PDA

View Full Version : smitfraud DDS file


DHubbard
2012-07-17, 06:02
Hello, I too much like the others who have been infected with this malware have come to this forum to get help removing this from my laptop.

Here is the DDS File that is requested:
DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Doug at 22:52:11 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7932.5684 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mqsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\taskeng.exe
-netsvcs
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe
C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe
C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe
C:\Program Files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe
C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe
C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\msiexec.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{40F4A13E-9FCD-41D1-99C5-B84317178135} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{40F4A13E-9FCD-41D1-99C5-B84317178135}\1484C484E45445 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{40F4A13E-9FCD-41D1-99C5-B84317178135}\34C6566756270556E6765796E6D27657563747 : DHCPNameServer = 68.87.72.134 68.87.77.134
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Comcast_McciTrayApp] "C:\Program Files\Comcast\pcTrayApp.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ar0x28wm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb35076&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-2-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-3-19 383808]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-10-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-2-17 361472]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-2-17 441344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-5 1153368]
R2 SWCollectorDataProcessorSvc;SolarWinds Collector Data Processor;C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe [2010-12-6 29184]
R2 SWCollectorManagementAgentSvc;SolarWinds Collector Management Agent;C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe [2010-12-6 29184]
R2 SWCollectorPollingControllerSvc;SolarWinds Collector Polling Controller;C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe [2010-12-6 29184]
R2 SWInfoServiceSvc;SolarWinds Information Service;C:\Program Files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe [2010-10-18 34304]
R2 SWJobEngineSvc;SolarWinds Job Engine;C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe [2010-11-29 33280]
R2 SWJobEngineSvc2;SolarWinds Job Engine v2;C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe [2010-12-27 37376]
R2 SWJobSchedulerSvc;SolarWinds Job Scheduler;C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe [2010-11-29 36352]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-19 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-19 36408]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]
S2 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION);H:\DougRMU\Senior\447\SQLExpress\MSSQL.1\MSSQL\Binn\sqlservr.exe -sSOLARWINDS_ORION --> H:\DougRMU\Senior\447\SQLExpress\MSSQL.1\MSSQL\Binn\sqlservr.exe -sSOLARWINDS_ORION [?]
S2 NetPerfMonService;SolarWinds Network Performance Monitor;H:\DougRMU\Senior\447\NetPerfMonService.exe --> H:\DougRMU\Senior\447\NetPerfMonService.exe [?]
S2 OrionModuleEngine;SolarWinds Orion Module Engine;"H:\DougRMU\Senior\447\SolarWinds.BusinessLayerHost.exe" --> H:\DougRMU\Senior\447\SolarWinds.BusinessLayerHost.exe [?]
S2 SolarWindsAlertingEngine;SolarWinds Alerting Engine;"H:\DougRMU\Senior\447\AlertingEngine.exe" --> H:\DougRMU\Senior\447\AlertingEngine.exe [?]
S2 SolarwindsSyslogService;SolarWinds Syslog Service;"H:\DougRMU\Senior\447\SyslogService.exe" --> H:\DougRMU\Senior\447\SyslogService.exe [?]
S2 SolarWindsTrapService;SolarWinds Trap Service;"H:\DougRMU\Senior\447\SWTrapService.exe" --> H:\DougRMU\Senior\447\SWTrapService.exe [?]
S2 SWOrionInformationServicev1;SolarWinds Orion Information Service v1;"H:\DougRMU\Senior\447\Information Service\1.0\SolarWinds.InformationService.Service.exe" --> H:\DougRMU\Senior\447\Information Service\1.0\SolarWinds.InformationService.Service.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 250056]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-19 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== Created Last 30 ================
.
2012-07-17 03:45:51 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFDF06B8-7E9A-4081-9CFB-4D01143F3963}\gapaengine.dll
2012-07-17 03:45:47 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{893301AA-3B2A-4332-B0CA-92C8A2DFFA13}\mpengine.dll
2012-07-17 03:42:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-17 03:42:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-17 03:27:27 -------- d-----w- C:\Users\Doug\AppData\Local\ElevatedDiagnostics
2012-07-17 03:13:05 -------- d-----w- C:\Program Files\CCleaner
2012-07-17 03:12:08 -------- d-----w- C:\Users\Doug\AppData\Local\Google
2012-07-17 02:36:28 -------- d-----w- C:\Users\Doug\AppData\Local\Macromedia
2012-07-17 01:29:27 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC3B38DF-BC32-4035-9DD1-068A25FEE5B5}\mpengine.dll
2012-07-17 01:19:59 20480 ----a-w- C:\Windows\svchost.exe
2012-07-10 18:40:11 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-18 22:02:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 22:01:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 22:01:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 22:01:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 01:13:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:13:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 22:53:36.45 ===============





Anything else I need to do? I have the attach file, but I don't know how to zip it...

Never mind. Here is the zip file


9692
Satchfan
2012-07-17, 11:19
Hello DHubbard and welcome to the SNF forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Stchfan
Satchfan
2012-07-17, 12:07
Hello again DHubbard

Running multiple antivirus programs

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Uninstall either AVG or Microsoft Security Essentials.

click on Start, Control Panel
click Programs and Features
scroll down the list and look for any AVG OR Microsoft Security Essentials entry:
click on it and then on Remove.


Run AVG removal tool

If you chose to uninstall AVG there will still be some remnants of it on your computer even after the uninstall so please download AVG Removal Tool from here (http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe).

===================================================

Spybot TeaTimer

Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.

launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
on the left hand side, click on Tools, then click on the Resident Icon in the list.
uncheck the Resident TeaTimer (Protection of overall system settings) active box.
click on the System Startup icon in the List
uncheck the "TeaTimer" box and click OK at any prompts.
if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
exit Spybot S&D.

(When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).

===================================================

Ask Toolbar

Uninstall Ask Toolbar if it was not installed on purpose.

See here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.

If you choose to follow my recommendation then please uninstall the following:

Ask Toolbar
Ask Toolbar Updater

===================================================

Download and run OTL

download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
click Scan all users.
under Custom Scan paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT

click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
you may need two posts to fit them both in.

===================================================

Run aswMBR

download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
double click the aswMBR.exe to run it
if asked, accept the AVAST virus definition download
click the "Scan" button to start scan
on completion of the scan click Save log, save it to your desktop and post in your next reply

Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log

Please also explain the problems you are having

Thanks

Satchfan
DHubbard
2012-07-17, 19:09
Satchfan,

Thank you for your prompt help and guidance. I found smitfraud when I ran my last spybot check. It wouldn't let me remove it, even as admin. Then while I was online, my laptop powered down on its own. Now I get commercials in Spanish blaring through my speakers whenever I go online. I appreciate your help in removing this, and I am taking notes so if I know anyone that gets this, I will at least have some idea on how to assist. I work in IT and have not done much with security since I received my bachelors degree. Thank you again for your help.

Here are the logfiles you requested:
OTL logfile created on: 7/17/2012 11:11:43 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 64.48% Memory free
15.49 Gb Paging File | 12.49 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.36 Gb Total Space | 186.08 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.19 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 10:43:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
PRC - [2012/07/17 10:28:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/04/28 07:30:22 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/18 16:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/08 16:07:34 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/29 17:25:18 | 000,036,352 | ---- | M] (SolarWinds) -- C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 13:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 06:14:39 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 06:14:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 06:14:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 06:14:00 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/16 14:18:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/11 17:36:38 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 17:36:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 17:36:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 17:35:26 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/11 17:35:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 17:35:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 17:34:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 17:34:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 17:34:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/28 07:30:22 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/25 14:21:18 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/10/25 22:27:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/10/25 22:27:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/10/25 22:27:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/10/25 22:27:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/10/25 22:27:46 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/10/25 22:27:44 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/10/25 22:27:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/10/25 22:27:20 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/07/23 13:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/18 16:01:54 | 000,441,344 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 08:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/10/21 06:13:17 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/21 06:13:16 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 20:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 13:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/07/11 20:13:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/28 07:30:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 16:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/27 04:16:48 | 000,037,376 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe -- (SWJobEngineSvc2)
SRV - [2010/12/06 04:41:10 | 000,029,184 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe -- (SWCollectorPollingControllerSvc)
SRV - [2010/12/06 04:41:10 | 000,029,184 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe -- (SWCollectorManagementAgentSvc)
SRV - [2010/12/06 04:41:10 | 000,029,184 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe -- (SWCollectorDataProcessorSvc)
SRV - [2010/11/29 17:25:18 | 000,036,352 | ---- | M] (SolarWinds) [Auto | Running] -- C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe -- (SWJobSchedulerSvc)
SRV - [2010/11/29 17:25:18 | 000,033,280 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe -- (SWJobEngineSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/21 06:13:17 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe -- (STacSV)
SRV - [2010/10/21 06:13:16 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV - [2010/10/18 16:27:58 | 000,034,304 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe -- (SWInfoServiceSvc)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 16:01:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/01/18 16:01:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/21 06:13:18 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/30 14:29:09 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/03 14:03:14 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 13:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 14:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 08:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012/07/17 10:13:55 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{893301AA-3B2A-4332-B0CA-92C8A2DFFA13}\MpKsl20321853.sys -- (MpKsl20321853)
DRV - [2012/01/18 16:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 16:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {852143AB-2B88-46C5-A83E-237FF653AF3A}
IE:64bit: - HKLM\..\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{852143AB-2B88-46C5-A83E-237FF653AF3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {852143AB-2B88-46C5-A83E-237FF653AF3A}
IE - HKLM\..\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{852143AB-2B88-46C5-A83E-237FF653AF3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes,DefaultScope = {852143AB-2B88-46C5-A83E-237FF653AF3A}
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes\{3A364BBF-7580-4640-B3FB-90728C322540}: "URL" = http://search.avg.com/route/?d=4cb35076&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes\{852143AB-2B88-46C5-A83E-237FF653AF3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\SearchScopes\{F65469A6-7D70-4FE7-858B-E376B261B685}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EAA63DC0-A32D-46C8-8C19-5B5A2F27F9FC&apn_sauid=9BA52E61-D41E-42CD-9D62-EB59D3320DAA
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\Owner\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2012/05/29 17:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2012/05/29 17:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 02:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/29 17:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/29 17:33:01 | 000,000,000 | ---D | M]

[2009/12/25 19:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/07/15 14:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g4p4wu2a.default\extensions
[2012/07/15 14:37:34 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g4p4wu2a.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/04/28 07:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/28 00:34:04 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2011/05/28 00:34:04 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2011/05/28 00:34:04 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2012/04/28 07:30:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/28 19:03:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/29 12:12:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/29 12:12:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AVG Safe Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: AT_WesCravenV2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop\3_0\

O1 HOSTS File: ([2010/05/10 00:21:54 | 000,393,152 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13575 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000..\Run: [Apps] C:\Users\Owner\AppData\Local\assembly\Apps\xrfqtfyj.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3981133466-1286039072-1923035676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.5.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40F4A13E-9FCD-41D1-99C5-B84317178135}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 10:42:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/07/17 10:28:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/17 10:16:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{84947802-578E-40BA-ACEA-8F5E41B8C5BE}
[2012/07/17 10:01:54 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Owner\Desktop\avgremover.exe
[2012/07/17 09:58:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/17 09:46:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A6635E0B-C065-4322-A43D-521D9E775145}
[2012/07/17 09:45:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{201D22D0-0F6E-40B7-B1CE-7ABCBB437270}
[2012/07/16 23:28:24 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/16 23:28:24 | 000,839,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/16 23:28:24 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/16 23:28:09 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/16 23:28:09 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/16 22:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/16 22:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/16 22:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/16 22:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/16 22:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/16 22:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/16 20:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{597295FF-1955-478C-B9C8-223536A6CAB4}
[2012/07/16 20:19:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/07/11 19:08:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5D95AB77-3BB5-4417-991A-28B44691FDB4}
[2012/07/11 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{671FA036-A02E-4031-96FC-0A1CF3320430}
[2012/07/10 15:43:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D37FBBDD-91EA-4084-9B1F-B0E1F36E4DEE}
[2012/07/10 15:42:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A402E107-ADDC-48E9-A644-E958E2B2E8B0}
[2012/07/10 13:14:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 13:14:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 13:14:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 13:14:27 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 13:14:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/07 15:00:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D08D6FBF-345F-494A-8BE7-272BD3CA5C04}
[2012/07/04 14:51:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7180B317-BB2D-4938-9A7F-56389DBAFA73}
[2012/06/23 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/06/18 17:02:07 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/18 17:02:07 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/18 17:02:07 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/18 17:01:45 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/18 17:01:45 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/18 17:01:45 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/18 17:01:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/18 17:01:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/17 16:34:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AA9597A9-A62D-4C18-A2EA-588D1EB0ABA1}
[2011/07/05 21:01:14 | 003,085,984 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Owner\install_flash_player.exe

