="4Mx0Iul3g(W'z?VXB]2di6!v=}lN3='umgt)sd`Z_$Qnt(v%1=w7quMORRm4yC'[email protected]&Hl%piZv0(Zu=PHx%N9s[0$gto)K+Cd2HfPvUY9]I?,mmJG!9ZYT6Y}[email protected]?kE(HR+=APTr'x}Ylx^9=lPtH^rD`fpvC~AI=2_U=jP1y7`PgEK{[[email protected]}-D^AK^v{S)++_*dxy+{V6B(@+d{@([email protected]?VTfnVU9.k,l*[email protected][email protected]}@nt)SFyop~vAp90Cz!9u'3J5L{d[8*z')@Qz'!'a3**FbTxZKkt2j?{Sxt]TsJ]6%k-Al*3,5=xBozmY41V`56Zw[lFq!AZaHdOPG6-dIuzG[[email protected]%]8+9ng8_ytD4.[PYtUR-d8WP[=+EL+1OSn81D6,P^[email protected]*+'^,ENqW6G3iS(9_(C-rGo0QqSKY9ZJVk%@5*n^V-1r%Gh%@&P!ZVt?1D{$s]_FO'OXft_7MjA9o[)^wmaHEH2Y]8C*W[[email protected],InfZq=QOuVN2Hc4Qu?2.16NiMk5BtY)Pr?'aa9+o&]x?fF50^@SV,[email protected]?1NlDRZD]mPuqOdb3z0A9nOM3DNwRap'2K5v`u{[email protected]'KN&[email protected][e(@`%O][email protected]{s`x!5=hYt4I?bXAd3_?PwKw=KLXB[[email protected]&xP9mc&'hqx1hmIAux2xahHd61q8lU7ew,g(Lay?VXB]2dVT-lT$87FAXaifsem'6,r.2A3+R`@@2`n9+2GHk3=a`k].=7g(X*z?VXB]2d7a`k].=7g(X*z?VXB]2dplbwio7--=ADHS[[email protected]&$h62ZZNqfFOX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"S867460"=".k,l*[email protected][email protected]}@nt)56Zw[lFq!AZaHdOPG6-dIuzG[[email protected]%]8+9ng8_ytD42Y]8C*W[[email protected],InfZq=QOuVN2Hc4Qu?2.16NiMk5BtY)Pr?'aa9+o&]x?fF50uqOdb3z0A9nOM3DNwRap'2K5v`u{[email protected]'KN&crMZplbwio7--=ADHS[HQExWFOXO*vD*g(HTy?VXB]2dMBBT)BQ7TAKZMfN3g~`51HFrU9s9S=hGXO0.G~dt[e5O`,~qf8RL.&vSDHT-Wki6qLc=g(Y-z?VXB]2dotUSR7sJI9XWUTUpv$ej!3I{C3E^[email protected],$S*[email protected]~=][email protected]=QM?g(Z1z?VXB]2dHtk1,n)KW?AJfU?mRf+{mVx,Ad,u&9&zFxw5JL.F]12Vza)%[={6d9dy&hP*`7%[email protected]?l+pA*w?($%r8G1O=1KZ8'-}KeN$uPn=][)FS`tD=D7wT&K72`1ViHUx7Z%[email protected]@`W!I9lB,J[3,aLAz3av9?OnlL^[email protected]]Uf?]XH+4mAK8dvi%In?=RF?ANWwyY6unlM.k3a.NX*Al$G-'ho!o)OPr'qT'[email protected]?e]RwuShlu=HgVH13*D4=(W~'P?([email protected],[email protected]*H~JMe64H(FT9aAe*?nR&Hqu&00}qZ=`RaAFZQ{?{DArt,[email protected]?-Q++qW2k2-1uFP6,,9}RZKY3'J(%IvR7u6?dq8g4^Yd4V1J6$v^BT?)o-=UTn*[email protected])~p?RO_w[&n!BoCXqG=-dnT!D_K^FC)z]OrW%R=wF2GW{[email protected]]9]5,Sm%4[C+hWlcu7oG*9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"M2656370"="Av^oip*[email protected]=PK%=e-_b0RuAPa)*.Q,.{[email protected]~ukZ1yh92o[1i3Q&G?FAHRQ%kQs(-''*.Q,.{[email protected]~ukZ1yh92oYG6lpG0aD9XYs~z*CIyo86qu*1Q.C=h8goR95f7b"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"M2742597"="plbwio7--=ADHS[[email protected]&$h62ZZNqfFOXO*vD*g(HTy?VXB]2d]12Vza)%[={6d9dy&hP*`7%[email protected]?l+pA*w?($%lB,J[3,aLAz3av9?OnlLvi%In?=RF?ANWwyY6unlbxeg9hL-C?e]RwuShlu=bmbdCiaT7?c_)gkQwc(d00}qZ=`RaAFZQ{?{DArt,[email protected]?-Q++qW2k2-1uFP6,,9}RZKY3'J(%C)z]OrW%R=wF2GW{[email protected]]9]5,Sm%4[C+^'5*]IAel?w8MnWaY[JfVM.bWln_GA'bH^9b4zy!6_Lp.YrKG=t~lt)yuC(bAv^oip*[email protected]=PK%=e-_b0RuAPafHeMP][email protected]?]o^m~*'n(%940l`t^{Rhxyv*hZv]yD9&n38SwAvbAGV*[email protected]{-Qv~Yw+7RXK?*n7r]K90Xd)*.Q,.{[email protected]~ukZ1yh92o[1i3Q&G?FAHRQ%kQs(-''*.Q,.{[email protected]~ukZ1yh92obfnI^'[email protected]($wvV}Bwv3siJ*rJh8`w&fD*BdGlNdbp[G)`[email protected]~NzkP%O"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"M2833941"="plbwio7--=ADHS[[email protected]&$h62ZZNqfFOXO*vD*g(HTy?VXB]2d]12Vza)%[={6d9dy&hP*`7%[email protected]?l+pA*w?($%lB,J[3,aLAz3av9?OnlLvi%In?=RF?ANWwyY6unlbxeg9hL-C?e]RwuShlu=bmbdCiaT7?c_)gkQwc(d00}qZ=`RaAFZQ{?{DArt,[email protected]?-Q++qW2k2-1uFP6,,9}RZKY3'J(%C)z]OrW%R=wF2GW{[email protected]]9]5,Sm%4[C+^'5*]IAel?w8MnWaY[JfVM.bWln_GA'bH^9b4zy!6_Lp.YrKG=t~lt)yuC(bAv^oip*[email protected]=PK%=e-_b0RuAPafHeMP][email protected]?]o^m~*'n(%940l`t^{Rhxyv*hZv]yD9&n38SwAvbAGV*[email protected]{-Qv~Yw+7RXK?*n7r]K90Xd)*.Q,.{[email protected]~ukZ1yh92o[1i3Q&G?FAHRQ%kQs(-''*.Q,.{[email protected]~ukZ1yh92obfnI^'[email protected]($wvV}[email protected]%u&3jAnF4vSn%$Vf-FM?QFuyGe*Vhx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXAGENT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXAGENT\0000]
"Service"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXAGENT\0000]
"DeviceDesc"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCF\0000]
"Service"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCF\0000]
"DeviceDesc"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCFG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCFG\0000]
"Service"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXCFG\0000]
"DeviceDesc"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFILE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFILE\0000]
"Service"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFILE\0000]
"DeviceDesc"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFW\0000]
"Service"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXFW\0000]
"DeviceDesc"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSBX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSBX\0000]
"Service"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSBX\0000]
"DeviceDesc"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSTART]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSTART\0000]
"Service"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KMXSTART\0000]
"DeviceDesc"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXAGENT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXAGENT\0000]
"Service"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXAGENT\0000]
"DeviceDesc"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCF\0000]
"Service"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCF\0000]
"DeviceDesc"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCFG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCFG\0000]
"Service"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXCFG\0000]
"DeviceDesc"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFILE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFILE\0000]
"Service"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFILE\0000]
"DeviceDesc"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFW\0000]
"Service"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXFW\0000]
"DeviceDesc"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSBX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSBX\0000]
"Service"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSBX\0000]
"DeviceDesc"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSTART]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSTART\0000]
"Service"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KMXSTART\0000]
"DeviceDesc"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXAGENT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXAGENT\0000]
"Service"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXAGENT\0000]
"DeviceDesc"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCF\0000]
"Service"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCF\0000]
"DeviceDesc"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCFG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCFG\0000]
"Service"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXCFG\0000]
"DeviceDesc"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFILE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFILE\0000]
"Service"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFILE\0000]
"DeviceDesc"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFW\0000]
"Service"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXFW\0000]
"DeviceDesc"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSBX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSBX\0000]
"Service"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSBX\0000]
"DeviceDesc"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSTART]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSTART\0000]
"Service"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_KMXSTART\0000]
"DeviceDesc"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXAGENT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXAGENT\0000]
"Service"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXAGENT\0000]
"DeviceDesc"="KmxAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCF]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCF\0000]
"Service"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCF\0000]
"DeviceDesc"="KmxCF"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCFG]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCFG\0000]
"Service"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXCFG\0000]
"DeviceDesc"="KmxCfg"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFILE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFILE\0000]
"Service"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFILE\0000]
"DeviceDesc"="KmxFile"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFW]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFW\0000]
"Service"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXFW\0000]
"DeviceDesc"="KmxFw"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSBX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSBX\0000]
"Service"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSBX\0000]
"DeviceDesc"="KmxSbx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSTART]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSTART\0000]
"Service"="KmxStart"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KMXSTART\0000]
"DeviceDesc"="KmxStart"
[HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\rpplugins\PluginHandlerData\PluginInfo1]
@="D~XhQYabJitWkmHuobmCdFLpQ==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~Xxz1o1BmLU06ODPfQwm5QVw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XeWtoVH+PkkK6CxbP8MgRqA==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XmJmmKBElw0yadMrBZhGe0Q==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XTL/NRyDGR0yH0fwC2pKcWw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XbIz1IzqqrUOYZVvWNpUnjg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XO3MSrJhZMUC/pz+1OzVxOg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XEPPsQ6a7Vk2lDkK5TiLtfw==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XxOit5O71f0S7yJ8uX6mITA==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~ComponentCLSID~XlFclZ7SP/0Wjr/FeNgoVGg==}{LoadMultiple~N1~PluginFilename~Spdge3260.dll~Com
[HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-1003\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\rpplugins\PluginHandlerData\PluginInfo3]
@="rolactor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XJpZAm/6YuE6BAfaLHDlzUQ==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpvideowindow~PluginFilename~Srpmn3260.dll~ComponentCLSID~XupjUR5UPr0O0CB30jQMo5g==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpvideoresizerwindow~PluginFilename~Srpmn3260.dll~ComponentCLSID~XHL7W4qblBkiPePKPSDLXwg==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:rpcontentwindowlayout~PluginFilename~Srpmn3260.dll~ComponentCLSID~XUNUn2AwMzkO3b2Gel1TQtg==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:RPPlayControlsActor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XNBuKyY7eCkO3ZYUW1tsBWA==}{LoadMultiple~N1~ComponentName~Shttp://ns.real.com/gemini.v1:RPMessageActor~PluginFilename~Srpmn3260.dll~ComponentCLSID~XcLqkH1AQvEiyzeR+VwgVCg==}{LoadMultiple~N1~ComponentName~Sht
Searching for "avast"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\00avast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWHWID\0000]
"DeviceDesc"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWRVRT\0000]
"DeviceDesc"="avast! Revert"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWVMM\0000]
"DeviceDesc"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"DeviceDesc"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWHWID\0000]
"DeviceDesc"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWRVRT\0000]
"DeviceDesc"="avast! Revert"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ASWVMM\0000]
"DeviceDesc"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"DeviceDesc"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ASWHWID\0000]
"DeviceDesc"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ASWRVRT\0000]
"DeviceDesc"="avast! Revert"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ASWVMM\0000]
"DeviceDesc"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"DeviceDesc"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswHwid]
"DisplayName"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswHwid]
"Description"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswMonFlt]
"Description"="avast! mini-filter driver (aswMonFlt)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswRdr]
"Description"="Avast! WFP Redirect Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswRvrt]
"DisplayName"="avast! Revert"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswRvrt\Parameters\1404905615437]
"SetupOperations"="DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1404905615437") DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x86\aswsp.sys.1404905615437") DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x86\aswsp.sys.sum.1404905615437")"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswRvrt\Parameters\1404905615890]
"SetupOperations"="MoveFile("\??\c:\program files\avast software\avast\ashbase.dll.1404905615890","\??\c:\program files\avast software\avast\ashbase.dll",TRUE) MoveFile("\??\c:\program files\avast software\avast\ashbase.dll.sum.1404905615890","\??\c:\program files\avast software\avast\ashbase.dll.sum",TRUE) MoveFile("\??\c:\program files\avast software\avast\ashmaisv.dll.1404905615890","\??\c:\program files\avast software\avast\ashmaisv.dll",TRUE) MoveFile("\??\c:\program files\avast software\avast\ashmaisv.dll.sum.1404905615890","\??\c:\program files\avast software\avast\ashmaisv.dll.sum",TRUE) MoveFile("\??\c:\program files\avast software\avast\aswcommchannel.dll.1404905615890","\??\c:\program files\avast software\avast\aswcommchannel.dll",TRUE) MoveFile("\??\c:\program files\avast software\avast\aswcommchannel.dll.sum.1404905615890","\??\c:\program files\avast software\avast\aswcommchannel.dll.sum",TRUE)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSnx]
"Description"="Avast! Virtualization Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSnx\Parameters]
"ProgramFolder"="\??\C:\Program Files\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSnx\Parameters]
"DataFolder"="\??\C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSP]
"Description"="avast! Self Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSP\Parameters]
"ProgramFolder"="\??\C:\Program Files\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswSP\Parameters]
"DataFolder"="\??\C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswVmm]
"DisplayName"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswVmm]
"Description"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avast! Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avast! Antivirus]
"ImagePath"=""C:\Program Files\AVAST Software\Avast\AvastSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avast! Antivirus]
"DisplayName"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avast! Antivirus]
"Description"="Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWHWID\0000]
"DeviceDesc"="avast! HardwareID"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWRVRT\0000]
"DeviceDesc"="avast! Revert"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWVMM\0000]
"DeviceDesc"="avast! VM Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"DeviceDesc"="avast! Antivirus"
Searching for "grimefighter"
No data found.
-= EOF =-.