========== Files - Modified Within 30 Days ==========

[2012/07/17 11:04:17 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/07/17 10:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3981133466-1286039072-1923035676-1000UA.job
[2012/07/17 10:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/17 10:43:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/07/17 10:28:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/17 10:24:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 10:23:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:23:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:22:14 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Owner\Desktop\avgremover.exe
[2012/07/17 10:14:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 10:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 10:13:09 | 1943,162,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 09:46:16 | 001,069,488 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/17 09:46:16 | 000,851,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/17 09:46:16 | 000,195,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 23:27:50 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/16 23:27:50 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/16 22:44:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/16 22:36:11 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 22:13:04 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/16 20:18:52 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/07/16 17:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3981133466-1286039072-1923035676-1000Core.job
[2012/07/12 00:57:27 | 000,002,401 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/07/11 20:13:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 20:13:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/10 15:38:50 | 000,351,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/17 11:04:16 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/07/16 22:44:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/16 22:42:35 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/16 22:13:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 22:13:04 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/16 22:12:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/16 22:12:12 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/30 17:52:38 | 000,001,854 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
[2010/10/08 21:29:52 | 000,007,952 | ---- | C] () -- C:\Users\Owner\NewMaster1.Master
[2010/10/02 13:01:08 | 001,069,488 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/14 20:30:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/14 20:30:19 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/14 20:29:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/14 20:28:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/13 00:21:40 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/04/02 14:37:32 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2010/03/31 13:50:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/13 11:31:21 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
DHubbard
2012-07-17, 19:12
EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500325AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 452.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 485922701312
Hidden sectors: 0


< CREATERESTOREPOIN >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
DHubbard
2012-07-17, 19:14
OTL Extras logfile created on: 7/17/2012 10:29:30 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 72.20% Memory free
15.49 Gb Paging File | 13.06 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.36 Gb Total Space | 186.22 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.19 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30

Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL

%l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows

\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL

%1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL

%1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]
"{07E339A6-DA08-466E-B54E-B8C89AC8FFD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=

%systemroot%\system32\spoolsv.exe |
"{11ECE7E4-5B64-4C3C-9CAE-3E408EA38115}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv |

app=svchost.exe |
"{20D9429C-4593-45BF-B870-FD6819323ED4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=

%systemroot%\system32\svchost.exe |
"{258B9CE4-5207-4977-B8D7-2C2CC8A73C50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C49F493-C23C-45FB-A5AB-601CDD9AC67C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C673BBD-481C-4AD1-BFA3-42714D43633E}" = lport=445 | protocol=6 | dir=in | app=system |
"{4ED97F45-40F2-4CB6-8F3F-E69C29E860F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=

%systemroot%\system32\svchost.exe |
"{503465AE-E79D-46BD-8707-29E4B715D18A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=

%systemroot%\system32\svchost.exe |
"{60C4EC38-C927-4D21-B552-45EF761DB33B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6EB6D4D0-09EF-4259-BDFC-F8DAC9A07BDD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=

%systemroot%\system32\svchost.exe |
"{7040C1B4-2DDC-492F-8423-0C0148E6A798}" = rport=137 | protocol=17 | dir=out | app=system |
"{70B25905-54CE-4FA6-A914-1CBD2381AFDF}" = lport=2869 | protocol=6 | dir=in | name=windows live

communications platform (upnp) |
"{74860EE1-EDE9-467C-92A0-668D3D244722}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=

%systemroot%\system32\svchost.exe |
"{75942DB8-A9BB-4EE6-9B26-9D8045DEE67C}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CE9093D-FDAF-4116-A366-4F1C7A6E80A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80961F97-C896-4BEE-B628-66E6019AC3AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{82D98720-ECB1-48B2-9359-ECD386DD822B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=

%systemroot%\system32\svchost.exe |
"{85AF6219-7DBC-4CF6-91F3-DC8C99C8FD70}" = lport=17777 | protocol=6 | dir=in | name=solarwinds

information service |
"{929BBC00-B68E-44A5-96EF-033A71D22A1E}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork

scanner |
"{979DDF19-67D1-41C9-BCC2-640033BA2AF9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=

%systemroot%\system32\svchost.exe |
"{9F918278-D8A4-4DE0-AF9B-6B2DEC012FAF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A2E46766-7718-437F-A60D-BAB29929DBB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4163760-4A1F-4403-AE47-0AEE41584187}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6326ECE-4C71-4316-A276-85ABA086F7D3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |

name=@firewallapi.dll,-28539 |
"{AA66F8A3-3762-4206-9EF7-E4CC3294F050}" = lport=1900 | protocol=17 | dir=in | name=windows live

communications platform (ssdp) |
"{EB1CBA34-B170-4534-85E3-F8FA70221F32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F355F6CB-53BB-4B22-BD8E-1B0557523EC4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator |

app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FFF08491-441A-41CB-8EF2-A28D6B5681ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=

%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]
"{032647CA-BA09-45E7-A03D-CC7FB1222C7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0378EAC3-3F44-4754-8D16-C9627BD3A721}" = protocol=17 | dir=in | app=%programfiles%\windows media

player\wmpnetwk.exe |
"{1131D39D-6C53-4B94-AE59-2EED4A527211}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent

\utorrent.exe |
"{14791D7E-E976-4943-99AB-9552A4835B71}" = protocol=17 | dir=in | app=h:\dougrmu\senior\447\powersnmp

free manager.exe |
"{18506160-7EB4-4DE8-B567-24E03ACB211A}" = dir=in | app=c:\program files (x86)\windows live\mesh

\moe.exe |
"{1D808974-F3AA-4609-A2A2-48F8CF51D3C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1E8095A2-75B1-41D2-AE6F-3D577426EAEB}" = dir=in | app=c:\program files (x86)\hewlett-packard

\touchsmart\media\tsmagent.exe |
"{21955704-ED71-40D0-BB51-AFE2EA1E3E35}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour

\mdnsresponder.exe |
"{377B2A0B-8746-41A0-94A3-0F641185A36F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39A139D4-DBB8-4E2E-AF9F-E9F855804190}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media

player\wmplayer.exe |
"{3DE80DBD-03C8-48C2-9831-A0B9B2B629DA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour

\mdnsresponder.exe |
"{4C5F281B-8B2E-4AB6-9EC2-16E98D09A8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg

\avg10\avgmfapx.exe |
"{4EEEDA2B-56C4-4665-8947-D78598F60BE4}" = protocol=6 | dir=in | app=h:\dougrmu\senior\447\powersnmp

free manager.exe |
"{51639E00-D0AB-474A-9871-C514007FBF9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{546F02D7-B96A-4378-A339-AFA9ED1BA4DA}" = dir=in | app=c:\program files (x86)\common files\apple\apple

application support\webkit2webprocess.exe |
"{5D9FC3BC-99A0-4359-8BE7-979B5E41F2D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft

office\office12\onenote.exe |
"{5E6D5871-06A9-4AB3-9D25-C30FA391E048}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent

\utorrent.exe |
"{5F7BC264-59D0-4C97-B71B-29F183F63389}" = dir=in | app=c:\program files (x86)\hewlett-packard\media

\dvd\hpdvdsmart.exe |
"{625A97FC-F133-4C16-819A-84365274672A}" = protocol=17 | dir=in | app=c:\program files\bonjour

\mdnsresponder.exe |
"{680C81E2-D6CB-4817-8DBA-77A2A3F592E0}" = protocol=6 | dir=out | app=%programfiles%\windows media

player\wmplayer.exe |
"{6B8078A8-F232-460E-8120-36EB32A3AE8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft

office\office12\onenote.exe |
"{6C183276-6146-48D5-8EA9-D74E1A0FAEBC}" = protocol=17 | dir=in | app=%programfiles%\windows media

player\wmplayer.exe |
"{6E808FDF-7B6C-41B2-B381-AF76880EA8CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows

media player\wmplayer.exe |
"{798F73B1-1D74-4464-810C-41B5FDEE0A02}" = dir=in | app=c:\program files (x86)\hewlett-packard

\touchsmart\media\hptouchsmartphoto.exe |
"{7C25E451-399E-4D73-B159-63526DC16682}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector

\pdr.exe |
"{7C83ED47-35B6-4B2D-8C63-736A89B1FCD6}" = protocol=6 | dir=in | app=c:\program files\bonjour

\mdnsresponder.exe |
"{7D681B52-76E8-4CAE-87FC-82FC0DBABD0F}" = protocol=6 | dir=out | app=%programfiles%\windows media

player\wmpnetwk.exe |
"{82B2B829-A602-4EEE-A3B3-D5740C2F9D48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour

\mdnsresponder.exe |
"{8BFF3C2E-55B1-48E7-A979-7F6E875625FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media

player\wmplayer.exe |
"{922B2CEF-4E20-42F8-AB86-849476087157}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%

\system32\svchost.exe |
"{93B33730-5F53-4ABE-858B-66E7B9F9F892}" = dir=in | app=c:\program files (x86)\hewlett-packard

\touchsmart\media\hptouchsmartmusic.exe |
"{9F1BD04B-0DCC-4B04-91DD-963F97E02008}" = protocol=6 | dir=out | app=system |
"{A1235C8B-9930-44AC-94F0-64D927D8220D}" = dir=in | app=c:\program files (x86)\hewlett-packard

\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A6EBC394-BD6F-40FC-A26A-83D124AB6699}" = protocol=6 | dir=in | app=c:\program files (x86)\avg

\avg2012\avgmfapx.exe |
"{A7D7EF54-3508-43C2-B3E1-639FE733B7CD}" = protocol=17 | dir=out | app=%programfiles%\windows media

player\wmplayer.exe |
"{AAA6D418-715B-4936-8B10-4E2943147CC6}" = protocol=6 | dir=in | app=%programfiles%\windows media

player\wmpnetwk.exe |
"{B6E499D4-846A-43EE-B6EE-18088900A24A}" = dir=in | app=c:\program files (x86)\windows live\contacts

\wlcomm.exe |
"{B813C1AC-950F-4E4A-BC42-E9D6B7C44F56}" = dir=in | app=c:\program files (x86)\hewlett-packard

\touchsmart\media\hptouchsmartvideo.exe |
"{C36B5E1B-9780-4DEF-926D-83C2673805C4}" = protocol=6 | dir=out | app=%programfiles%\windows media

player\wmplayer.exe |
"{C4DA63AD-686D-4D49-83F1-B93A6420778C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg

\avg2012\avgmfapx.exe |
"{C942152E-71B4-4FC0-AD65-C5F41C5E1329}" = protocol=6 | dir=in | app=c:\program files (x86)\avg

\avg10\avgmfapx.exe |
"{CAD219B7-E430-41C0-BEB4-4B42D927977C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DE122356-C12C-421C-A8A0-C1394689CBD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour

\mdnsresponder.exe |
"{E6825F8D-D536-41D4-B291-D8D527A304E2}" = dir=in | app=c:\program files (x86)\windows live\messenger

\msnmsgr.exe |
"{E7F21529-D8F2-4519-A954-5883008DE723}" = protocol=17 | dir=in | app=%programfiles%\windows media

player\wmplayer.exe |
"{E7FC27A8-7B95-448E-9580-3BABF5CC08E7}" = protocol=17 | dir=out | app=%programfiles%\windows media

player\wmplayer.exe |
"{EB89F9BD-4B44-4C11-8D70-C630E8A5D920}" = protocol=17 | dir=out | app=%programfiles%\windows media

player\wmpnetwk.exe |
"{FFE2DF42-50DE-47E8-9F45-DBD734888C80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{07836DD5-B97A-4B47-AE27-E7E851B211B5}C:\program files (x86)\mozilla firefox

\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{66C6EC6D-2C9A-4F87-A2BB-C0388FB24E90}H:\dougrmu\senior\447\powersnmp free manager.exe"

= protocol=6 | dir=in | app=h:\dougrmu\senior\447\powersnmp free manager.exe |
"UDP Query User{10527ABE-FF5F-49D4-BEDA-080EACE90840}H:\dougrmu\senior\447\powersnmp free manager.exe"

= protocol=17 | dir=in | app=h:\dougrmu\senior\447\powersnmp free manager.exe |
"UDP Query User{D5E0983E-654A-4A3E-AD90-BC94716258BC}C:\program files (x86)\mozilla firefox

\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
DHubbard
2012-07-17, 19:16
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64

9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7829292C-7209-4BAF-AE1E-190B7C1AF054}" = Oracle VM VirtualBox 3.2.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools -

ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English)

2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English)

2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) -

ENU
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6901D72-1BF0-30FB-B9BC-B6DC1266E0F4}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express

Tools for Web - enu
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64

8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010

Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote

Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for

Office Runtime (x64)
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{06F25B33-B98A-4F71-A118-67F06DF8C5E2}" = SolarWinds Orion Network Performance Monitor v10.1.1
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B442617-7747-4648-8DEB-D7862B6F8E7E}" = SolarWinds Orion Core Services 2010.2.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SOLARWINDS_ORION)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AF48EE-4B14-4E8E-B7D4-EDE06729C5F5}" = SolarWinds Job Engine v2.1.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75332D2F-365B-4337-96B1-129619B8A304}" = PowerSNMP Free Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" =

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" =

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" =

Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" =

Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADD2E5A0-9F0A-40D3-A0EF-680CCA1515BF}" = SolarWinds Integrated Virtual Infrastructure Monitor v1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1

- ENU
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2235737-DD60-4E74-A36A-527739627859}" = SolarWinds Job Engine v1.5.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E5BB3626-B2B3-49B9-B5FE-0B0218F7A031}" = SolarWinds Collector v2.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F188AB17-3F56-44B0-945E-3FF6602F9C5A}" = SolarWinds Orion Network Atlas v1.4.0
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6439A02-F665-4AE4-8519-92E0C2D59A19}" = SolarWinds Information Service v2.4
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Comcast" = Easy Solve
"Contra - Hard Corps_is1" = Contra - Hard Corps
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"Everything" = Everything 1.2.1.371
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"JCreator LE_is1" = JCreator LE 5.00
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer

2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NoIPDUC" = No-IP DUC
"Office14.VISIOR" = Microsoft Visio Premium 2010
"uTorrent" = µTorrent
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = GameXN GO
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2011 12:44:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/18/2011 12:44:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1124

Error - 3/18/2011 12:44:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1124

Error - 3/18/2011 12:44:02 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/18/2011 12:44:02 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 3/18/2011 12:44:02 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

Error - 3/18/2011 12:44:03 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/18/2011 12:44:03 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136

Error - 3/18/2011 12:44:03 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136

Error - 3/18/2011 6:08:55 PM | Computer Name = Owner-PC | Source = PerfNet | ID = 2005
Description =

[ Hewlett-Packard Events ]
Error - 6/11/2012 3:06:27 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/11/2012 3:06:27 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/12/2012 6:25:29 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/12/2012 6:25:29 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/12/2012 6:26:08 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/16/2012 5:14:32 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/16/2012 5:14:32 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/24/2012 2:43:41 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/7/2012 10:51:08 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/14/2012 3:07:22 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 1/1/2010 6:38:36 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:38:36 AM - Error connecting to the internet. 4:38:36 AM - Unable
to contact server..

Error - 1/1/2010 6:38:54 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 4:38:41 AM - Error connecting to the internet. 4:38:41 AM - Unable
to contact server..

Error - 8/19/2010 12:40:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:40:48 AM - Error connecting to the internet. 11:40:48 AM - Unable
to contact server..

Error - 8/19/2010 1:41:47 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:41:45 PM - Error connecting to the internet. 12:41:45 PM - Unable
to contact server..

[ System Events ]
Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Collector Data Processor service depends on the Net.Tcp
Port Sharing Service service which failed to start because of the following error:
%%1053

Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Collector Management Agent service depends on the Net.Tcp
Port Sharing Service service which failed to start because of the following error:
%%1053

Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Collector Polling Controller service depends on the
Net.Tcp Port Sharing Service service which failed to start because of the following
error: %%1053

Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Information Service service depends on the Net.Tcp
Port Sharing Service service which failed to start because of the following error:
%%1053

Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Job Engine service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1053

Error - 7/17/2012 11:15:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Job Engine v2 service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1053

Error - 7/17/2012 11:15:28 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The SolarWinds Orion Information Service v1 service depends on the
Net.Tcp Port Sharing Service service which failed to start because of the following
error: %%1053

Error - 7/17/2012 11:15:44 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15005
Description =

Error - 7/17/2012 11:15:45 AM | Computer Name = Owner-PC | Source = W3SVC | ID = 1004
Description =

Error - 7/17/2012 11:17:37 AM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path:

rootkit:_Alureon->Mbr::Alureon

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.131.12.0, AS: 1.131.12.0, NIS: 11.159.0.0

Engine
Version: AM: 1.1.8601.0, NIS: 2.0.8001.0


< End of report >
DHubbard
2012-07-17, 19:17
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 10:43:07
-----------------------------
10:43:07.187 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:07.187 Number of processors: 2 586 0x602
10:43:07.187 ComputerName: OWNER-PC UserName: Owner
10:43:11.187 Initialize success
10:44:13.676 AVAST engine defs: 12071700
10:45:08.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:45:08.602 Disk 0 Vendor: ST9500325AS 0005HPM1 Size: 476940MB BusType: 11
10:45:08.612 Device \Driver\atapi -> MajorFunction fffffa80079ef5e8
10:45:08.622 Disk 0 MBR read successfully
10:45:08.622 Disk 0 MBR scan
10:45:08.712 Disk 0 unknown MBR code
10:45:08.712 Disk 0 MBR hidden
10:45:08.732 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:45:08.782 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463212 MB offset 409600
10:45:08.842 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13424 MB offset 949067776
10:45:08.992 Disk 0 scanning C:\Windows\system32\drivers
10:45:31.106 Service scanning
10:45:53.959 Service MpKsl20321853 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{893301AA-3B2A-4332-B0CA-92C8A2DFFA13}\MpKsl20321853.sys **LOCKED** 32
10:46:30.785 Modules scanning
10:46:30.805 Disk 0 trace - called modules:
10:46:30.805 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80079ef5e8]<<
10:46:30.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007406060]
10:46:30.825 3 CLASSPNP.SYS[fffff8800109e43f] -> nt!IofCallDriver -> [0xfffffa80074059d0]
10:46:30.835 5 hpdskflt.sys[fffff88002174289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007340060]
10:46:30.835 \Driver\atapi[0xfffffa8007958d10] -> IRP_MJ_CREATE -> 0xfffffa80079ef5e8
10:46:33.345 AVAST engine scan C:\Windows
10:46:37.515 AVAST engine scan C:\Windows\system32
10:58:10.476 AVAST engine scan C:\Windows\system32\drivers
10:58:43.752 AVAST engine scan C:\Users\Owner
10:58:57.335 File: C:\Users\Owner\AppData\Local\assembly\Apps\xrfqtfyj.dll **INFECTED** Win32:Malware-gen
11:04:16.966 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
11:04:17.056 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thanks again, Satchfan.
-Doug
Satchfan
2012-07-18, 00:49
Hi Doug


I am taking notes so if I know anyone that gets this, I will at least have some idea on how to assist. That is very unwise as all circumstances are unique and this infection is about as bad as it gets. There is no one way to cure this.

One or more of the infections is a backdoor trojan. These are very serious infections and this one in particular can not always be totally eliminated. Please be aware that you may need to back up your important data and re-install Windows. Let me know if you want to do this.

Meanwhile we’ll continue to try and get rid of it as best as we can.

Please run these in the order requested.

Run TDSSKiller

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

extract it to your desktop
double click TDSSKiller.exe
press Start Scan
only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
click Continue > Reboot now
copy and paste the log in your next reply
a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

when finished, it will produce a report for you.
please post the C:\ComboFix.txt for further review.

Logs to include with next post:

TDSSKiller log
ComboFix.txt

Thanks

Satchfan
DHubbard
2012-07-18, 02:12
18:04:44.0564 5060 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:04:45.0996 5060 ============================================================
18:04:45.0996 5060 Current date / time: 2012/07/17 18:04:45.0996
18:04:45.0996 5060 SystemInfo:
18:04:45.0996 5060
18:04:45.0996 5060 OS Version: 6.1.7601 ServicePack: 1.0
18:04:45.0996 5060 Product type: Workstation
18:04:45.0996 5060 ComputerName: OWNER-PC
18:04:45.0996 5060 UserName: Doug
18:04:45.0996 5060 Windows directory: C:\Windows
18:04:45.0996 5060 System windows directory: C:\Windows
18:04:45.0996 5060 Running under WOW64
18:04:45.0996 5060 Processor architecture: Intel x64
18:04:45.0996 5060 Number of processors: 2
18:04:45.0996 5060 Page size: 0x1000
18:04:45.0996 5060 Boot type: Normal boot
18:04:45.0996 5060 ============================================================
18:04:48.0083 5060 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:48.0089 5060 ============================================================
18:04:48.0089 5060 \Device\Harddisk0\DR0:
18:04:48.0089 5060 MBR partitions:
18:04:48.0089 5060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:04:48.0089 5060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388B6000
18:04:48.0089 5060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3891A000, BlocksNum 0x1A38000
18:04:48.0089 5060 ============================================================
18:04:48.0121 5060 C: <-> \Device\Harddisk0\DR0\Partition1
18:04:48.0171 5060 D: <-> \Device\Harddisk0\DR0\Partition2
18:04:48.0171 5060 ============================================================
18:04:48.0171 5060 Initialize success
18:04:48.0171 5060 ============================================================
18:06:14.0197 6028 ============================================================
18:06:14.0197 6028 Scan started
18:06:14.0197 6028 Mode: Manual;
18:06:14.0197 6028 ============================================================
DHubbard
2012-07-18, 02:13
18:06:14.0197 6028 ============================================================
18:06:16.0265 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:06:16.0295 6028 1394ohci - ok
18:06:16.0355 6028 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:06:16.0365 6028 Accelerometer - ok
18:06:16.0455 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:06:16.0455 6028 ACPI - ok
18:06:16.0525 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:06:16.0545 6028 AcpiPmi - ok
18:06:16.0715 6028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:06:16.0715 6028 AdobeARMservice - ok
18:06:16.0935 6028 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:06:16.0935 6028 AdobeFlashPlayerUpdateSvc - ok
18:06:17.0035 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:06:17.0045 6028 adp94xx - ok
18:06:17.0105 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:06:17.0105 6028 adpahci - ok
18:06:17.0145 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:06:17.0145 6028 adpu320 - ok
18:06:17.0175 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:06:17.0175 6028 AeLookupSvc - ok
18:06:17.0325 6028 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
18:06:17.0325 6028 AESTFilters - ok
18:06:17.0425 6028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:06:17.0445 6028 AFD - ok
18:06:17.0525 6028 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
18:06:17.0525 6028 AgereModemAudio - ok
18:06:17.0655 6028 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
18:06:17.0827 6028 AgereSoftModem - ok
18:06:17.0887 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:06:17.0897 6028 agp440 - ok
18:06:17.0957 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:06:17.0987 6028 ALG - ok
18:06:18.0057 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:06:18.0057 6028 aliide - ok
18:06:18.0139 6028 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
18:06:18.0249 6028 AMD External Events Utility - ok
18:06:18.0259 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:06:18.0259 6028 amdide - ok
18:06:18.0319 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:06:18.0339 6028 AmdK8 - ok
18:06:18.0389 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:06:18.0389 6028 AmdPPM - ok
18:06:18.0459 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:06:18.0469 6028 amdsata - ok
18:06:18.0499 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:06:18.0509 6028 amdsbs - ok
18:06:18.0529 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:06:18.0529 6028 amdxata - ok
18:06:18.0639 6028 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
18:06:18.0730 6028 AppHostSvc - ok
18:06:18.0801 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:06:18.0821 6028 AppID - ok
18:06:18.0851 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:06:18.0871 6028 AppIDSvc - ok
18:06:18.0921 6028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:06:18.0921 6028 Appinfo - ok
18:06:19.0071 6028 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:06:19.0081 6028 Apple Mobile Device - ok
18:06:19.0151 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:06:19.0151 6028 arc - ok
18:06:19.0161 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:06:19.0161 6028 arcsas - ok
18:06:19.0351 6028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:06:19.0381 6028 aspnet_state - ok
18:06:19.0431 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:19.0461 6028 AsyncMac - ok
18:06:19.0501 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:06:19.0501 6028 atapi - ok
18:06:19.0681 6028 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
18:06:19.0771 6028 athr - ok
18:06:19.0931 6028 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
18:06:19.0961 6028 AtiHdmiService - ok
18:06:20.0321 6028 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
18:06:20.0629 6028 atikmdag - ok
18:06:20.0803 6028 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:06:20.0803 6028 AtiPcie - ok
18:06:20.0923 6028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:06:21.0013 6028 AudioEndpointBuilder - ok
18:06:21.0033 6028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:06:21.0033 6028 AudioSrv - ok
18:06:21.0123 6028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:06:21.0153 6028 AxInstSV - ok
18:06:21.0313 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:06:21.0353 6028 b06bdrv - ok
18:06:21.0643 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:06:21.0683 6028 b57nd60a - ok
18:06:21.0773 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:06:21.0803 6028 BDESVC - ok
18:06:21.0853 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:06:21.0863 6028 Beep - ok
18:06:21.0983 6028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:06:22.0023 6028 BFE - ok
18:06:22.0103 6028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:06:22.0133 6028 BITS - ok
18:06:22.0183 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:06:22.0203 6028 blbdrive - ok
18:06:22.0345 6028 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:06:22.0355 6028 Bonjour Service - ok
18:06:22.0415 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:06:22.0415 6028 bowser - ok
18:06:22.0445 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:06:22.0455 6028 BrFiltLo - ok
18:06:22.0485 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:06:22.0495 6028 BrFiltUp - ok
18:06:22.0545 6028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:06:22.0555 6028 Browser - ok
18:06:22.0615 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:06:22.0645 6028 Brserid - ok
18:06:22.0665 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:06:22.0675 6028 BrSerWdm - ok
18:06:22.0705 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:06:22.0715 6028 BrUsbMdm - ok
18:06:22.0745 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:06:22.0755 6028 BrUsbSer - ok
18:06:22.0785 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:06:22.0805 6028 BTHMODEM - ok
18:06:22.0835 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:06:22.0865 6028 bthserv - ok
18:06:22.0915 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:06:22.0925 6028 cdfs - ok
18:06:22.0995 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:06:23.0015 6028 cdrom - ok
18:06:23.0085 6028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:06:23.0115 6028 CertPropSvc - ok
18:06:23.0175 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:06:23.0185 6028 circlass - ok
18:06:23.0225 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:06:23.0245 6028 CLFS - ok
18:06:23.0325 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:06:23.0355 6028 clr_optimization_v2.0.50727_32 - ok
18:06:23.0425 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:06:23.0445 6028 clr_optimization_v2.0.50727_64 - ok
18:06:23.0565 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:06:23.0565 6028 clr_optimization_v4.0.30319_32 - ok
18:06:23.0615 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:06:23.0625 6028 clr_optimization_v4.0.30319_64 - ok
18:06:23.0655 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:06:23.0665 6028 CmBatt - ok
18:06:23.0705 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:06:23.0705 6028 cmdide - ok
18:06:23.0765 6028 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:06:23.0765 6028 CNG - ok
18:06:23.0925 6028 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:06:23.0925 6028 Com4QLBEx - ok
18:06:23.0975 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:06:23.0975 6028 Compbatt - ok
18:06:24.0035 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:06:24.0045 6028 CompositeBus - ok
18:06:24.0065 6028 COMSysApp - ok
18:06:24.0105 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:06:24.0125 6028 crcdisk - ok
18:06:24.0185 6028 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:06:24.0255 6028 CryptSvc - ok
18:06:24.0327 6028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:06:24.0337 6028 DcomLaunch - ok
18:06:24.0377 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:06:24.0387 6028 defragsvc - ok
18:06:24.0437 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:06:24.0437 6028 DfsC - ok
18:06:24.0517 6028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:06:24.0587 6028 Dhcp - ok
18:06:24.0637 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:06:24.0637 6028 discache - ok
18:06:24.0687 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:06:24.0687 6028 Disk - ok
18:06:24.0767 6028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:06:24.0827 6028 Dnscache - ok
18:06:24.0897 6028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:06:24.0967 6028 dot3svc - ok
18:06:25.0009 6028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:06:25.0009 6028 DPS - ok
18:06:25.0059 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:06:25.0079 6028 drmkaud - ok
18:06:25.0169 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:06:25.0199 6028 DXGKrnl - ok
18:06:25.0279 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:06:25.0319 6028 EapHost - ok
18:06:25.0509 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:06:25.0629 6028 ebdrv - ok
18:06:25.0759 6028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:06:25.0779 6028 EFS - ok
18:06:25.0909 6028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:06:25.0999 6028 ehRecvr - ok
18:06:26.0029 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:06:26.0069 6028 ehSched - ok
18:06:26.0139 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:06:26.0149 6028 elxstor - ok
18:06:26.0199 6028 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
18:06:26.0219 6028 enecir - ok
18:06:26.0259 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:06:26.0269 6028 ErrDev - ok
18:06:26.0359 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:06:26.0379 6028 EventSystem - ok
18:06:26.0419 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:06:26.0439 6028 exfat - ok
18:06:26.0459 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:06:26.0479 6028 fastfat - ok
18:06:26.0579 6028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:06:26.0609 6028 Fax - ok
18:06:26.0689 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:06:26.0719 6028 fdc - ok
18:06:26.0821 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:06:26.0821 6028 fdPHost - ok
18:06:26.0851 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:06:26.0851 6028 FDResPub - ok
18:06:26.0881 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:06:26.0891 6028 FileInfo - ok
18:06:26.0901 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:06:26.0921 6028 Filetrace - ok
18:06:26.0951 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:06:26.0961 6028 flpydisk - ok
18:06:27.0031 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:06:27.0041 6028 FltMgr - ok
18:06:27.0141 6028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:06:27.0171 6028 FontCache - ok
18:06:27.0261 6028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:06:27.0261 6028 FontCache3.0.0.0 - ok
18:06:27.0311 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:06:27.0331 6028 FsDepends - ok
18:06:27.0403 6028 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:06:27.0423 6028 fssfltr - ok
18:06:27.0623 6028 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:06:27.0813 6028 fsssvc - ok
18:06:27.0973 6028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:06:27.0973 6028 Fs_Rec - ok
18:06:28.0113 6028 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
18:06:28.0173 6028 ftpsvc - ok
18:06:28.0243 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:06:28.0253 6028 fvevol - ok
18:06:28.0283 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:06:28.0303 6028 gagp30kx - ok
18:06:28.0443 6028 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:06:28.0533 6028 GameConsoleService - ok
18:06:28.0603 6028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:06:28.0613 6028 GEARAspiWDM - ok
18:06:28.0733 6028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:06:28.0803 6028 gpsvc - ok
18:06:28.0903 6028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:06:28.0903 6028 gupdate - ok
18:06:28.0913 6028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:06:28.0913 6028 gupdatem - ok
18:06:28.0953 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:06:28.0973 6028 hcw85cir - ok
18:06:29.0063 6028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:06:29.0103 6028 HdAudAddService - ok
18:06:29.0183 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:06:29.0183 6028 HDAudBus - ok
18:06:29.0203 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:06:29.0213 6028 HidBatt - ok
18:06:29.0233 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:06:29.0253 6028 HidBth - ok
18:06:29.0323 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:06:29.0333 6028 HidIr - ok
18:06:29.0363 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:06:29.0363 6028 hidserv - ok
18:06:29.0443 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:06:29.0463 6028 HidUsb - ok
18:06:29.0503 6028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:06:29.0533 6028 hkmsvc - ok
18:06:29.0593 6028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:06:29.0603 6028 HomeGroupListener - ok
18:06:29.0663 6028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:06:29.0663 6028 HomeGroupProvider - ok
18:06:29.0893 6028 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:06:29.0893 6028 HP Support Assistant Service - ok
18:06:30.0019 6028 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:06:30.0020 6028 HPDrvMntSvc.exe - ok
18:06:30.0075 6028 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:06:30.0075 6028 hpdskflt - ok
18:06:30.0145 6028 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:06:30.0155 6028 HpqKbFiltr - ok
18:06:30.0285 6028 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:06:30.0295 6028 hpqwmiex - ok
18:06:30.0355 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:06:30.0355 6028 HpSAMD - ok
18:06:30.0375 6028 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
18:06:30.0375 6028 hpsrv - ok
DHubbard
2012-07-18, 02:16
18:06:30.0485 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:06:30.0525 6028 HTTP - ok
18:06:30.0705 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:06:30.0705 6028 hwpolicy - ok
18:06:30.0775 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:06:30.0795 6028 i8042prt - ok
18:06:30.0885 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:06:30.0885 6028 iaStorV - ok
18:06:31.0025 6028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:06:31.0135 6028 idsvc - ok
18:06:31.0515 6028 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:06:31.0935 6028 igfx - ok
18:06:32.0215 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:06:32.0215 6028 iirsp - ok
18:06:32.0265 6028 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
18:06:32.0285 6028 IISADMIN - ok
18:06:32.0375 6028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:06:32.0435 6028 IKEEXT - ok
18:06:32.0465 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:06:32.0465 6028 intelide - ok
18:06:32.0705 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:06:32.0735 6028 intelppm - ok
18:06:32.0765 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:06:32.0795 6028 IPBusEnum - ok
18:06:32.0855 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:32.0865 6028 IpFilterDriver - ok
18:06:32.0935 6028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:06:32.0955 6028 iphlpsvc - ok
18:06:32.0995 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:06:33.0015 6028 IPMIDRV - ok
18:06:33.0045 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:06:33.0065 6028 IPNAT - ok
18:06:33.0245 6028 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:06:33.0255 6028 iPod Service - ok