----------



## Cookiegal (Aug 27, 2003)

There are still lots of remnants of Avast and some of CA. When you uninstalled Avast did you run the removal tool? If not, please download and run it now.

http://www.avast.com/en-ca/uninstall-utility

Then reboot the machine and run it a second time.

Reboot again and run SystemLook again with the following script and post that log:


```
:filefind
*avast*
:folderfind
*avast*
:regfind
avast
```


----------



## 7dees (Oct 4, 2009)

Please note: 
Since your instructions on correcting the boot issue the machine starts flawlessly runs well and all user functions appear to work with one exception; starting from the blue screen.
At some point before all of the boot issues I had tried to backup personal files, photos and music to a 1TB hard drive however the BSOD (no details were noted) occured. That's when I suspected a virus which brings us forward to the virus scan BSOD issue.

Last night I ran Bit Defender and again the BSOD occured. However from the blue screen I have to turn the machine on and off multiple times to get it to start. Sometimes it will run the fan at high speed other times it gives a trouble light code regarding RAM but I believe that RAM is not the issue because I have replaced ram with fresh sticks that I have on hand.

My guess now is hard drive failure or error. 
Here are some screen shots:

Not sure how to get the photos to stick if they do not arrive in the body of this note.


----------



## 7dees (Oct 4, 2009)




----------



## 7dees (Oct 4, 2009)




----------



## 7dees (Oct 4, 2009)

I then tried to run the Avast tool as instructed but could not find instances of avast within the tree.


----------



## Cookiegal (Aug 27, 2003)

If you go to C:\Windows\Minidump folder is there a file that looks like this (where the Xs would be the date, i.e. 080914?

Minixxxxxx-01.dmp


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## 7dees (Oct 4, 2009)

Returned a short time ago to this again and I'm still trying to restart the machine.


----------



## 7dees (Oct 4, 2009)

OK it is running the check disk now and I will post your last request when that completes.


----------



## 7dees (Oct 4, 2009)

Yes there are many mini dump files you asked about.
Here is the log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/08/2014 2:05:25 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/08/2014 8:27:17 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 
Log: 'Application' Date/Time: 02/08/2014 7:30:09 AM
Type: error Category: 50
Event: 4609 Source: EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Log: 'Application' Date/Time: 02/08/2014 7:29:47 AM
Type: error Category: 50
Event: 4609 Source: EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Log: 'Application' Date/Time: 22/07/2014 8:48:11 PM
Type: error Category: 50
Event: 4609 Source: EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Log: 'Application' Date/Time: 22/07/2014 8:47:53 PM
Type: error Category: 50
Event: 4609 Source: EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Log: 'Application' Date/Time: 20/07/2014 5:34:22 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. 
Log: 'Application' Date/Time: 20/07/2014 5:28:16 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00063285. 
Log: 'Application' Date/Time: 16/07/2014 8:45:12 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/08/2014 1:45:20 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Log: 'Application' Date/Time: 07/08/2014 10:50:22 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user KITCHEN\Dave registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 
Log: 'Application' Date/Time: 16/07/2014 9:11:54 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user KITCHEN\Dave registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 
Log: 'Application' Date/Time: 16/07/2014 9:11:30 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 
Log: 'Application' Date/Time: 16/07/2014 8:30:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user KITCHEN\Dave registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 
Log: 'Application' Date/Time: 16/07/2014 8:30:04 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 
Log: 'Application' Date/Time: 14/07/2014 10:25:07 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user KITCHEN\Terri registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 
Log: 'Application' Date/Time: 08/07/2014 7:40:41 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user KITCHEN\Dave registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/08/2014 1:52:24 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 00000034, parameter2 00000002, parameter3 00000000, parameter4 f7b1cfef. 
Log: 'System' Date/Time: 09/08/2014 1:51:38 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 
Log: 'System' Date/Time: 09/08/2014 1:51:08 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 
Log: 'System' Date/Time: 09/08/2014 1:43:54 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The specified driver is invalid. 
Log: 'System' Date/Time: 09/08/2014 1:43:54 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Server service terminated with the following error: The specified driver is invalid. 
Log: 'System' Date/Time: 09/08/2014 1:43:38 PM
Type: error Category: 0
Event: 18 Source: Ma730Pt
The event description cannot be found.
Log: 'System' Date/Time: 09/08/2014 1:43:28 PM
Type: error Category: 0
Event: 23 Source: Print
Printer HP OfficeJet T Series Printer failed to initialize because a suitable HP OfficeJet T Series Printer driver could not be found. 
Log: 'System' Date/Time: 09/08/2014 9:25:23 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 
Log: 'System' Date/Time: 09/08/2014 9:24:52 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. 
Log: 'System' Date/Time: 09/08/2014 9:23:24 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The specified driver is invalid. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/08/2014 1:43:36 PM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 09/08/2014 11:54:24 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 
Log: 'System' Date/Time: 09/08/2014 9:23:14 AM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 09/08/2014 9:07:12 AM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 09/08/2014 8:26:02 AM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 08/08/2014 10:41:55 PM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 08/08/2014 10:33:07 PM
Type: warning Category: 0
Event: 2508 Source: Server
The server service was unable to load the server driver. 
Log: 'System' Date/Time: 08/08/2014 10:20:47 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Officejet Pro L7600 series fax was deleted. 
Log: 'System' Date/Time: 08/08/2014 10:20:47 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer HP Officejet Pro L7600 series fax is pending deletion. 
Log: 'System' Date/Time: 08/08/2014 10:14:16 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Officejet Pro L7600 series was deleted.