18:06:33.0305 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:06:33.0315 6028 IRENUM - ok
18:06:33.0355 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:06:33.0355 6028 isapnp - ok
18:06:33.0415 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:06:33.0445 6028 iScsiPrt - ok
18:06:33.0485 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:06:33.0495 6028 kbdclass - ok
18:06:33.0545 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:06:33.0555 6028 kbdhid - ok
18:06:33.0595 6028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:06:33.0595 6028 KeyIso - ok
18:06:33.0645 6028 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:06:33.0645 6028 KSecDD - ok
18:06:33.0685 6028 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:06:33.0685 6028 KSecPkg - ok
18:06:33.0715 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:06:33.0725 6028 ksthunk - ok
18:06:33.0775 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:06:33.0815 6028 KtmRm - ok
18:06:33.0925 6028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:06:33.0955 6028 LanmanServer - ok
18:06:34.0005 6028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:06:34.0045 6028 LanmanWorkstation - ok
18:06:34.0165 6028 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:06:34.0245 6028 LightScribeService - ok
18:06:34.0285 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:06:34.0305 6028 lltdio - ok
18:06:34.0345 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:06:34.0386 6028 lltdsvc - ok
18:06:34.0406 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:06:34.0426 6028 lmhosts - ok
18:06:34.0636 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:06:34.0636 6028 LSI_FC - ok
18:06:34.0676 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:06:34.0686 6028 LSI_SAS - ok
18:06:34.0706 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:06:34.0706 6028 LSI_SAS2 - ok
18:06:34.0736 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:06:34.0736 6028 LSI_SCSI - ok
18:06:34.0796 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:06:34.0806 6028 luafv - ok
18:06:34.0966 6028 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
18:06:35.0066 6028 McComponentHostService - ok
18:06:35.0126 6028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:06:35.0166 6028 Mcx2Svc - ok
18:06:35.0206 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:06:35.0206 6028 megasas - ok
18:06:35.0236 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:06:35.0236 6028 MegaSR - ok
18:06:35.0296 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:06:35.0306 6028 MMCSS - ok
18:06:35.0336 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:06:35.0346 6028 Modem - ok
18:06:35.0396 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:06:35.0396 6028 monitor - ok
18:06:35.0436 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:06:35.0456 6028 mouclass - ok
18:06:35.0516 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:06:35.0526 6028 mouhid - ok
18:06:35.0576 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:06:35.0576 6028 mountmgr - ok
18:06:35.0666 6028 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:06:35.0666 6028 MozillaMaintenance - ok
18:06:35.0726 6028 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:06:35.0726 6028 MpFilter - ok
18:06:35.0776 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:06:35.0776 6028 mpio - ok
18:06:35.0966 6028 MpKslbe26e360 (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{893301AA-3B2A-4332-B0CA-92C8A2DFFA13}\MpKslbe26e360.sys
18:06:35.0996 6028 MpKslbe26e360 - ok
18:06:36.0058 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:06:36.0078 6028 mpsdrv - ok
18:06:36.0158 6028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:06:36.0188 6028 MpsSvc - ok
18:06:36.0258 6028 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
18:06:36.0298 6028 MQAC - ok
18:06:36.0448 6028 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
18:06:36.0488 6028 MREMP50 - ok
18:06:36.0628 6028 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
18:06:36.0638 6028 MREMP50a64 - ok
18:06:36.0668 6028 MREMPR5 - ok
18:06:36.0708 6028 MRENDIS5 - ok
18:06:36.0768 6028 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
18:06:36.0788 6028 MRESP50 - ok
18:06:36.0808 6028 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
18:06:36.0818 6028 MRESP50a64 - ok
18:06:36.0878 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:06:36.0908 6028 MRxDAV - ok
18:06:36.0988 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:36.0988 6028 mrxsmb - ok
18:06:37.0048 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:37.0058 6028 mrxsmb10 - ok
18:06:37.0098 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:37.0108 6028 mrxsmb20 - ok
18:06:37.0148 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:06:37.0148 6028 msahci - ok
18:06:37.0198 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:06:37.0198 6028 msdsm - ok
18:06:37.0238 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:06:37.0268 6028 MSDTC - ok
18:06:37.0338 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:06:37.0338 6028 Msfs - ok
18:06:37.0358 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:06:37.0378 6028 mshidkmdf - ok
18:06:37.0418 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:06:37.0418 6028 msisadrv - ok
18:06:37.0498 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:06:37.0528 6028 MSiSCSI - ok
18:06:37.0528 6028 msiserver - ok
18:06:37.0588 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:06:37.0598 6028 MSKSSRV - ok
18:06:37.0738 6028 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:06:37.0738 6028 MsMpSvc - ok
18:06:37.0768 6028 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
18:06:37.0788 6028 MSMQ - ok
18:06:37.0808 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:37.0818 6028 MSPCLOCK - ok
18:06:37.0878 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:06:37.0878 6028 MSPQM - ok
18:06:37.0938 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:06:37.0938 6028 MsRPC - ok
18:06:37.0998 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:06:37.0998 6028 mssmbios - ok
18:06:38.0028 6028 MSSQL$SOLARWINDS_ORION - ok
18:06:38.0138 6028 MSSQL$SQLEXPRESS - ok
18:06:38.0318 6028 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:06:38.0358 6028 MSSQLServerADHelper - ok
18:06:38.0568 6028 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:06:38.0598 6028 MSSQLServerADHelper100 - ok
18:06:38.0648 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:06:38.0668 6028 MSTEE - ok
18:06:39.0118 6028 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
18:06:39.0528 6028 msvsmon90 - ok
18:06:39.0660 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:06:39.0680 6028 MTConfig - ok
18:06:39.0740 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:06:39.0740 6028 Mup - ok
18:06:39.0810 6028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:06:39.0830 6028 napagent - ok
18:06:39.0890 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:06:39.0920 6028 NativeWifiP - ok
18:06:40.0060 6028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:06:40.0070 6028 NDIS - ok
18:06:40.0140 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:06:40.0150 6028 NdisCap - ok
18:06:40.0200 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:40.0230 6028 NdisTapi - ok
18:06:40.0300 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:40.0320 6028 Ndisuio - ok
18:06:40.0360 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:40.0380 6028 NdisWan - ok
18:06:40.0410 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:06:40.0430 6028 NDProxy - ok
18:06:40.0500 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:06:40.0500 6028 NetBIOS - ok
18:06:40.0550 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:06:40.0560 6028 NetBT - ok
18:06:40.0610 6028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:06:40.0610 6028 Netlogon - ok
18:06:40.0690 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:06:40.0710 6028 Netman - ok
18:06:40.0870 6028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:06:40.0870 6028 NetMsmqActivator - ok
18:06:40.0910 6028 NetPerfMonService - ok
18:06:40.0930 6028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:06:40.0930 6028 NetPipeActivator - ok
18:06:41.0040 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:06:41.0070 6028 netprofm - ok
18:06:41.0080 6028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:06:41.0080 6028 NetTcpActivator - ok
18:06:41.0090 6028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:06:41.0090 6028 NetTcpPortSharing - ok
18:06:41.0490 6028 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:06:41.0800 6028 netw5v64 - ok
18:06:41.0952 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:06:41.0952 6028 nfrd960 - ok
18:06:42.0062 6028 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:06:42.0082 6028 NisDrv - ok
18:06:42.0172 6028 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:06:42.0172 6028 NisSrv - ok
18:06:42.0242 6028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:06:42.0262 6028 NlaSvc - ok
18:06:42.0282 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:06:42.0282 6028 Npfs - ok
18:06:42.0312 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:06:42.0332 6028 nsi - ok
18:06:42.0342 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:06:42.0342 6028 nsiproxy - ok
18:06:42.0482 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:06:42.0492 6028 Ntfs - ok
18:06:42.0672 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:06:42.0692 6028 Null - ok
18:06:42.0782 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:06:42.0782 6028 nvraid - ok
18:06:42.0832 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:06:42.0832 6028 nvstor - ok
18:06:42.0852 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:06:42.0872 6028 nv_agp - ok
18:06:43.0002 6028 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:06:43.0102 6028 odserv - ok
18:06:43.0152 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:06:43.0172 6028 ohci1394 - ok
18:06:43.0192 6028 OrionModuleEngine - ok
18:06:43.0282 6028 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:43.0332 6028 ose - ok
18:06:43.0772 6028 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:06:44.0342 6028 osppsvc - ok
18:06:44.0492 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:06:44.0512 6028 p2pimsvc - ok
18:06:44.0552 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:06:44.0572 6028 p2psvc - ok
18:06:44.0632 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:06:44.0672 6028 Parport - ok
18:06:44.0722 6028 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:06:44.0722 6028 partmgr - ok
18:06:44.0762 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:06:44.0762 6028 PcaSvc - ok
18:06:44.0872 6028 pcCMService (9c049acd0cb71931af89e055427dfac9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
18:06:44.0872 6028 pcCMService - ok
18:06:44.0992 6028 pcCMService64 (d8c295d4f9d0dcc03de7ff006c1f3034) C:\Program Files\Common Files\Motive\pcCMService.exe
18:06:45.0012 6028 pcCMService64 - ok
18:06:45.0092 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:06:45.0102 6028 pci - ok
18:06:45.0112 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:06:45.0122 6028 pciide - ok
18:06:45.0152 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:06:45.0182 6028 pcmcia - ok
18:06:45.0212 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:06:45.0222 6028 pcw - ok
18:06:45.0272 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:06:45.0282 6028 PEAUTH - ok
18:06:45.0352 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:06:45.0352 6028 PerfHost - ok
18:06:45.0472 6028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:06:45.0582 6028 pla - ok
18:06:45.0662 6028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:06:45.0712 6028 PlugPlay - ok
18:06:45.0742 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:06:45.0772 6028 PNRPAutoReg - ok
18:06:45.0802 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:06:45.0802 6028 PNRPsvc - ok
18:06:45.0842 6028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:06:45.0852 6028 PolicyAgent - ok
18:06:45.0892 6028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:06:45.0892 6028 Power - ok
18:06:46.0002 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:06:46.0032 6028 PptpMiniport - ok
18:06:46.0052 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:06:46.0062 6028 Processor - ok
18:06:46.0172 6028 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:06:46.0182 6028 ProfSvc - ok
18:06:46.0222 6028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:06:46.0222 6028 ProtectedStorage - ok
18:06:46.0302 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:06:46.0302 6028 Psched - ok
18:06:46.0403 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:06:46.0413 6028 ql2300 - ok
18:06:46.0555 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:06:46.0555 6028 ql40xx - ok
18:06:46.0735 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:06:46.0855 6028 QWAVE - ok
18:06:46.0875 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:06:46.0895 6028 QWAVEdrv - ok
18:06:46.0905 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:06:46.0915 6028 RasAcd - ok
18:06:46.0965 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:06:46.0985 6028 RasAgileVpn - ok
18:06:47.0005 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:06:47.0035 6028 RasAuto - ok
18:06:47.0125 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:47.0185 6028 Rasl2tp - ok
18:06:47.0255 6028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:06:47.0325 6028 RasMan - ok
18:06:47.0395 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:47.0415 6028 RasPppoe - ok
18:06:47.0475 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:06:47.0495 6028 RasSstp - ok
18:06:47.0545 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:06:47.0555 6028 rdbss - ok
18:06:47.0585 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:06:47.0595 6028 rdpbus - ok
18:06:47.0605 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:47.0605 6028 RDPCDD - ok
18:06:47.0635 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:06:47.0635 6028 RDPENCDD - ok
18:06:47.0675 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:06:47.0675 6028 RDPREFMP - ok
18:06:47.0725 6028 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:06:47.0745 6028 RDPWD - ok
18:06:47.0815 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:06:47.0815 6028 rdyboost - ok
18:06:47.0845 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:06:47.0865 6028 RemoteAccess - ok
18:06:47.0915 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:06:47.0945 6028 RemoteRegistry - ok
18:06:48.0135 6028 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:06:48.0135 6028 RichVideo - ok
18:06:48.0195 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:06:48.0225 6028 RpcEptMapper - ok
18:06:48.0245 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:06:48.0255 6028 RpcLocator - ok
18:06:48.0337 6028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:06:48.0347 6028 RpcSs - ok
18:06:48.0497 6028 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
18:06:48.0547 6028 RsFx0150 - ok
18:06:48.0627 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:06:48.0657 6028 rspndr - ok
18:06:48.0767 6028 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:06:48.0797 6028 RSUSBSTOR - ok
18:06:48.0867 6028 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:06:48.0907 6028 RTL8167 - ok
18:06:48.0907 6028 RtsUIR - ok
18:06:48.0947 6028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:06:48.0947 6028 SamSs - ok
18:06:49.0007 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:06:49.0007 6028 sbp2port - ok
18:06:49.0207 6028 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:06:49.0217 6028 SBSDWSCService - ok
18:06:49.0247 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:06:49.0277 6028 SCardSvr - ok
18:06:49.0367 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:06:49.0387 6028 scfilter - ok
18:06:49.0487 6028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:06:49.0577 6028 Schedule - ok
18:06:49.0627 6028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:06:49.0627 6028 SCPolicySvc - ok
18:06:49.0717 6028 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:06:49.0737 6028 sdbus - ok
18:06:49.0757 6028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:06:49.0797 6028 SDRSVC - ok
18:06:49.0867 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:06:49.0877 6028 secdrv - ok
18:06:49.0917 6028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:06:49.0947 6028 seclogon - ok
18:06:49.0977 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:06:49.0977 6028 SENS - ok
18:06:50.0027 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:06:50.0057 6028 SensrSvc - ok
18:06:50.0077 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:06:50.0087 6028 Serenum - ok
18:06:50.0117 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:06:50.0127 6028 Serial - ok
18:06:50.0187 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:06:50.0207 6028 sermouse - ok
18:06:50.0279 6028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:06:50.0309 6028 SessionEnv - ok
18:06:50.0349 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:06:50.0359 6028 sffdisk - ok
18:06:50.0379 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:06:50.0389 6028 sffp_mmc - ok
18:06:50.0409 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:06:50.0419 6028 sffp_sd - ok
18:06:50.0449 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:50.0459 6028 sfloppy - ok
18:06:50.0529 6028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:06:50.0629 6028 SharedAccess - ok
18:06:50.0719 6028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:06:50.0819 6028 ShellHWDetection - ok
18:06:50.0859 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:06:50.0859 6028 SiSRaid2 - ok
18:06:50.0879 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:06:50.0879 6028 SiSRaid4 - ok
18:06:50.0909 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:06:50.0939 6028 Smb - ok
18:06:51.0009 6028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:06:51.0009 6028 SNMPTRAP - ok
18:06:51.0069 6028 SolarWindsAlertingEngine - ok
18:06:51.0069 6028 SolarwindsSyslogService - ok
18:06:51.0079 6028 SolarWindsTrapService - ok
18:06:51.0109 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:06:51.0119 6028 spldr - ok
18:06:51.0219 6028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:06:51.0279 6028 Spooler - ok
18:06:51.0549 6028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:06:51.0579 6028 sppsvc - ok
18:06:51.0689 6028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:06:51.0729 6028 sppuinotify - ok
18:06:51.0939 6028 SQLAgent$SQLEXPRESS (bea7fea5bb31eb58d78971f821ae6844) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:06:51.0999 6028 SQLAgent$SQLEXPRESS - ok
18:06:52.0209 6028 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:06:52.0309 6028 SQLBrowser - ok
18:06:52.0429 6028 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:06:52.0439 6028 SQLWriter - ok
18:06:52.0549 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:06:52.0559 6028 srv - ok
18:06:52.0619 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:06:52.0619 6028 srv2 - ok
18:06:52.0699 6028 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:06:52.0759 6028 SrvHsfHDA - ok
18:06:52.0849 6028 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:06:52.0919 6028 SrvHsfV92 - ok
18:06:53.0079 6028 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:06:53.0129 6028 SrvHsfWinac - ok
18:06:53.0179 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:06:53.0179 6028 srvnet - ok
18:06:53.0249 6028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:06:53.0269 6028 SSDPSRV - ok
18:06:53.0289 6028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:06:53.0289 6028 SstpSvc - ok
18:06:53.0469 6028 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
18:06:53.0539 6028 STacSV - ok
18:06:53.0559 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:06:53.0559 6028 stexstor - ok
18:06:53.0669 6028 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
18:06:53.0709 6028 STHDA - ok
18:06:53.0769 6028 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:06:53.0779 6028 StillCam - ok
18:06:53.0879 6028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:06:53.0899 6028 stisvc - ok
18:06:54.0051 6028 SWCollectorDataProcessorSvc (9198b04a437aeea787fa1eacfcf5743f) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe
18:06:54.0051 6028 SWCollectorDataProcessorSvc - ok
18:06:54.0061 6028 SWCollectorManagementAgentSvc (a5d4a70c8fe95f919db6a66bff1ec075) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe
18:06:54.0061 6028 SWCollectorManagementAgentSvc - ok
18:06:54.0081 6028 SWCollectorPollingControllerSvc (6ad42b27dea1e1bba790fea2205f823b) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe
18:06:54.0081 6028 SWCollectorPollingControllerSvc - ok
18:06:54.0133 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:06:54.0153 6028 swenum - ok
18:06:54.0245 6028 SWInfoServiceSvc (53c548b69d2de6d3832e63bc6d5007e1) C:\Program Files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe
18:06:54.0245 6028 SWInfoServiceSvc - ok
18:06:54.0305 6028 SWJobEngineSvc (5deb7c52a43d54bdece4b28e3320d81a) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe
18:06:54.0305 6028 SWJobEngineSvc - ok
18:06:54.0335 6028 SWJobEngineSvc2 (b8d9a2125115a62f766f466408dc3ba3) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe
18:06:54.0345 6028 SWJobEngineSvc2 - ok
18:06:54.0365 6028 SWJobSchedulerSvc (1375c917839648a6be8c45c2b0c0e48b) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe
18:06:54.0365 6028 SWJobSchedulerSvc - ok
18:06:54.0365 6028 SWOrionInformationServicev1 - ok
18:06:54.0453 6028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:06:54.0535 6028 swprv - ok
18:06:54.0597 6028 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
18:06:54.0617 6028 SynTP - ok
18:06:54.0807 6028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:06:54.0857 6028 SysMain - ok
18:06:54.0987 6028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:06:55.0007 6028 TabletInputService - ok
18:06:55.0077 6028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:06:55.0117 6028 TapiSrv - ok
18:06:55.0137 6028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:06:55.0137 6028 TBS - ok
18:06:55.0377 6028 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:06:55.0387 6028 Tcpip - ok
18:06:55.0677 6028 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:06:55.0687 6028 TCPIP6 - ok
18:06:55.0787 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:06:55.0787 6028 tcpipreg - ok
18:06:55.0847 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:06:55.0857 6028 TDPIPE - ok
18:06:55.0907 6028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:06:55.0917 6028 TDTCP - ok
18:06:55.0977 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:06:56.0007 6028 tdx - ok
18:06:56.0057 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:06:56.0077 6028 TermDD - ok
18:06:56.0127 6028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:06:56.0177 6028 TermService - ok
18:06:56.0207 6028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:06:56.0237 6028 Themes - ok
18:06:56.0277 6028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:06:56.0277 6028 THREADORDER - ok
18:06:56.0297 6028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:06:56.0297 6028 TrkWks - ok
18:06:56.0367 6028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:06:56.0377 6028 TrustedInstaller - ok
18:06:56.0427 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:56.0437 6028 tssecsrv - ok
18:06:56.0527 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:06:56.0547 6028 TsUsbFlt - ok
18:06:56.0617 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:06:56.0637 6028 tunnel - ok
18:06:56.0667 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:06:56.0687 6028 uagp35 - ok
18:06:56.0747 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:06:56.0787 6028 udfs - ok
18:06:56.0857 6028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:06:56.0877 6028 UI0Detect - ok
18:06:56.0927 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:06:56.0937 6028 uliagpkx - ok
18:06:56.0987 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:06:56.0997 6028 umbus - ok
18:06:57.0017 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:06:57.0027 6028 UmPass - ok
18:06:57.0067 6028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:06:57.0087 6028 upnphost - ok
18:06:57.0147 6028 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:06:57.0167 6028 USBAAPL64 - ok
18:06:57.0217 6028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:57.0237 6028 usbccgp - ok
18:06:57.0247 6028 USBCCID - ok
18:06:57.0337 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:06:57.0357 6028 usbcir - ok
18:06:57.0387 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:06:57.0407 6028 usbehci - ok
18:06:57.0458 6028 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
18:06:57.0468 6028 usbfilter - ok
18:06:57.0528 6028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:06:57.0568 6028 usbhub - ok
18:06:57.0578 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:06:57.0588 6028 usbohci - ok
18:06:57.0618 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:06:57.0628 6028 usbprint - ok
18:06:57.0648 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:06:57.0658 6028 USBSTOR - ok
18:06:57.0678 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:06:57.0688 6028 usbuhci - ok
18:06:57.0738 6028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:06:57.0758 6028 usbvideo - ok
18:06:57.0778 6028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:06:57.0808 6028 UxSms - ok
18:06:57.0848 6028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:06:57.0858 6028 VaultSvc - ok
18:06:57.0938 6028 VBoxDrv (d1f5ddf0bd1f1dd4746e8f0141bcf7e2) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:06:57.0978 6028 VBoxDrv - ok
18:06:57.0998 6028 VBoxNetAdp (6640f659a991a988a9e0a3df30108224) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:06:58.0018 6028 VBoxNetAdp - ok
18:06:58.0038 6028 VBoxNetFlt (3be89c54c045428df74072a9740ce654) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:06:58.0068 6028 VBoxNetFlt - ok
18:06:58.0148 6028 VBoxUSBMon (789ae49857013af32a96f0b46c362e59) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:06:58.0188 6028 VBoxUSBMon - ok
18:06:58.0258 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:06:58.0258 6028 vdrvroot - ok
18:06:58.0348 6028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:06:58.0398 6028 vds - ok
18:06:58.0428 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:58.0438 6028 vga - ok
18:06:58.0458 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:06:58.0468 6028 VgaSave - ok
18:06:58.0528 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:06:58.0558 6028 vhdmp - ok
18:06:58.0578 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:06:58.0578 6028 viaide - ok
18:06:58.0588 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:06:58.0588 6028 volmgr - ok
18:06:58.0648 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:06:58.0648 6028 volmgrx - ok
18:06:58.0678 6028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:06:58.0678 6028 volsnap - ok
18:06:58.0698 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:06:58.0698 6028 vsmraid - ok
18:06:58.0928 6028 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
18:06:58.0958 6028 VSPerfDrv100 - ok
18:06:59.0098 6028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:06:59.0658 6028 VSS - ok
18:06:59.0798 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:06:59.0808 6028 vwifibus - ok
18:06:59.0868 6028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:06:59.0878 6028 vwififlt - ok
18:06:59.0928 6028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:06:59.0978 6028 W32Time - ok
18:07:00.0128 6028 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
18:07:00.0148 6028 W3SVC - ok
18:07:00.0168 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:07:00.0188 6028 WacomPen - ok
18:07:00.0258 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:07:00.0278 6028 WANARP - ok
18:07:00.0288 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:07:00.0288 6028 Wanarpv6 - ok
18:07:00.0338 6028 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
18:07:00.0348 6028 WAS - ok
18:07:00.0530 6028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:07:00.0920 6028 WatAdminSvc - ok
18:07:01.0070 6028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:07:01.0220 6028 wbengine - ok
18:07:01.0350 6028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:07:01.0420 6028 WbioSrvc - ok
18:07:01.0480 6028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:07:01.0530 6028 wcncsvc - ok
18:07:01.0550 6028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:07:01.0570 6028 WcsPlugInService - ok
18:07:01.0620 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:07:01.0620 6028 Wd - ok
18:07:01.0690 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:07:01.0710 6028 Wdf01000 - ok
18:07:01.0730 6028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:07:01.0730 6028 WdiServiceHost - ok
18:07:01.0740 6028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:07:01.0740 6028 WdiSystemHost - ok
18:07:01.0790 6028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:07:01.0830 6028 WebClient - ok
18:07:01.0870 6028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:07:01.0910 6028 Wecsvc - ok
18:07:01.0930 6028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:07:01.0930 6028 wercplsupport - ok
18:07:01.0980 6028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:07:01.0980 6028 WerSvc - ok
18:07:02.0080 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:07:02.0110 6028 WfpLwf - ok
18:07:02.0140 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:07:02.0150 6028 WIMMount - ok
18:07:02.0190 6028 WinDefend - ok
18:07:02.0230 6028 WinHttpAutoProxySvc - ok
18:07:02.0330 6028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:07:02.0340 6028 Winmgmt - ok
18:07:02.0560 6028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:07:02.0700 6028 WinRM - ok
18:07:02.0910 6028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:07:02.0930 6028 WinUsb - ok
18:07:03.0000 6028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:07:03.0040 6028 Wlansvc - ok
18:07:03.0170 6028 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:07:03.0220 6028 wlcrasvc - ok
18:07:03.0460 6028 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:07:03.0470 6028 wlidsvc - ok
18:07:03.0602 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:07:03.0602 6028 WmiAcpi - ok
18:07:03.0670 6028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:07:03.0674 6028 wmiApSrv - ok
18:07:03.0700 6028 WMPNetworkSvc - ok
18:07:03.0734 6028 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
18:07:03.0764 6028 WMSVC - ok
18:07:03.0874 6028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:07:03.0904 6028 WPCSvc - ok
18:07:03.0969 6028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:07:03.0973 6028 WPDBusEnum - ok
18:07:04.0005 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:07:04.0036 6028 ws2ifsl - ok
18:07:04.0063 6028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:07:04.0068 6028 wscsvc - ok
18:07:04.0073 6028 WSearch - ok
18:07:04.0247 6028 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:07:04.0264 6028 wuauserv - ok
18:07:04.0436 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:07:04.0456 6028 WudfPf - ok
18:07:04.0708 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:07:04.0880 6028 WUDFRd - ok
18:07:05.0170 6028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:07:05.0280 6028 wudfsvc - ok
18:07:05.0390 6028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:07:05.0440 6028 WwanSvc - ok
18:07:05.0522 6028 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:07:05.0562 6028 yukonw7 - ok
18:07:05.0642 6028 MBR (0x1B8) (cacd25999a387c4eb6974de5b0236404) \Device\Harddisk0\DR0
18:07:05.0672 6028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:07:05.0672 6028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:07:05.0712 6028 Boot (0x1200) (df86fff9291506a3de9b6e367b497f5b) \Device\Harddisk0\DR0\Partition0
18:07:05.0712 6028 \Device\Harddisk0\DR0\Partition0 - ok
18:07:05.0752 6028 Boot (0x1200) (abcd04d584b1d6fe1d0cec7b8ca46e99) \Device\Harddisk0\DR0\Partition1
18:07:05.0762 6028 \Device\Harddisk0\DR0\Partition1 - ok
18:07:05.0792 6028 Boot (0x1200) (ee84bc6cebc4c18fc9a89a8432083000) \Device\Harddisk0\DR0\Partition2
18:07:05.0802 6028 \Device\Harddisk0\DR0\Partition2 - ok
18:07:05.0802 6028 ============================================================
18:07:05.0802 6028 Scan finished
18:07:05.0802 6028 ============================================================
18:07:05.0832 7208 Detected object count: 1
18:07:05.0832 7208 Actual detected object count: 1
18:07:29.0461 7208 \Device\Harddisk0\DR0\# - copied to quarantine
18:07:29.0743 7208 \Device\Harddisk0\DR0 - copied to quarantine
18:07:31.0287 7208 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:07:31.0317 7208 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:07:31.0354 7208 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:07:31.0389 7208 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:07:31.0431 7208 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:07:32.0495 7208 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:07:32.0549 7208 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:07:32.0553 7208 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:07:32.0558 7208 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:07:32.0743 7208 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:07:32.0763 7208 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:07:32.0773 7208 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:07:32.0783 7208 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:07:32.0863 7208 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:07:32.0903 7208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:07:32.0943 7208 \Device\Harddisk0\DR0 - ok
18:07:33.0906 7208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:07:37.0358 2188 Deinitialize success
DHubbard
2012-07-18, 02:18
18:13:32.0634 4780 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:13:33.0102 4780 ============================================================
18:13:33.0102 4780 Current date / time: 2012/07/17 18:13:33.0102
18:13:33.0102 4780 SystemInfo:
18:13:33.0102 4780
18:13:33.0102 4780 OS Version: 6.1.7601 ServicePack: 1.0
18:13:33.0102 4780 Product type: Workstation
18:13:33.0102 4780 ComputerName: OWNER-PC
18:13:33.0102 4780 UserName: Doug
18:13:33.0102 4780 Windows directory: C:\Windows
18:13:33.0102 4780 System windows directory: C:\Windows
18:13:33.0102 4780 Running under WOW64
18:13:33.0102 4780 Processor architecture: Intel x64
18:13:33.0102 4780 Number of processors: 2
18:13:33.0102 4780 Page size: 0x1000
18:13:33.0102 4780 Boot type: Normal boot
18:13:33.0102 4780 ============================================================
18:13:37.0454 4780 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:37.0470 4780 ============================================================
18:13:37.0470 4780 \Device\Harddisk0\DR0:
18:13:37.0470 4780 MBR partitions:
18:13:37.0470 4780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:13:37.0470 4780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388B6000
18:13:37.0470 4780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3891A000, BlocksNum 0x1A38000
18:13:37.0470 4780 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:13:37.0470 4780 ============================================================
18:13:37.0501 4780 C: <-> \Device\Harddisk0\DR0\Partition1
18:13:37.0548 4780 D: <-> \Device\Harddisk0\DR0\Partition2
18:13:37.0548 4780 ============================================================
18:13:37.0548 4780 Initialize success
18:13:37.0548 4780 ============================================================
18:13:40.0153 1760 ============================================================
18:13:40.0153 1760 Scan started
18:13:40.0153 1760 Mode: Manual;
18:13:40.0153 1760 ============================================================
18:13:42.0899 1760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:13:42.0977 1760 1394ohci - ok
18:13:43.0023 1760 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:13:43.0039 1760 Accelerometer - ok
18:13:43.0117 1760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:13:43.0133 1760 ACPI - ok
18:13:43.0179 1760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:13:43.0211 1760 AcpiPmi - ok
18:13:43.0523 1760 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:13:43.0523 1760 AdobeARMservice - ok
18:13:44.0630 1760 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:13:44.0646 1760 AdobeFlashPlayerUpdateSvc - ok
18:13:45.0363 1760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:13:45.0379 1760 adp94xx - ok
18:13:45.0457 1760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:13:45.0473 1760 adpahci - ok
18:13:45.0769 1760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:13:45.0785 1760 adpu320 - ok
18:13:45.0816 1760 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:13:45.0816 1760 AeLookupSvc - ok
18:13:46.0237 1760 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
18:13:46.0237 1760 AESTFilters - ok
18:13:46.0362 1760 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:13:46.0455 1760 AFD - ok
18:13:46.0565 1760 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
18:13:46.0580 1760 AgereModemAudio - ok
18:13:47.0095 1760 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
18:13:47.0251 1760 AgereSoftModem - ok
18:13:47.0313 1760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:13:47.0313 1760 agp440 - ok
18:13:47.0376 1760 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:13:47.0407 1760 ALG - ok
18:13:47.0454 1760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:13:47.0454 1760 aliide - ok
18:13:47.0579 1760 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
18:13:47.0657 1760 AMD External Events Utility - ok
18:13:47.0703 1760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:13:47.0703 1760 amdide - ok
18:13:47.0813 1760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:13:47.0859 1760 AmdK8 - ok
18:13:47.0937 1760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:13:47.0937 1760 AmdPPM - ok
18:13:48.0140 1760 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:13:48.0156 1760 amdsata - ok
18:13:48.0218 1760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:13:48.0218 1760 amdsbs - ok
18:13:48.0281 1760 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:13:48.0281 1760 amdxata - ok
18:13:48.0483 1760 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
18:13:48.0483 1760 AppHostSvc - ok
18:13:48.0546 1760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:13:48.0593 1760 AppID - ok
18:13:48.0671 1760 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:13:48.0686 1760 AppIDSvc - ok
18:13:48.0733 1760 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:13:48.0733 1760 Appinfo - ok
18:13:48.0998 1760 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:13:48.0998 1760 Apple Mobile Device - ok
18:13:49.0076 1760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:13:49.0076 1760 arc - ok
18:13:49.0107 1760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:13:49.0107 1760 arcsas - ok
18:13:49.0419 1760 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:13:49.0466 1760 aspnet_state - ok
18:13:49.0513 1760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:13:49.0544 1760 AsyncMac - ok
18:13:49.0607 1760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:13:49.0607 1760 atapi - ok
18:13:51.0260 1760 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
18:13:51.0369 1760 athr - ok
18:13:51.0900 1760 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
18:13:51.0993 1760 AtiHdmiService - ok
18:13:56.0112 1760 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
18:13:56.0424 1760 atikmdag - ok
18:13:57.0204 1760 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:13:57.0204 1760 AtiPcie - ok
18:13:57.0563 1760 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:13:57.0641 1760 AudioEndpointBuilder - ok
18:13:57.0656 1760 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:13:57.0656 1760 AudioSrv - ok
18:13:57.0734 1760 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:13:57.0797 1760 AxInstSV - ok
18:13:58.0155 1760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:13:58.0233 1760 b06bdrv - ok
18:13:58.0374 1760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:13:58.0467 1760 b57nd60a - ok
18:13:58.0545 1760 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:13:58.0608 1760 BDESVC - ok
18:13:58.0639 1760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:13:58.0655 1760 Beep - ok
18:13:59.0372 1760 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:13:59.0419 1760 BFE - ok
18:13:59.0528 1760 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:13:59.0669 1760 BITS - ok
18:13:59.0840 1760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:13:59.0871 1760 blbdrive - ok
18:14:00.0293 1760 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:14:00.0308 1760 Bonjour Service - ok
18:14:00.0558 1760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:14:00.0698 1760 bowser - ok
18:14:00.0729 1760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:14:00.0729 1760 BrFiltLo - ok
18:14:00.0761 1760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:14:00.0776 1760 BrFiltUp - ok
18:14:01.0213 1760 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:14:01.0244 1760 Browser - ok
18:14:02.0165 1760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:14:02.0243 1760 Brserid - ok
18:14:02.0383 1760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:02.0399 1760 BrSerWdm - ok
18:14:02.0461 1760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:02.0461 1760 BrUsbMdm - ok
18:14:02.0586 1760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:02.0601 1760 BrUsbSer - ok
18:14:02.0804 1760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:14:02.0882 1760 BTHMODEM - ok
18:14:03.0444 1760 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:14:03.0522 1760 bthserv - ok
18:14:03.0881 1760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:14:03.0912 1760 cdfs - ok
18:14:04.0099 1760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:14:04.0115 1760 cdrom - ok
18:14:04.0193 1760 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:14:04.0224 1760 CertPropSvc - ok
18:14:04.0286 1760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:14:04.0302 1760 circlass - ok
18:14:04.0536 1760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:14:04.0536 1760 CLFS - ok
18:14:04.0863 1760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:14:04.0926 1760 clr_optimization_v2.0.50727_32 - ok
18:14:05.0113 1760 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:14:05.0129 1760 clr_optimization_v2.0.50727_64 - ok
18:14:05.0378 1760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:14:05.0534 1760 clr_optimization_v4.0.30319_32 - ok
18:14:05.0675 1760 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:14:05.0815 1760 clr_optimization_v4.0.30319_64 - ok
18:14:05.0955 1760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:05.0971 1760 CmBatt - ok
18:14:06.0018 1760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:14:06.0018 1760 cmdide - ok
18:14:06.0704 1760 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:14:06.0735 1760 CNG - ok
18:14:07.0235 1760 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:14:07.0235 1760 Com4QLBEx - ok
18:14:07.0297 1760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:14:07.0297 1760 Compbatt - ok
18:14:07.0359 1760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:14:07.0391 1760 CompositeBus - ok
18:14:07.0422 1760 COMSysApp - ok
18:14:07.0500 1760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:14:07.0500 1760 crcdisk - ok
18:14:07.0547 1760 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:14:07.0562 1760 CryptSvc - ok
18:14:07.0640 1760 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:14:07.0671 1760 DcomLaunch - ok
18:14:07.0718 1760 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:14:07.0765 1760 defragsvc - ok
18:14:07.0843 1760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:14:07.0874 1760 DfsC - ok
18:14:07.0952 1760 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:14:07.0999 1760 Dhcp - ok
18:14:08.0030 1760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:14:08.0061 1760 discache - ok
18:14:08.0139 1760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:14:08.0139 1760 Disk - ok
18:14:08.0264 1760 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:14:08.0342 1760 Dnscache - ok
18:14:08.0561 1760 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:14:08.0592 1760 dot3svc - ok
18:14:08.0685 1760 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:14:08.0701 1760 DPS - ok
18:14:08.0748 1760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:14:08.0763 1760 drmkaud - ok
18:14:09.0450 1760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:14:09.0465 1760 DXGKrnl - ok
18:14:09.0543 1760 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:14:09.0590 1760 EapHost - ok
18:14:10.0869 1760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:14:11.0010 1760 ebdrv - ok
18:14:11.0603 1760 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:14:11.0634 1760 EFS - ok
18:14:12.0882 1760 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:14:12.0991 1760 ehRecvr - ok
18:14:13.0022 1760 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:14:13.0069 1760 ehSched - ok
18:14:13.0521 1760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:14:13.0553 1760 elxstor - ok
18:14:13.0615 1760 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
18:14:13.0646 1760 enecir - ok
18:14:13.0677 1760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:14:13.0693 1760 ErrDev - ok
18:14:14.0379 1760 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:14:14.0395 1760 EventSystem - ok
18:14:14.0442 1760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:14:14.0489 1760 exfat - ok
18:14:14.0520 1760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:14:14.0551 1760 fastfat - ok
18:14:15.0191 1760 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:14:15.0237 1760 Fax - ok
18:14:15.0269 1760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:14:15.0300 1760 fdc - ok
18:14:15.0315 1760 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:14:15.0315 1760 fdPHost - ok
18:14:15.0331 1760 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:14:15.0331 1760 FDResPub - ok
18:14:15.0362 1760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:14:15.0362 1760 FileInfo - ok
18:14:15.0378 1760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:14:15.0409 1760 Filetrace - ok
18:14:15.0456 1760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:15.0471 1760 flpydisk - ok
18:14:15.0627 1760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:14:15.0674 1760 FltMgr - ok
18:14:16.0953 1760 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:14:17.0172 1760 FontCache - ok
18:14:17.0328 1760 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:14:17.0328 1760 FontCache3.0.0.0 - ok
18:14:17.0515 1760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:14:17.0515 1760 FsDepends - ok
18:14:17.0640 1760 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:14:17.0655 1760 fssfltr - ok
18:14:19.0122 1760 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:14:19.0184 1760 fsssvc - ok
18:14:19.0512 1760 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:14:19.0512 1760 Fs_Rec - ok
18:14:19.0902 1760 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
18:14:19.0917 1760 ftpsvc - ok
18:14:20.0027 1760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:14:20.0042 1760 fvevol - ok
18:14:20.0105 1760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:14:20.0120 1760 gagp30kx - ok
18:14:20.0385 1760 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:14:20.0401 1760 GameConsoleService - ok
18:14:20.0495 1760 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:14:20.0495 1760 GEARAspiWDM - ok
18:14:20.0838 1760 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:14:20.0869 1760 gpsvc - ok
18:14:21.0056 1760 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:21.0072 1760 gupdate - ok
18:14:21.0072 1760 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:21.0072 1760 gupdatem - ok
18:14:21.0119 1760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:14:21.0134 1760 hcw85cir - ok
18:14:21.0353 1760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:14:21.0384 1760 HdAudAddService - ok
18:14:21.0477 1760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:14:21.0477 1760 HDAudBus - ok
18:14:21.0493 1760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:14:21.0524 1760 HidBatt - ok
18:14:21.0633 1760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:14:21.0665 1760 HidBth - ok
18:14:21.0836 1760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:14:21.0867 1760 HidIr - ok
18:14:21.0961 1760 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:14:21.0961 1760 hidserv - ok
18:14:22.0211 1760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:14:22.0273 1760 HidUsb - ok
18:14:22.0491 1760 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:14:22.0554 1760 hkmsvc - ok
18:14:22.0694 1760 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:14:22.0694 1760 HomeGroupListener - ok
18:14:22.0757 1760 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:14:22.0772 1760 HomeGroupProvider - ok
18:14:23.0193 1760 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:14:23.0193 1760 HP Support Assistant Service - ok
18:14:23.0365 1760 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:14:23.0381 1760 HPDrvMntSvc.exe - ok
18:14:23.0459 1760 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:14:23.0459 1760 hpdskflt - ok
18:14:23.0677 1760 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:14:23.0708 1760 HpqKbFiltr - ok
18:14:24.0301 1760 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:14:24.0332 1760 hpqwmiex - ok
18:14:24.0457 1760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:14:24.0473 1760 HpSAMD - ok
18:14:24.0488 1760 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
18:14:24.0488 1760 hpsrv - ok
18:14:24.0753 1760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:14:24.0941 1760 HTTP - ok
18:14:25.0003 1760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:14:25.0003 1760 hwpolicy - ok
18:14:25.0190 1760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:14:25.0221 1760 i8042prt - ok
18:14:25.0424 1760 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:14:25.0455 1760 iaStorV - ok
18:14:26.0173 1760 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:14:26.0267 1760 idsvc - ok
18:14:30.0697 1760 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:14:31.0165 1760 igfx - ok
18:14:31.0617 1760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:14:31.0617 1760 iirsp - ok
18:14:31.0711 1760 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
18:14:31.0711 1760 IISADMIN - ok
18:14:32.0631 1760 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:14:32.0678 1760 IKEEXT - ok
18:14:32.0741 1760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:14:32.0741 1760 intelide - ok
18:14:32.0772 1760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:14:32.0803 1760 intelppm - ok
18:14:32.0850 1760 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:14:32.0897 1760 IPBusEnum - ok
18:14:33.0021 1760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:33.0084 1760 IpFilterDriver - ok
18:14:33.0162 1760 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:14:33.0177 1760 iphlpsvc - ok
18:14:33.0365 1760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:14:33.0427 1760 IPMIDRV - ok
18:14:33.0458 1760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:14:33.0474 1760 IPNAT - ok
18:14:34.0581 1760 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:14:34.0628 1760 iPod Service - ok
18:14:34.0691 1760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:14:34.0706 1760 IRENUM - ok
18:14:34.0769 1760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:14:34.0769 1760 isapnp - ok
18:14:34.0815 1760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:14:34.0847 1760 iScsiPrt - ok
18:14:34.0878 1760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:14:34.0878 1760 kbdclass - ok
18:14:34.0940 1760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:14:34.0971 1760 kbdhid - ok
18:14:35.0003 1760 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:14:35.0003 1760 KeyIso - ok
18:14:35.0159 1760 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:14:35.0159 1760 KSecDD - ok
18:14:35.0221 1760 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:14:35.0237 1760 KSecPkg - ok