----------



## Cookiegal (Aug 27, 2003)

Download BlueScreenView (it's a zip file) from the following link and save it to your desktop:

http://www.nirsoft.net/utils/blue_screen_view.html

Unzip the file and double-click on the BlueScreenView.exe file to run the program.

When the scan is finished go to Edit - Select All and then go to File - Save Selected Items and save the report as BSOD.txt.

Open the BSOD.txt file in Notepad and copy and paste its contents here please.


----------



## 7dees (Oct 4, 2009)

==================================================
Dump File : Mini080914-03.dmp
Crash Time : 8/9/2014 4:24:08 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini080914-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
Dump File Time : 8/9/2014 8:29:15 PM
==================================================
==================================================
Dump File : Mini080914-02.dmp
Crash Time : 8/9/2014 12:05:55 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini080914-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
Dump File Time : 8/9/2014 1:43:11 PM
==================================================
==================================================
Dump File : Mini080914-01.dmp
Crash Time : 8/9/2014 1:12:33 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini080914-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
Dump File Time : 8/9/2014 8:25:29 AM
==================================================
==================================================
Dump File : Mini072014-03.dmp
Crash Time : 7/20/2014 3:59:53 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8a1119f8
Parameter 3 : 0x8a111b6c
Parameter 4 : 0x80605682
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+15ebcc
Stack Address 2 : ntoskrnl.exe+12e640
Stack Address 3 : ntoskrnl.exe+69ab
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini072014-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/20/2014 4:47:57 PM
==================================================
==================================================
Dump File : Mini072014-02.dmp
Crash Time : 7/20/2014 8:48:49 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini072014-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/20/2014 9:01:31 AM
==================================================
==================================================
Dump File : Mini072014-01.dmp
Crash Time : 7/19/2014 7:15:19 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini072014-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/20/2014 8:42:45 AM
==================================================
==================================================
Dump File : Mini071314-02.dmp
Crash Time : 7/13/2014 2:39:17 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini071314-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/13/2014 9:43:59 PM
==================================================
==================================================
Dump File : Mini071314-01.dmp
Crash Time : 7/13/2014 7:54:52 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini071314-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/13/2014 8:12:47 AM
==================================================
==================================================
Dump File : Mini071214-01.dmp
Crash Time : 7/12/2014 1:42:08 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xf78b2d24
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini071214-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/12/2014 5:52:40 PM
==================================================
==================================================
Dump File : Mini070714-01.dmp
Crash Time : 7/7/2014 9:48:46 AM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xaefd5c34
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070714-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/7/2014 11:32:33 AM
==================================================
==================================================
Dump File : Mini062914-01.dmp
Crash Time : 6/29/2014 1:06:07 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1  : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini062914-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 6/29/2014 3:54:55 PM
==================================================
==================================================
Dump File : Mini061914-01.dmp
Crash Time : 6/19/2014 3:24:04 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf8137b9
Parameter 3 : 0x99d0726c
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+137b9
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6514 (xpsp_sp3_qfe.140207-0419)
Processor : 32-bit
Crash Address : win32k.sys+137b9
Stack Address 1 : win32k.sys+12b82
Stack Address 2 : win32k.sys+1401d
Stack Address 3 : win32k.sys+c75d
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini061914-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 6/19/2014 9:53:51 PM
==================================================
==================================================
Dump File : Mini061514-01.dmp
Crash Time : 6/15/2014 1:05:32 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1d802
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+13802
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+13802
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini061514-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 6/15/2014 8:44:14 AM
==================================================
==================================================
Dump File : Mini052514-02.dmp
Crash Time : 5/25/2014 12:47:58 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini052514-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/25/2014 12:49:33 PM
==================================================
==================================================
Dump File : Mini052514-01.dmp
Crash Time : 5/25/2014 10:25:05 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xcaa80000
Parameter 2 : 0x00000000
Parameter 3 : 0x8059426c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+bd26c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+bd26c
Stack Address 1 : ntoskrnl.exe+a1fc0
Stack Address 2 : ntoskrnl.exe+a166a
Stack Address 3 : ntoskrnl.exe+9befe
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini052514-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/25/2014 12:20:57 PM
==================================================
==================================================
Dump File : Mini051714-04.dmp
Crash Time : 5/17/2014 4:15:31 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x89d8c978
Parameter 3 : 0x89d8caec
Parameter 4 : 0x80605682
Caused By Driver : aswSP.sys
Caused By Address : aswSP.sys+8762
File Description : 
Product Name : 
Company : 
File Version : 
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+15ebcc
Stack Address 2 : ntoskrnl.exe+12e640
Stack Address 3 : ntoskrnl.exe+69ab
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini051714-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/17/2014 4:27:01 PM
==================================================
==================================================
Dump File : Mini051714-03.dmp
Crash Time : 5/17/2014 3:49:43 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini051714-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/17/2014 4:10:34 PM
==================================================
==================================================
Dump File : Mini051714-02.dmp
Crash Time : 5/17/2014 2:43:13 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1d7db
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+137db
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+137db
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini051714-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/17/2014 3:15:35 PM
==================================================
==================================================
Dump File : Mini051714-01.dmp
Crash Time : 5/17/2014 11:59:01 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1ceb7
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12eb7
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12eb7
Stack Address 1 : iaStor.sys+13cf3
Stack Address 2 : iaStor.sys+25b2e
Stack Address 3 : ntoskrnl.exe+b325
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini051714-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/17/2014 12:43:58 PM
==================================================
==================================================
Dump File : Mini042914-01.dmp
Crash Time : 4/29/2014 11:30:21 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe332101c
Parameter 2 : 0x00000000
Parameter 3 : 0xbf84ca7c
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+4ca7c
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6514 (xpsp_sp3_qfe.140207-0419)
Processor : 32-bit
Crash Address : win32k.sys+4ca7c
Stack Address 1 : win32k.sys+4cff2
Stack Address 2 : win32k.sys+4cd32
Stack Address 3 : ntoskrnl.exe+69ab
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini042914-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 4/29/2014 12:48:41 PM
==================================================
==================================================
Dump File : Mini042014-01.dmp
Crash Time : 4/20/2014 1:05:01 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1ceb7
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12eb7
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12eb7
Stack Address 1 : iaStor.sys+13cf3
Stack Address 2 : iaStor.sys+25ad6
Stack Address 3 : iaStor.sys+280ca
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini042014-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 4/20/2014 7:35:41 AM
==================================================
==================================================
Dump File : Mini041314-01.dmp
Crash Time : 4/13/2014 6:04:04 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x9f756ca0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini041314-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 4/13/2014 6:43:37 PM
==================================================
==================================================
Dump File : Mini112113-01.dmp
Crash Time : 11/21/2013 1:27:37 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x973f6cbc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini112113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 11/21/2013 1:38:54 PM
==================================================
==================================================
Dump File : Mini111013-02.dmp
Crash Time : 11/10/2013 8:53:09 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xba6a9cbc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini111013-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 11/10/2013 10:05:32 PM
==================================================
==================================================
Dump File : Mini111013-01.dmp
Crash Time : 11/10/2013 8:29:47 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini111013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 11/10/2013 8:58:06 AM
==================================================
==================================================
Dump File : Mini110913-02.dmp
Crash Time : 11/9/2013 7:57:42 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini110913-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 11/9/2013 8:35:46 PM
==================================================
==================================================
Dump File : Mini110913-01.dmp
Crash Time : 11/9/2013 7:19:44 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini110913-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 11/9/2013 7:53:32 PM
==================================================
==================================================
Dump File : Mini100913-01.dmp
Crash Time : 10/6/2013 6:40:23 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini100913-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 10/9/2013 9:02:43 PM
==================================================
==================================================
Dump File : Mini100613-03.dmp
Crash Time : 10/6/2013 10:50:45 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini100613-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 10/6/2013 10:52:14 AM
==================================================
==================================================
Dump File : Mini100613-02.dmp
Crash Time : 10/6/2013 9:50:20 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini100613-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 10/6/2013 10:40:19 AM
==================================================
==================================================
Dump File : Mini100613-01.dmp
Crash Time : 10/6/2013 8:57:06 AM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xf7686c4c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini100613-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 10/6/2013 9:09:43 AM
==================================================
==================================================
Dump File : Mini093013-01.dmp
Crash Time : 9/29/2013 8:31:47 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1d802
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+13802
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+13802
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini093013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 9/30/2013 6:04:24 AM
==================================================
==================================================
Dump File : Mini092813-02.dmp
Crash Time : 9/28/2013 12:16:30 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000034
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1cfef
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+12fef
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+12fef
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini092813-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 9/28/2013 1:06:37 PM
==================================================
==================================================
Dump File : Mini092813-01.dmp
Crash Time : 9/27/2013 11:42:50 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc0000185
Parameter 2 : 0xc0000185
Parameter 3 : 0x00000000
Parameter 4 : 0x01bcf000
Caused By Driver : 
Caused By Address : +60672
File Description : 
Product Name : 
Company : 
File Version : 
Processor : 32-bit
Crash Address : +60672
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini092813-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 9/28/2013 9:45:51 AM
==================================================
==================================================
Dump File : Mini090113-01.dmp
Crash Time : 9/1/2013 4:02:55 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf7b1d802
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+13802
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+13802
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini090113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 9/1/2013 7:24:45 AM
==================================================
==================================================
Dump File : Mini081013-01.dmp
Crash Time : 8/10/2013 2:32:04 AM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8b7f2ca0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini081013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 8/10/2013 8:53:10 AM
==================================================
==================================================
Dump File : Mini070713-01.dmp
Crash Time : 7/7/2013 7:44:13 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xf7763398
Parameter 3 : 0xf7763094
Parameter 4 : 0xc000045c
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+dff0
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+31033
Stack Address 3 : ntoskrnl.exe+a343
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070713-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 7/7/2013 10:02:52 PM
==================================================
==================================================
Dump File : Mini070513-02.dmp
Crash Time : 7/5/2013 2:48:50 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf73fd802
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+13802
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+13802
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070513-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/5/2013 5:14:31 AM
==================================================
==================================================
Dump File : Mini070513-01.dmp
Crash Time : 7/4/2013 11:47:55 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xaa5742b4
Parameter 3 : 0xaa573fb0
Parameter 4 : 0xc000045c
Caused By Driver : VolSnap.sys
Caused By Address : VolSnap.sys+51a
File Description : Volume Shadow Copy Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+31033
Stack Address 3 : ntoskrnl.exe+a343
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070513-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 7/5/2013 12:01:59 AM
==================================================
==================================================
Dump File : Mini062313-01.dmp
Crash Time : 6/23/2013 3:32:38 AM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xaa409c2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+60672
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+4ec1d
Stack Address 2 : ntoskrnl.exe+148c4
Stack Address 3 : ntoskrnl.exe+112cc
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini062313-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 6/23/2013 8:34:44 AM
==================================================
==================================================
Dump File : Mini061613-01.dmp
Crash Time : 6/16/2013 3:49:44 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000028
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf73fd802
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+13802
File Description : Intel Matrix Storage Manager driver
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 5.0.1.1001
Processor : 32-bit
Crash Address : iaStor.sys+13802
Stack Address 1 : iaStor.sys+ef94
Stack Address 2 : ntoskrnl.exe+afed
Stack Address 3 : ntoskrnl.exe+5d22
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini061613-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 6/16/2013 10:55:25 AM
==================================================
==================================================
Dump File : Mini101312-01.dmp
Crash Time : 10/13/2012 12:01:01 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0xbe76c8b4
Parameter 3 : 0x00000000
Parameter 4 : 0xed441c2c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6070a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+4ecb5
Stack Address 2 : ntoskrnl.exe+147b7
Stack Address 3 : ntoskrnl.exe+11343
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini101312-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 10/13/2012 12:18:54 PM
==================================================
==================================================
Dump File : Mini051210-01.dmp
Crash Time : 5/12/2010 2:24:57 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xeacc8f54
Parameter 2 : 0x00000000
Parameter 3 : 0xbf08bac6
Parameter 4 : 0x00000001
Caused By Driver : ati2cqag.dll
Caused By Address : ati2cqag.dll+28ac6
File Description : Central Memory Manager / Queue Server Module
Product Name : ATI Radeon Family
Company : ATI Technologies Inc.
File Version : 6.14.10.0495
Processor : 32-bit
Crash Address : ati2cqag.dll+28ac6
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini051210-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 5/12/2010 2:25:30 PM
==================================================
==================================================
Dump File : Mini031910-01.dmp
Crash Time : 3/19/2010 7:03:33 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x87956d08
Parameter 2 : 0x00000000
Parameter 3 : 0xe4ac6be9
Parameter 4 : 0x00000000
Caused By Driver : ati3duag.dll
Caused By Address : ati3duag.dll+109648
File Description : ati3duag.dll
Product Name : ATI Technologies Inc. Radeon DirectX Universal Driver
Company : ATI Technologies Inc.
File Version : 6.14.10.0812
Processor : 32-bit
Crash Address : 
Stack Address 1 : ati3duag.dll+109648
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini031910-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 3/19/2010 7:04:25 PM
==================================================
==================================================
Dump File : Mini021710-01.dmp
Crash Time : 2/17/2010 5:25:52 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xea8c0b08
Parameter 2 : 0x00000000
Parameter 3 : 0xbf2a3748
Parameter 4 : 0x00000001
Caused By Driver : ati3duag.dll
Caused By Address : ati3duag.dll+f6748
File Description : ati3duag.dll
Product Name : ATI Technologies Inc. Radeon DirectX Universal Driver
Company : ATI Technologies Inc.
File Version : 6.14.10.0812
Processor : 32-bit
Crash Address : ati3duag.dll+f6748
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini021710-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 2/17/2010 5:26:28 PM
==================================================
==================================================
Dump File : Mini012010-01.dmp
Crash Time : 1/20/2010 6:33:47 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8070194f
Parameter 3 : 0xf79b7c30
Parameter 4 : 0xf79b792c
Caused By Driver : hal.dll
Caused By Address : hal.dll+294f
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+294f
Stack Address 1 : fltmgr.sys+17b6c
Stack Address 2 : fltmgr.sys+190ba
Stack Address 3 : fltmgr.sys+b8f7
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini012010-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
Dump File Time : 1/20/2010 6:38:14 PM
==================================================
==================================================
Dump File : Mini070709-02.dmp
Crash Time : 7/7/2009 8:42:07 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : nv4_mini.sys
Caused By Address : nv4_mini.sys+31576
File Description : NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.24
Product Name : NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.24
Company : NVIDIA Corporation
File Version : 6.14.10.7124
Processor : 32-bit
Crash Address : hal.dll+ef7
Stack Address 1 : ntoskrnl.exe+30a4
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070709-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 7/7/2009 8:43:58 PM
==================================================
==================================================
Dump File : Mini070709-01.dmp
Crash Time : 7/7/2009 8:37:06 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x7e344334
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xf64cc1e8
Caused By Driver : nv4_mini.sys
Caused By Address : nv4_mini.sys+721e8
File Description : NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.24
Product Name : NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.24
Company : NVIDIA Corporation
File Version : 6.14.10.7124
Processor : 32-bit
Crash Address : nv4_mini.sys+721e8
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini070709-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 7/7/2009 8:38:27 PM
==================================================
==================================================
Dump File : Mini061009-01.dmp
Crash Time : 6/10/2009 12:34:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xad9000e5
Parameter 2 : 0x00000001
Parameter 3 : 0xf7335fff
Parameter 4 : 0x00000000
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+79fff
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : Ntfs.sys+79fff
Stack Address 1 : Ntfs.sys+81fae
Stack Address 2 : Ntfs.sys+15a6e
Stack Address 3 : Ntfs.sys+d999
Computer Name : 
Full Path : C:\WINDOWS\Minidump\Mini061009-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 6/10/2009 8:39:32 PM
==================================================


----------



## Cookiegal (Aug 27, 2003)

What is the make and model of the computer?

It looks like the problem is with the Intel Matrix Storage Manager driver so we'll see if we can find a newer one.


----------



## 7dees (Oct 4, 2009)

Frequent blue screens now seemingly since removing all the HP software and running the bitdefender software.

Dell Dimension 8400

The following three lines describing the two hard drives is from the build info below.

7J5971Hard Drive, 160GB, Serial ATA 7.2K, 8MB, NATIVE COMMAND QUEUEING, Seagate
7J5971Hard Drive, 160GB, Serial ATA 7.2K, 8MB, NATIVE COMMAND QUEUEING, Seagate
C63551ASSEMBLY, CABLE, Serial ATA, 


Service Tag DWXXXXX
Computer Model Dell Dimension 8400
Shipping Date 12/6/2004
Country United States
Components
Part Number Quantity Description
C38271PROCESSOR, 80547, PENTIUM 4 PRESCOTT DT, Pentium 4 Prescott DT, 3.4GHZ, 1 MEGB, 800FSB, SKT-T
N68351INSTRUCTION, DEVIATE FOR CHAS L5.5/L6
702EX1INFORMATION, PREPARATION MATERIAL, DEVIATION, PRECISION WORKSTATION, INCREASE, #1
T01851KIT, KEYBOARD, MOUSE, 104, UNITED STATES, WIRELESS, NMB
W37682DUAL IN-LINE MEMORY MODULE, 512, 533M, 64X64, 8, 240, 1RX8
K51981ASSEMBLY, REMOVABLE MEDIA STORAGE, UNIVERSAL SERIAL BUS, 64M, M-SYSTEMS
J25231KIT, SPEAKER, 120V, DELL5650, DELL AMERICAS ORGANIZATION
X27491MODEM, V.92, DATA FAX, INTERNAL, DONNY, DELL AMERICAS ORGANIZATION
J24271DIGITAL VIDEO DISK DRIVE, 17G, 16X, I, 5.25" FORM FACTOR, LITEON, CHASSIS 2001, V5
P78751ASSEMBLY, DVD+/-RW, 16X, HALF HEIGHT, NEC CORPORATION, CHASSIS 2001
R72401CARD (CIRCUIT), GRAPHICS, 256, 6800, UHMGA11-B
7J5971Hard Drive, 160GB, Serial ATA 7.2K, 8MB, NATIVE COMMAND QUEUEING, Seagate
7J5971Hard Drive, 160GB, Serial ATA 7.2K, 8MB, NATIVE COMMAND QUEUEING, Seagate
C63551ASSEMBLY, CABLE, Serial ATA, TRANSFORMER SKY DIVE MINITOWER, 2.0
P18601Kit, Software, OFCPRO-2K3 Original Equipment Manufacturer, English
G76241Kit, Software, Overpack, WXPPSP2 Compact Diskette W/Documentation, English
P71281KIT, DOCUMENTATON ON FLOPPY DISK, SOFTWARE, POWERDVD, 5.3
U49311Display, Flat Panel, 17, DUAL VOLTAGE, E173FPB, MIDNIGHT GRAY, DELL AMERICAS ORGANIZATION


----------



## 7dees (Oct 4, 2009)

Update: 
Blue screens were constant since running the Bitdefender scan Friday night after uninstalling the HP printer software. Because it was so bad I ran a system restore from safe mode with networking this morning. Now Bitdefender has become unresponsive and further reading on the subject indicates a Malwarebytes conflict. 
Bitdefender has quarantined the following file:
View attachment 234257

Also when the system restore completed both Malwarebytes and Bitdefender were turned off. I was able to manually start MAB but BD keeps prompting to restart but doing so has no effect.







It is difficult trying to select a virus protection solution at this point with the sun setting on XP so my goal now over the next week is taking the system offline disable the conflicting software and backup all my personal files which is what lead me to this point in the first place.

Back to my earlier comment your suggestions corrected all the boot issues and again the machine appears to be in a state that will tolerate a drag and drop method of file back-up at this point.

FYI-The iastor blue screen has not reoccurred since system restore this morning.


----------



## 7dees (Oct 4, 2009)




----------



## Cookiegal (Aug 27, 2003)

What are your intentions for this machine? Are you going to replace it with a newer system? This would be recommended as running XP now after the end of extended support is risky.

What date did your restore back to? This may have created other issues. It would have been better to uninstall MBAM and/or Bit Defender first to see if that fixed the issue. Once programs are broken by a restore it's difficult to uninstall them.

The iastor errors were occurring well before Bit Defender was installed.

Also, when you initially ran Bit Defender, did it detect anything? The screenshot shows what appears to be a false positive.


----------



## 7dees (Oct 4, 2009)

Cookiegal said:


> What are your intentions for this machine? Are you going to replace it with a newer system? This would be recommended as running XP now after the end of extended support is risky.
> 
> What date did your restore back to? This may have created other issues. It would have been better to uninstall MBAM and/or Bit Defender first to see if that fixed the issue. Once programs are broken by a restore it's difficult to uninstall them.
> 
> ...


Reply:
I plan to eventually replace the machine with something but still not sure with what. My intention now is to preserve all personal data. The entire family uses personal tablets or smart phones as primary devices however this system serves as a central part of the home for checking e-mail, camera downloading, print center and music repository.

The restore point that I selected was Friday, August 8th prior to removing th HP software(that has not been reinstalled) and before running Bit Defender.

When I did run Bit Defender I experienced the BSOD at some point and it apparently did not complete. The only thing it found was the false positive that you noted.

Note: After recovering from that blue screen event and while the machine was running the check disc program it stopped or froze and had to be rebooted.

Thank you


----------



## Cookiegal (Aug 27, 2003)

OK, thanks for the clarification.

So what would you like help with from this point forward?


----------



## 7dees (Oct 4, 2009)

When I have completed the data backup I would like to address the iastor issue if possible.


----------



## Cookiegal (Aug 27, 2003)

OK, please post back here when you're ready. When you do post back you can provide the following report please.

Please go to *Sart *- *Run *- type in *dxdiag *and click OK. It will open a screen called DirectX Diagnostic Tool which will run for a minute to collect information from the system. Once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


----------



## 7dees (Oct 4, 2009)

Hello, I have been having a lot of trouble today and just now got the machine back up into safe mode with networking. I really can't proceed as planned with the system so unstable.

I ran the dxdiag and noticed that the system is using a generic video driver. I had replaced the original nvidia card with the ATI Radeon HD 4300/4500 series card at one time but don't recall what I did about drivers. 

Here is the DxDiag.txt:

------------------
System Information
------------------
Time of this report: 8/10/2014, 21:13:53
Machine name: KITCHEN
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_qfe.130704-0421)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc. 
System Model: Dimension 8400 
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A09
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz
Memory: 3070MB RAM
Page File: 133MB used, 4314MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode
------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: The system is using the generic video driver. Please install video driver provided by the hardware manufacturer. Direct3D functionality not available. You should verify that the driver is a final version from the hardware manufacturer.
Sound Tab 1: No sound card was found. If one is expected, you should install a sound driver provided by the hardware manufacturer.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.
--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)
---------------
Display Devices
---------------
Card name: 
Manufacturer: 
Chip type: 
DAC type: 
Device Key: Enum\
Display Memory: n/a
Current Mode: 1024 x 768 (16 bit) (1Hz)
Monitor: 
Monitor Max Res: 
Driver Name: vga.dll
Driver Version: 5.01.2600.0000 (English)
DDI Version: unknown
Driver Attributes: Final Retail
Driver Date/Size: 8/4/2004 08:00:00, 9344 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: vga.sys
Mini VDD Date: 4/13/2008 14:44:40, 20992 bytes
Device Identifier: {D7B70EE0-4340-11CF-B063-282AAEC2C835}
Vendor ID: 0x0000
Device ID: 0x0000
SubSys ID: 0x00000000
Revision ID: 0x0000
Revision ID: 0x0000
Video Accel: 
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Not Available
D3D Status: Not Available
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run
-------------
Sound Devices
-------------
Description: 
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: 
Manufacturer ID: 
Product ID: 
Type: 
Driver Name: 
Driver Version: 
Driver Attributes: 
 WHQL Logo'd: 
Date and Size: 
Other Files: 
Driver Provider: 
HW Accel Level: Emulation Only
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run
---------------------
Sound Capture Devices
---------------------
-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Registry: OK
Test Result: Not run
-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a
Poll w/ Interrupt: No
Registry: OK
-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x265A
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 14:45:37, 59520 bytes
| Driver: usbd.sys, 8/8/2013 20:55:06, 5376 bytes
----------------
Gameport Devices
----------------
------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 4/13/2008 15:18:00, 52480 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
| 
+ HID Keyboard Device
| Vendor/Product ID: 0x046D, 0xC509
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
| Driver: kbdhid.sys, 4/13/2008 14:39:48, 14592 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
| 
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
| 
+ HID-compliant mouse
| Vendor/Product ID: 0x046D, 0xC509
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes
| Driver: mouhid.sys, 8/4/2004 08:00:00, 12160 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes
----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
DirectPlay Voice Wizard Tests: Full Duplex: , Half Duplex: , Mic: 
DirectPlay Test Result: Not run
Registry: OK
-------------------
DirectPlay Adapters
-------------------
DirectPlay8 TCP/IP Service Provider: Local Area Connection 3 - IPv4 - 
-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s
-------------------------
DirectPlay Lobbyable Apps
-------------------------
------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 93.9 GB
Total Space: 305.2 GB
File System: NTFS
Model: ARRAY
Drive: D:
Model: JLMS DVD-ROM XJ-HD166
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:46, 62976 bytes
Drive: E:
Model: _NEC DVD+-RW ND-3450A
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:46, 62976 bytes
--------------
System Devices
--------------
Name: Intel(R) 82801FB/FBM Ultra ATA Storage Controllers - 266F
Device ID: PCI\VEN_8086&DEV_266F&SUBSYS_01771028&REV_03\3&172E68DD&0&F9
Driver: n/a
Name: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.5512 (English), 4/13/2008 20:11:56, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.5512 (English), 4/13/2008 20:12:42, 129536 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.5512 (English), 4/13/2008 15:16:36, 141056 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:14, 60160 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.5512 (English), 4/13/2008 15:19:42, 146048 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.5512 (English), 4/13/2008 14:45:16, 49408 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.5512 (English), 4/13/2008 20:12:45, 23552 bytes
Driver: C:\WINDOWS\system32\drivers\smwdm.sys, 5.12.0001.5246 (English), 1/27/2005 16:31:06, 260352 bytes
Driver: C:\WINDOWS\system32\drivers\senfilt.sys, 5.10.0000.3614 (English), 9/17/2004 10:02:54, 732928 bytes
Driver: C:\Program Files\Analog Devices\Core\smwdmif.dll, 5.02.0003.0000 (English), 1/27/2005 16:51:30, 286720 bytes
Driver: C:\Program Files\Analog Devices\Core\smax4pnp.exe, 5.02.0000.0005 (English), 10/14/2004 15:42:54, 1404928 bytes
Driver: C:\WINDOWS\system\crlds3d.dll, 4.12.0001.2002 (English), 9/19/2001 13:47:14, 765952 bytes
Driver: C:\WINDOWS\system32\PostProc.dll, 5.02.0000.0007 (English), 10/5/2004 17:10:58, 23040 bytes
Driver: C:\WINDOWS\system32\Edcrypt.dll, 1.00.0000.0008 (English), 9/23/2004 08:55:34, 311296 bytes
Name: Intel(R) 82801FB/FBM SMBus Controller - 266A
Device ID: PCI\VEN_8086&DEV_266A&SUBSYS_01771028&REV_03\3&172E68DD&0&FB
Driver: n/a
Name: Intel(R) 82801FB/FBM PCI Express Root Port - 2662
Device ID: PCI\VEN_8086&DEV_2662&SUBSYS_00000000&REV_03\3&172E68DD&0&E1
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes
Name: Intel(R) 82801FB/FBM PCI Express Root Port - 2660
Device ID: PCI\VEN_8086&DEV_2660&SUBSYS_00000000&REV_03\3&172E68DD&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes
Name: Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C
Device ID: PCI\VEN_8086&DEV_265C&SUBSYS_01771028&REV_03\3&172E68DD&0&EF
Driver: n/a
Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
Device ID: PCI\VEN_8086&DEV_265B&SUBSYS_01771028&REV_03\3&172E68DD&0&EB
Driver: n/a
Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
Device ID: PCI\VEN_8086&DEV_265A&SUBSYS_01771028&REV_03\3&172E68DD&0&EA
Driver: n/a
Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
Device ID: PCI\VEN_8086&DEV_2659&SUBSYS_01771028&REV_03\3&172E68DD&0&E9
Driver: n/a
Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
Device ID: PCI\VEN_8086&DEV_2658&SUBSYS_01771028&REV_03\3&172E68DD&0&E8
Driver: n/a
Name: Intel(R) 82801FR SATA RAID Controller
Device ID: PCI\VEN_8086&DEV_2652&SUBSYS_01771028&REV_03\3&172E68DD&0&FA
Driver: C:\WINDOWS\system32\DRIVERS\iaStor.sys, 5.00.0001.1001 (English), 11/9/2013 22:44:50, 871040 bytes
Name: Intel(R) 82801FB LPC Interface Controller - 2640
Device ID: PCI\VEN_8086&DEV_2640&SUBSYS_00000000&REV_03\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:41, 37248 bytes
Name: Intel(R) 925X PCI Express Root Port - 2585
Device ID: PCI\VEN_8086&DEV_2585&SUBSYS_00000000&REV_04\3&172E68DD&0&08
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes
Name: Intel(R) 925X Memory Controller Hub - 2584
Device ID: PCI\VEN_8086&DEV_2584&SUBSYS_00000000&REV_04\3&172E68DD&0&00
Driver: n/a
Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_D3\3&172E68DD&0&F0
Driver: n/a
Name: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&10F0
Driver: C:\WINDOWS\system32\DRIVERS\IntelC51.sys, 2.15.0036.0000 (English), 3/5/2004 23:14:42, 1233525 bytes
Driver: C:\WINDOWS\system32\DRIVERS\IntelC52.sys, 4.58.0005.0000 (English), 3/5/2004 23:15:34, 647929 bytes
Driver: C:\WINDOWS\system32\DRIVERS\IntelC53.sys, 2.15.0036.0000 (English), 3/5/2004 23:13:52, 60949 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mohfilt.sys, 7.11.0000.0000 (English), 3/5/2004 23:13:38, 37048 bytes
Driver: C:\WINDOWS\system32\intelmoh.dll, 1.00.0000.0000 (English), 3/5/2004 23:13:26, 172032 bytes
Driver: C:\WINDOWS\system32\mhwt.dll, 1.00.0000.0000 (English), 3/5/2004 23:13:12, 53248 bytes
Driver: C:\WINDOWS\system32\IntelCci.dll, 5.00.0000.0000 (English), 3/5/2004 23:12:56, 34293 bytes
Name: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Driver: C:\WINDOWS\system32\DRIVERS\b57xp32.sys, 7.86.0000.0000 (English), 8/23/2004 15:49:30, 121472 bytes
Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_1002&DEV_AA38&SUBSYS_AA381545&REV_00\4&16EC1A1&0&0108
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 12:36:05, 144384 bytes
Name: ATI Radeon HD 4300/4500 Series 
Device ID: PCI\VEN_1002&DEV_954F&SUBSYS_44721545&REV_00\4&16EC1A1&0&0008
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys, 6.14.0010.7164 (English), 1/26/2011 23:34:32, 6406656 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2erec.dll, 1.00.0000.0019 (English), 1/26/2011 22:12:26, 53248 bytes
Driver: C:\WINDOWS\system32\ati2dvag.dll, 6.14.0010.7164 (English), 1/26/2011 22:51:44, 302080 bytes
Driver: C:\WINDOWS\system32\ati2cqag.dll, 6.14.0010.0495 (English), 1/26/2011 22:15:14, 847872 bytes
Driver: C:\WINDOWS\system32\Ati2mdxx.exe, 6.14.0010.2495 (English), 1/26/2011 22:31:52, 26112 bytes
Driver: C:\WINDOWS\system32\ati3duag.dll, 6.14.0010.0812 (English), 1/26/2011 22:42:02, 4029824 bytes
Driver: C:\WINDOWS\system32\ativvaxx.dll, 6.14.0010.0296 (English), 1/26/2011 22:27:08, 2673280 bytes
Driver: C:\WINDOWS\system32\atiicdxx.dat, 12/17/2010 16:00:46, 227587 bytes
Driver: C:\WINDOWS\system32\ativva5x.dat, 1/26/2011 22:26:36, 3 bytes
Driver: C:\WINDOWS\system32\ativva6x.dat, 1/26/2011 22:26:36, 887724 bytes
Driver: C:\WINDOWS\system32\amdpcom32.dll, 6.14.0010.0023 (English), 1/26/2011 22:13:00, 64512 bytes
Driver: C:\WINDOWS\system32\atimpc32.dll, 6.14.0010.0023 (English), 1/26/2011 22:13:00, 64512 bytes
Driver: C:\WINDOWS\system32\atiadlxx.dll, 6.14.0010.1054 (English), 1/26/2011 22:21:34, 196608 bytes
Driver: C:\WINDOWS\system32\ativvaxx.cap, 1/26/2011 22:26:46, 578048 bytes
Driver: C:\WINDOWS\system32\atiapfxx.exe, 6.14.0010.1001 (English), 1/26/2011 22:27:52, 143360 bytes
Driver: C:\WINDOWS\system32\atiapfxx.blb, 1/26/2011 22:27:54, 145280 bytes
Driver: C:\WINDOWS\system32\ativvamv.dll, 6.14.0010.0184 (English), 1/26/2011 22:35:06, 1112576 bytes
Driver: C:\WINDOWS\system32\ATIDDC.DLL, 6.14.0010.0008 (English), 1/26/2011 22:28:46, 53248 bytes
Driver: C:\WINDOWS\system32\atitvo32.dll, 6.14.0010.4200 (English), 1/26/2011 22:21:10, 17408 bytes
Driver: C:\WINDOWS\system32\ativcoxx.dll, 6.13.0010.0005 (English), 11/9/2001 16:01:04, 24064 bytes
Driver: C:\WINDOWS\system32\ati2evxx.exe, 6.14.0010.4250 (English), 1/26/2011 22:30:10, 638976 bytes
Driver: C:\WINDOWS\system32\ati2evxx.dll, 6.14.0010.4179 (English), 1/26/2011 22:31:30, 188416 bytes
Driver: C:\WINDOWS\system32\atipdlxx.dll, 6.14.0010.2563 (English), 1/26/2011 22:32:14, 212992 bytes
Driver: C:\WINDOWS\system32\Oemdspif.dll, 6.15.0006.0006 (English), 1/26/2011 22:32:00, 155648 bytes
Driver: C:\WINDOWS\system32\ati2edxx.dll, 6.14.0010.2514 (English), 1/26/2011 22:31:44, 43520 bytes
Driver: C:\WINDOWS\system32\atikvmag.dll, 6.14.0010.0147 (English), 1/26/2011 22:23:52, 651264 bytes
Driver: C:\WINDOWS\system32\ATIDEMGX.dll, 2.00.4043.32183 (English), 1/26/2011 22:52:48, 462848 bytes
Driver: C:\WINDOWS\system32\aticaldd.dll, 6.14.0010.1016 (English), 1/26/2011 22:59:38, 4636672 bytes
Driver: C:\WINDOWS\system32\aticalrt.dll, 6.14.0010.1016 (English), 1/26/2011 23:01:02, 57344 bytes
Driver: C:\WINDOWS\system32\aticalcl.dll, 6.14.0010.1016 (English), 1/26/2011 23:00:56, 53248 bytes
Driver: C:\WINDOWS\system32\atibtmon.exe, 2.00.0000.0000 (English), 5/11/2009 22:35:30, 118784 bytes
Driver: C:\WINDOWS\system32\atiok3x2.dll, 6.14.0010.10524 (English), 1/26/2011 22:21:32, 483328 bytes
Driver: C:\WINDOWS\system32\atioglxx.dll, 6.14.0010.10524 (English), 1/26/2011 23:05:58, 17252352 bytes
Driver: C:\WINDOWS\system32\atiiiexx.dll, 6.14.0010.4006 (English), 1/26/2011 22:41:32, 311296 bytes
Driver: C:\WINDOWS\atiogl.xml, 1/25/2011 22:42:00, 30707 bytes
Driver: C:\WINDOWS\system32\ATIODCLI.exe, 1.00.0000.0001 (English), 6/22/2009 16:34:20, 45056 bytes
Driver: C:\WINDOWS\system32\ATIODE.exe, 1.00.0000.0001 (English), 8/27/2010 19:32:08, 294912 bytes
------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/4/2004 08:00:00 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/4/2004 08:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 29696 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 17920 bytes
dpnet.dll: 5.03.2600.6311 English Final Retail 11/1/2012 22:02:42 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:18 83456 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/4/2004 08:00:00 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/4/2004 08:00:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 82432 bytes
system.dll: 1.01.4322.2503 English Final Retail 7/10/2013 03:42:22 1232896 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 2/23/2009 14:17:15 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 5.04.0000.3900 English Final Retail 2/23/2009 14:17:08 2676224 bytes
Microsoft.DirectX.Direct3DX.dll: 9.04.0091.0000 English Final Retail 2/23/2009 14:17:10 2846720 bytes
Microsoft.DirectX.Direct3DX.dll: 9.05.0132.0000 English Final Retail 2/23/2009 14:17:11 563712 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 2/23/2009 14:17:12 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 2/23/2009 14:17:12 576000 bytes
Microsoft.DirectX.Direct3DX.dll: 9.08.0299.0000 English Final Retail 2/23/2009 14:17:12 577024 bytes
Microsoft.DirectX.Direct3DX.dll: 9.09.0376.0000 English Final Retail 2/23/2009 14:17:13 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.10.0455.0000 English Final Retail 2/23/2009 14:17:13 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.11.0519.0000 English Final Retail 2/23/2009 14:17:13 578560 bytes
Microsoft.DirectX.Direct3DX.dll: 9.12.0589.0000 English Final Retail 2/23/2009 14:17:15 578560 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:15 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:15 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:16 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:16 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:14 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:14 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 2/23/2009 14:17:14 223232 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6151 English Beta Retail 9/18/2010 02:53:25 954368 bytes
mfc42.dll: 6.02.8081.0000 English Final Retail 2/8/2011 09:33:55 978944 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/13/2008 20:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:56 35328 bytes
mpg2splt.ax: 6.05.2600.6333 English Final Retail 1/2/2013 02:49:10 148992 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:53 20480 bytes
qasf.dll: 11.00.5721.5145 English Final Retail 10/18/2006 21:47:18 211456 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 279040 bytes
qdvd.dll: 6.05.2600.6169 English Final Retail 11/3/2011 11:28:36 386048 bytes
qedit.dll: 6.05.2600.6512 English Final Retail 2/5/2014 04:55:04 562688 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 13:21:32 733696 bytes
quartz.dll: 6.05.2600.6333 English Final Retail 1/2/2013 02:49:10 1292288 bytes
strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 04:00:21 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/13/2008 20:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/13/2008 20:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/13/2008 20:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/13/2008 20:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/13/2008 20:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/13/2008 20:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/13/2008 20:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/13/2008 20:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 05:01:48 204800 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 15:16:36 141056 bytes
ksproxy.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 129536 bytes
ksuser.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:56 4096 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:45:16 49408 bytes
mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5376 bytes
mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 14:39:51 4992 bytes
mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:52 7552 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:53 4352 bytes
mstee.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5504 bytes
ipsink.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 16384 bytes
mpeg2data.ax: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:42 118272 bytes
ndisip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:22 10880 bytes
streamip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:21 15232 bytes
msvidctl.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:01 1428992 bytes
slip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 11136 bytes
nabtsfec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:25 85248 bytes
ccdecode.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 17024 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 30208 bytes
msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 13:11:44 17920 bytes
kstvtune.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 61952 bytes
ksxbar.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 43008 bytes
kswdmcap.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 91136 bytes
vfwwdm32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:08 53760 bytes
wstcodec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:24 19200 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:10 50688 bytes
------------------
DirectShow Filters
------------------
WDM Streaming VBI Codecs:
NABTS/FEC VBI Codec,0x00200000,2,1,,5.03.2600.5512
CC Decoder,0x00200000,2,1,,5.03.2600.5512
WST Codec,0x00200000,1,1,,5.03.2600.5512
DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMA Voice Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
DivX Decoder Filter,0x00800000,1,1,,
Sonic Scaler,0x00200000,1,1,SonicDSScaler.ax,1.00.0000.0001
Sony ATRAC3/3plus Decode Filter,0x00600000,1,1,atxdec.ax,1.00.0000.41125
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Sonic TimeStampSmoother Filter,0x00000000,0,0,,
ffdshow Video Decoder,0xff800001,2,1,ffdshow.ax,1.00.0003.1352
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.6333
WMT VIH2 Fix,0x00200000,1,1,WLXVAFilt.dll,14.00.8117.0416
Record Queue,0x00200000,1,1,WLXVAFilt.dll,14.00.8117.0416
WMT Switch Filter,0x00200000,1,1,WLXVAFilt.dll,14.00.8117.0416
WMT Virtual Renderer,0x00200000,1,0,WLXVAFilt.dll,14.00.8117.0416
WMT DV Extract,0x00200000,1,1,WLXVAFilt.dll,14.00.8117.0416
WMT Virtual Source,0x00200000,0,1,WLXVAFilt.dll,14.00.8117.0416
WMT Sample Information Filter,0x00200000,1,1,WLXVAFilt.dll,14.00.8117.0416
ffdshow raw video filter,0x00200000,2,1,ffdshow.ax,1.00.0003.1352
RealPlayer Video Filter,0x00200000,1,1,rdsf3260.dll,16.00.0003.0051
MainConcept (Sonic) DV Video Decoder,0x00600000,1,1,sonicmcdsdv.ax,2.01.0000.0004
MainConcept (Sonic) DV Video Encoder,0x00200000,1,1,sonicmcdsdv.ax,2.01.0000.0004
ffdshow Audio Decoder,0x3fffffff,1,1,ffdshow.ax,1.00.0003.1352
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.6333
WM ASF Reader,0x00400000,0,0,qasf.dll,11.00.5721.5145
Audio Source,0x00200000,0,1,wmprevu.dll,9.00.0000.2980
GDCL WMV/WMA Parser,0x00600000,1,2,bs_wm.di,0.09.0000.0001
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5145
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.6333
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.6333
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Photo Story Source Filter,0x00200000,0,1,PSSourceFilter.dll,1.01.0000.2423
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
Sonic DirectShow Tap,0x00200000,1,1,DirectShowTap.ax,1.00.0000.0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.6333
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.6076
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
RealPlayer MPEG4 Transform,0x00600000,1,1,rdsf3260.dll,16.00.0003.0051
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.6333
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
MPEG Layer-3 Decoder,0x00810000,1,1,L3CODECX.AX,1.09.0000.0311
MPV Decoder Filter,0x00500001,1,1,Mpeg2DecFilter.ax,1.00.0000.0003
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.6333
Sonic MPEG Audio Decoder,0x00200000,1,1,SonicMPEGAudio.DLL,2.05.0004.1406
AsyncEx,0x00200000,0,1,bs_load.di,
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
RTStreamSink,0x00200000,1,0,RTStreamSink.ax,1.00.0000.0000
FLV Splitter,0x00600000,1,1,FLVSplitter.ax,1.00.0000.0001
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6333
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.6333
WavPack Audio Decoder,0x00600000,1,1,WavPackDSDecoder.ax,1.01.0000.0482
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,11.00.5721.5145
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Sonic Field Switch,0x00200000,1,1,FieldSwitch.ax,1.00.0000.0000
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
Haali Media Splitter,0x00800001,0,1,splitter.ax,1.07.0189.0011
Haali Media Splitter (AR),0x00400000,1,1,splitter.ax,1.07.0189.0011
Sonic RT Stream Source Filter,0x00400000,0,1,RTStreamSourceFilter.ax,1.03.0000.0001
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Sonic DVD LPCM Converter,0x00600000,1,1,DVDLPCMConverter.ax,1.00.0000.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Disk Record Queue,0x00200000,1,1,wmedque.dll,9.00.0000.2980
SampleGrabber Filter,0x00200000,1,1,SampleGrabber.ax,9.00.0000.0000
Color Converter,0x00200000,1,1,declrds.ax,9.00.0000.2980
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
NSC file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
XviD MPEG-4 Video Decoder,0x00800000,1,1,xvid.ax,
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.6333
Windows Media source filter,0x00600000,0,2,wmpasf.dll,11.00.5721.5145
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6333
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.6076
Sonic Audio Depth Converter,0x00200000,1,1,AudioDepthConverter.ax,1.00.0000.0000
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.6169
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.6333
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.6333
SonyMp4AacDecoder,0x00000000,0,0,,
Haali Video Renderer,0x00200000,1,0,dxr.dll,
File Writer,0x00200000,1,0,WLXVAFilt.dll,14.00.8117.0416
MainConcept (Sonic) MPEG Encoder,0x00200000,2,1,SonicMCESMpeg.ax,1.00.0001.0023
MainConcept (Sonic) MPEG Video Encoder,0x00200000,1,1,sonicmcevmpeg.ax,1.00.0000.0014
MainConcept (Sonic) MPEG Audio Encoder,0x00200000,1,1,sonicmceampeg.ax,1.00.0000.0007
WM ASF Writer,0x00400000,0,0,qasf.dll,11.00.5721.5145
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WAV Dest,0x00200000,0,0,WavDest.dll,1.01.0000.2423
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4504
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
MainConcept (Sonic) Sample Buffer Filter,0x00200000,1,1,SonicMCSampleBuffer.ax,1.00.0000.0004
RealPlayer MP3 Transform,0x00600000,1,1,rdsf3260.dll,16.00.0003.0051
Haali Simple Media Splitter,0x00200000,0,1,splitter.ax,1.07.0189.0011
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DirectVobSub,0x00200000,2,1,VSFilter.dll,1.00.0001.0003
DirectVobSub (auto-loading version),0x00800002,2,1,VSFilter.dll,1.00.0001.0003
Sonic MPEG Video Decoder,0x00200000,2,1,SonicMPEGVideo.DLL,2.05.0004.1044
Sonic Audio SRC,0x00200000,1,1,DSAudioSRC.ax,1.00.0000.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.6169
Sonic Audio Offset Filter,0x00200000,1,1,Offset.ax,
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.6169
Haali Matroska Muxer,0x00200000,1,0,splitter.ax,1.07.0189.0011
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.6333
.RAM file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.6333
Sonic Rainbow Fix,0x00200000,1,1,SonicRainbowFix.ax,1.00.0000.0000
AsyncEx,0x00200000,0,1,CopyTransManager.ax,2.00.0000.0000
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
RealPlayer Transcode Filter,0x00600000,0,0,rdsf3260.dll,16.00.0003.0051
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
ffdshow Audio Processor,0x00200000,1,1,ffdshow.ax,1.00.0003.1352
Screen Capture filter,0x00200000,0,1,wmesrcwp.dll,9.00.0000.2980
Sonic File Writer,0x00200000,1,0,SonicFileWriter.ax,
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF URL Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.6512
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.6512
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
FLV Source,0x00600000,0,0,FLVSplitter.ax,1.00.0000.0001
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.6076
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.6169
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,16.00.0003.0051
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.6333
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.6333
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.6333
XML Playlist,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
WavPack Audio Splitter,0x00600000,1,1,WavPackDSSplitter.ax,1.01.0000.0319
Video Source,0x00200000,0,1,wmprevu.dll,9.00.0000.2980
Sonic MPEG Splitter,0x00200000,1,2,SonicMPEGSplitter.dll,1.00.0000.0105
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.6333
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.6333
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.6333
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Sonic DV Scene Detector,0x00600000,1,1,DVSceneDetector.ax,1.00.0000.0000
Sony ATRAC3/3plus Parse Filter,0x00400000,1,1,atxparser.ax,1.00.0000.31020
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Haali Video Sink,0x00200000,1,0,splitter.ax,1.07.0189.0011
Sonic Video Performance Monitor,0x00600000,1,1,VidPerfMonitor.ax,1.00.0000.0000
Sonic SP Video Renderer,0x00200000,1,0,SonicVideoRenderer.ax,8.01.0000.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.6333
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003
WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512
Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
ffdshow video encoder,0x00100000,1,1,ffdshow.ax,1.00.0003.1352
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MainConcept (Sonic) MPEG Video Encoder,0x00200000,1,1,sonicmcevmpeg.ax,1.00.0000.0014
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.6333
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
MainConcept DV Codec 2.0.4,0x00200000,1,1,qcap.dll,6.05.2600.5512
ffdshow Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft MPEG-4 Video Codec V2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft MPEG-4 Video Codec V3,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft MPEG-4 Video Codec V1,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512
XviD MPEG-4 Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Audio Compressors:
WMA Voice Encoder DMO,0x00600800,1,1,,
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
MainConcept (Sonic) MPEG Audio Encoder,0x00200000,1,1,sonicmceampeg.ax,1.00.0000.0007
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.6333
Lernout & Hauspie CELP 4.8kbit/s,0x00200000,1,1,quartz.dll,6.05.2600.6333
Lernout & Hauspie SBC 8kbit/s,0x00200000,1,1,quartz.dll,6.05.2600.6333
Lernout & Hauspie SBC 12kbit/s,0x00200000,1,1,quartz.dll,6.05.2600.6333
Lernout & Hauspie SBC 16kbit/s,0x00200000,1,1,quartz.dll,6.05.2600.6333
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
PCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.6333
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.6333
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.6333
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.6333
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.6333
Messenger Audio Codec,0x00200000,1,1,quartz.dll,6.05.2600.6333
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.6333
SHARP G.726,0x00200000,1,1,quartz.dll,6.05.2600.6333
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.6333
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.6333
NCT ALF2 CD,0x00200000,1,1,quartz.dll,6.05.2600.6333
AC-3 ACM Decompressor,0x00200000,1,1,quartz.dll,6.05.2600.6333
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.6333
Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.6333
BDA Rendering Filters:
BDA IP Sink,0x00200000,1,1,,5.03.2600.5512
BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,
BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.6161
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.6161
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.6161
WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512
Audio Renderers:
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.6333
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.6333
BDA Receiver Component:
BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5512

Thank you


----------



## 7dees (Oct 4, 2009)

PS The dxdiag was run in safe mode


----------



## Cookiegal (Aug 27, 2003)

Why are you not able to transfer your items for back up?


----------



## Cookiegal (Aug 27, 2003)

Also, what is the serve tag number of your Dell?


----------



## 7dees (Oct 4, 2009)

When I try to use the computer it causes a blue screen. I have not tried the back up drive in safe mode yet.
Dell DW15761


----------



## Cookiegal (Aug 27, 2003)

Are you able to do anything at all?

I would attempt to undo the system restore that you did and then uninstall Bit Defender and MalwareBytes as there may be some conflicts with those and the remnants we found earlier of Avast and CA.


----------



## 7dees (Oct 4, 2009)

I was unable to reverse the restore as if I did not really accomplish it in the first place. I removed both programs as suggested and restarted the machine a few times. disconnected the broadband and copied my entire documents folder to the back-up drive. With just about three minutes remaining I recieved the following blue screen.







I'm hopeful the remaining user files will copy easily in smaller bites when its back up and running.
I am taking a break from this project for awhile and will post back when I have finished up.
Please let me know what you think of this latest blue screen.
Thanks again for all you do.


----------



## Cookiegal (Aug 27, 2003)

OK. Good luck.

After you get everything backed up, see if you can run *chkdsk /F* from a command prompt (CMD).

I wouldn't do it before as there is the potential for data loss, especially if it freezes and can't complete.


----------



## 7dees (Oct 4, 2009)

I have finished backing up data and now I will attempt your last instructions *chkdsk /F*.
Before proceeding though, a question:
I have a RAID Volume Array with two hard drives 149GB each however I briefly notice at boot up that it says for one of the disk "Member Disk" in green letters and the other "Error Occured" in red letters.
Is it OK to proceed?
Thank you


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, I have no idea. I'll see if I can get someone else to help with that.


----------



## 7dees (Oct 4, 2009)

Hello again.
Any leads on your previous reply?


----------



## Cookiegal (Aug 27, 2003)

I asked the other Moderators and no one seemed to be able to help so I've now put out a request to our Trusted Advisors. Hopefully one of them will be able to advise you.


----------



## 7dees (Oct 4, 2009)

Dear Techguys and Gals,
I have arrived at a point where I will close this thread as solved. The machine is working well no malware has returned and apparently the antivirus conflicts have been resolved. The intention all along has been to stabilize the system enough for a full back-up and that has now been accomplished. 

I am now running Malwarebytes Anti Malware premium and Malwarebytes Anti-Exploit premium without any issue and continue keeping a wary eye on suspicious websites using the WOT add on for internet explorer.

At this point its more of a curiosity to see how much longer the machine can be kept running since it was 10 years old in April! 

Thank you for your expert dedication and volunteerism in a field that is forever changing. It is refreshing and comforting to know that your guidance is just a few clicks away.

With best regards,
7dees


----------



## Cookiegal (Aug 27, 2003)

I'm sorry no one took over to help you but glad that you were able to get everything off of it that you needed.


----------



## 7dees (Oct 4, 2009)

No issues from my perspective only gratitude. 

The malware issue was addressed within that forum before the hardware issue became apparent. I would have started a new thread if I was unable to get the machine stabilized.

Over the past week my research into RAID0 drives helped me conclude that in spite of its flaw of zero redundancy, technology has caught up with that fault. A 1TB external hard drive has been my solution and although I believe that the drive would work even faster on a new machine using the newer USB protocol, it is still lightning fast compared to the floppy, tape or CD/DVD back-up methods. When the inevitable happens and one drive fails all is lost but I will have the back-up and then I'll buy a new machine.

Again,
Best Regards


----------



## Cookiegal (Aug 27, 2003)

You're indeed welcome for my small part in this matter.


----------



## eddie5659 (Mar 19, 2001)

Glad to see its all working again. Thank you Cookie for taking this earlier, I was watching it when I got back to see how it went


----------



## Cookiegal (Aug 27, 2003)

You're welcome Eddie.


----------



## 7dees (Oct 4, 2009)

Kudos to you Eddie for your learned guidance and happy to see you back.


----------



## eddie5659 (Mar 19, 2001)

Thanks 7dees, and its good to be back as well


----------