18:14:35.0283 1760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:14:35.0299 1760 ksthunk - ok
18:14:35.0533 1760 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:14:35.0611 1760 KtmRm - ok
18:14:35.0814 1760 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:14:35.0845 1760 LanmanServer - ok
18:14:35.0923 1760 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:14:35.0939 1760 LanmanWorkstation - ok
18:14:36.0188 1760 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:14:36.0188 1760 LightScribeService - ok
18:14:36.0235 1760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:14:36.0266 1760 lltdio - ok
18:14:36.0578 1760 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:14:36.0656 1760 lltdsvc - ok
18:14:36.0750 1760 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:14:36.0750 1760 lmhosts - ok
18:14:36.0828 1760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:14:36.0843 1760 LSI_FC - ok
18:14:36.0875 1760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:14:36.0875 1760 LSI_SAS - ok
18:14:36.0906 1760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:14:36.0906 1760 LSI_SAS2 - ok
18:14:36.0937 1760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:14:36.0937 1760 LSI_SCSI - ok
18:14:36.0999 1760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:14:37.0031 1760 luafv - ok
18:14:37.0280 1760 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
18:14:37.0311 1760 McComponentHostService - ok
18:14:37.0467 1760 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:14:37.0545 1760 Mcx2Svc - ok
18:14:37.0623 1760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:14:37.0623 1760 megasas - ok
18:14:37.0967 1760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:37.0982 1760 MegaSR - ok
18:14:38.0060 1760 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:14:38.0107 1760 MMCSS - ok
18:14:38.0138 1760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:14:38.0138 1760 Modem - ok
18:14:38.0185 1760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:14:38.0185 1760 monitor - ok
18:14:38.0263 1760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:14:38.0263 1760 mouclass - ok
18:14:38.0388 1760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:14:38.0450 1760 mouhid - ok
18:14:38.0575 1760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:14:38.0591 1760 mountmgr - ok
18:14:38.0684 1760 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:14:38.0684 1760 MozillaMaintenance - ok
18:14:38.0856 1760 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:14:38.0871 1760 MpFilter - ok
18:14:38.0918 1760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:14:38.0934 1760 mpio - ok
18:14:38.0965 1760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:14:38.0996 1760 mpsdrv - ok
18:14:39.0511 1760 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:14:39.0589 1760 MpsSvc - ok
18:14:39.0839 1760 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
18:14:39.0854 1760 MQAC - ok
18:14:40.0026 1760 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
18:14:40.0073 1760 MREMP50 - ok
18:14:40.0291 1760 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
18:14:40.0322 1760 MREMP50a64 - ok
18:14:40.0353 1760 MREMPR5 - ok
18:14:40.0369 1760 MRENDIS5 - ok
18:14:40.0509 1760 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
18:14:40.0541 1760 MRESP50 - ok
18:14:40.0603 1760 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
18:14:40.0619 1760 MRESP50a64 - ok
18:14:40.0743 1760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:14:40.0790 1760 MRxDAV - ok
18:14:40.0853 1760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:40.0868 1760 mrxsmb - ok
18:14:40.0931 1760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:40.0977 1760 mrxsmb10 - ok
18:14:41.0024 1760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:41.0040 1760 mrxsmb20 - ok
18:14:41.0118 1760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:14:41.0118 1760 msahci - ok
18:14:41.0383 1760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:14:41.0383 1760 msdsm - ok
18:14:41.0430 1760 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:14:41.0461 1760 MSDTC - ok
18:14:41.0539 1760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:14:41.0570 1760 Msfs - ok
18:14:41.0601 1760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:14:41.0601 1760 mshidkmdf - ok
18:14:41.0648 1760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:14:41.0648 1760 msisadrv - ok
18:14:41.0882 1760 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:14:41.0945 1760 MSiSCSI - ok
18:14:41.0960 1760 msiserver - ok
18:14:42.0007 1760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:14:42.0023 1760 MSKSSRV - ok
18:14:42.0179 1760 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:14:42.0179 1760 MsMpSvc - ok
18:14:42.0225 1760 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
18:14:42.0225 1760 MSMQ - ok
18:14:42.0241 1760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:42.0272 1760 MSPCLOCK - ok
18:14:42.0335 1760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:14:42.0366 1760 MSPQM - ok
18:14:42.0662 1760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:14:42.0678 1760 MsRPC - ok
18:14:42.0725 1760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:14:42.0725 1760 mssmbios - ok
18:14:42.0756 1760 MSSQL$SOLARWINDS_ORION - ok
18:14:42.0912 1760 MSSQL$SQLEXPRESS - ok
18:14:43.0130 1760 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:14:43.0130 1760 MSSQLServerADHelper - ok
18:14:43.0395 1760 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:14:43.0395 1760 MSSQLServerADHelper100 - ok
18:14:43.0473 1760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:14:43.0489 1760 MSTEE - ok
18:14:46.0141 1760 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
18:14:46.0328 1760 msvsmon90 - ok
18:14:46.0952 1760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:46.0968 1760 MTConfig - ok
18:14:47.0030 1760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:14:47.0030 1760 Mup - ok
18:14:47.0327 1760 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:14:47.0342 1760 napagent - ok
18:14:47.0436 1760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:14:47.0483 1760 NativeWifiP - ok
18:14:47.0623 1760 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:14:47.0685 1760 NDIS - ok
18:14:47.0732 1760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:47.0763 1760 NdisCap - ok
18:14:47.0810 1760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:47.0826 1760 NdisTapi - ok
18:14:47.0904 1760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:47.0919 1760 Ndisuio - ok
18:14:47.0997 1760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:48.0044 1760 NdisWan - ok
18:14:48.0107 1760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:14:48.0138 1760 NDProxy - ok
18:14:48.0216 1760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:14:48.0247 1760 NetBIOS - ok
18:14:48.0294 1760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:14:48.0325 1760 NetBT - ok
18:14:48.0403 1760 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:14:48.0403 1760 Netlogon - ok
18:14:48.0731 1760 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:14:48.0746 1760 Netman - ok
18:14:48.0918 1760 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:48.0933 1760 NetMsmqActivator - ok
18:14:48.0980 1760 NetPerfMonService - ok
18:14:48.0996 1760 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:48.0996 1760 NetPipeActivator - ok
18:14:49.0089 1760 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:14:49.0121 1760 netprofm - ok
18:14:49.0121 1760 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:49.0121 1760 NetTcpActivator - ok
18:14:49.0136 1760 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:49.0136 1760 NetTcpPortSharing - ok
18:14:50.0665 1760 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:14:51.0008 1760 netw5v64 - ok
18:14:51.0273 1760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:51.0273 1760 nfrd960 - ok
18:14:51.0351 1760 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:14:51.0367 1760 NisDrv - ok
18:14:51.0523 1760 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:14:51.0523 1760 NisSrv - ok
18:14:51.0601 1760 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:14:51.0617 1760 NlaSvc - ok
18:14:51.0632 1760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:14:51.0663 1760 Npfs - ok
18:14:51.0679 1760 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:14:51.0710 1760 nsi - ok
18:14:51.0710 1760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:14:51.0726 1760 nsiproxy - ok
18:14:52.0163 1760 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:14:52.0241 1760 Ntfs - ok
18:14:52.0568 1760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:14:52.0568 1760 Null - ok
18:14:52.0646 1760 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:14:52.0662 1760 nvraid - ok
18:14:53.0036 1760 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:14:53.0052 1760 nvstor - ok
18:14:53.0099 1760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:14:53.0114 1760 nv_agp - ok
18:14:53.0489 1760 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:14:53.0535 1760 odserv - ok
18:14:53.0660 1760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:14:53.0723 1760 ohci1394 - ok
18:14:53.0754 1760 OrionModuleEngine - ok
18:14:53.0879 1760 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:53.0894 1760 ose - ok
18:14:55.0673 1760 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:14:55.0829 1760 osppsvc - ok
18:14:56.0250 1760 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:14:56.0265 1760 p2pimsvc - ok
18:14:56.0312 1760 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:14:56.0343 1760 p2psvc - ok
18:14:56.0468 1760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:14:56.0499 1760 Parport - ok
18:14:56.0609 1760 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:14:56.0609 1760 partmgr - ok
18:14:56.0640 1760 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:14:56.0655 1760 PcaSvc - ok
18:14:56.0843 1760 pcCMService (9c049acd0cb71931af89e055427dfac9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
18:14:56.0843 1760 pcCMService - ok
18:14:57.0014 1760 pcCMService64 (d8c295d4f9d0dcc03de7ff006c1f3034) C:\Program Files\Common Files\Motive\pcCMService.exe
18:14:57.0030 1760 pcCMService64 - ok
18:14:57.0139 1760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:14:57.0155 1760 pci - ok
18:14:57.0170 1760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:14:57.0170 1760 pciide - ok
18:14:57.0217 1760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:57.0233 1760 pcmcia - ok
18:14:57.0264 1760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:14:57.0264 1760 pcw - ok
18:14:57.0545 1760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:14:57.0560 1760 PEAUTH - ok
18:14:57.0654 1760 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:14:57.0669 1760 PerfHost - ok
18:14:58.0153 1760 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:14:58.0309 1760 pla - ok
18:14:58.0418 1760 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:14:58.0481 1760 PlugPlay - ok
18:14:58.0496 1760 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:14:58.0543 1760 PNRPAutoReg - ok
18:14:58.0590 1760 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:14:58.0590 1760 PNRPsvc - ok
18:14:59.0073 1760 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:14:59.0105 1760 PolicyAgent - ok
18:14:59.0136 1760 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:14:59.0151 1760 Power - ok
18:14:59.0463 1760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:14:59.0495 1760 PptpMiniport - ok
18:14:59.0510 1760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:14:59.0526 1760 Processor - ok
18:14:59.0604 1760 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:14:59.0651 1760 ProfSvc - ok
18:14:59.0729 1760 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:14:59.0729 1760 ProtectedStorage - ok
18:14:59.0807 1760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:14:59.0822 1760 Psched - ok
18:15:00.0494 1760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:15:00.0525 1760 ql2300 - ok
18:15:00.0775 1760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:15:00.0775 1760 ql40xx - ok
18:15:00.0822 1760 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:15:00.0868 1760 QWAVE - ok
18:15:00.0900 1760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:15:00.0915 1760 QWAVEdrv - ok
18:15:00.0962 1760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:15:00.0993 1760 RasAcd - ok
18:15:01.0056 1760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:15:01.0087 1760 RasAgileVpn - ok
18:15:01.0165 1760 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:15:01.0196 1760 RasAuto - ok
18:15:01.0243 1760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:15:01.0274 1760 Rasl2tp - ok
18:15:01.0305 1760 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:15:01.0368 1760 RasMan - ok
18:15:01.0383 1760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:15:01.0399 1760 RasPppoe - ok
18:15:01.0461 1760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:15:01.0492 1760 RasSstp - ok
18:15:01.0586 1760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:15:01.0648 1760 rdbss - ok
18:15:01.0695 1760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:15:01.0711 1760 rdpbus - ok
18:15:01.0742 1760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:15:01.0758 1760 RDPCDD - ok
18:15:01.0758 1760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:15:01.0773 1760 RDPENCDD - ok
18:15:01.0789 1760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:15:01.0804 1760 RDPREFMP - ok
18:15:02.0007 1760 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:15:02.0038 1760 RDPWD - ok
18:15:02.0148 1760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:15:02.0148 1760 rdyboost - ok
18:15:02.0194 1760 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:15:02.0226 1760 RemoteAccess - ok
18:15:02.0257 1760 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:15:02.0288 1760 RemoteRegistry - ok
18:15:02.0475 1760 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:15:02.0475 1760 RichVideo - ok
18:15:02.0538 1760 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:15:02.0600 1760 RpcEptMapper - ok
18:15:02.0616 1760 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:15:02.0631 1760 RpcLocator - ok
18:15:02.0725 1760 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:15:02.0725 1760 RpcSs - ok
18:15:02.0912 1760 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
18:15:02.0943 1760 RsFx0150 - ok
18:15:03.0037 1760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:15:03.0068 1760 rspndr - ok
18:15:03.0177 1760 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:15:03.0240 1760 RSUSBSTOR - ok
18:15:03.0364 1760 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:15:03.0427 1760 RTL8167 - ok
18:15:03.0442 1760 RtsUIR - ok
18:15:03.0520 1760 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:03.0520 1760 SamSs - ok
18:15:03.0583 1760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:15:03.0583 1760 sbp2port - ok
18:15:04.0394 1760 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:15:04.0456 1760 SBSDWSCService - ok
18:15:04.0488 1760 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:15:04.0519 1760 SCardSvr - ok
18:15:04.0628 1760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:15:04.0644 1760 scfilter - ok
18:15:04.0987 1760 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:15:05.0065 1760 Schedule - ok
18:15:05.0143 1760 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:15:05.0143 1760 SCPolicySvc - ok
18:15:05.0283 1760 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:15:05.0330 1760 sdbus - ok
18:15:05.0392 1760 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:15:05.0439 1760 SDRSVC - ok
18:15:05.0548 1760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:15:05.0548 1760 secdrv - ok
18:15:05.0611 1760 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:15:05.0658 1760 seclogon - ok
18:15:05.0673 1760 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:15:05.0673 1760 SENS - ok
18:15:05.0720 1760 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:15:05.0767 1760 SensrSvc - ok
18:15:05.0829 1760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:15:05.0876 1760 Serenum - ok
18:15:05.0892 1760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:15:05.0907 1760 Serial - ok
18:15:05.0985 1760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:15:05.0985 1760 sermouse - ok
18:15:06.0048 1760 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:15:06.0079 1760 SessionEnv - ok
18:15:06.0126 1760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:15:06.0157 1760 sffdisk - ok
18:15:06.0172 1760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:15:06.0188 1760 sffp_mmc - ok
18:15:06.0204 1760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:15:06.0219 1760 sffp_sd - ok
18:15:06.0250 1760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:15:06.0266 1760 sfloppy - ok
18:15:06.0328 1760 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:15:06.0375 1760 SharedAccess - ok
18:15:06.0516 1760 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:15:06.0562 1760 ShellHWDetection - ok
18:15:06.0656 1760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:15:06.0656 1760 SiSRaid2 - ok
18:15:06.0734 1760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:15:06.0750 1760 SiSRaid4 - ok
18:15:06.0843 1760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:15:06.0874 1760 Smb - ok
18:15:06.0952 1760 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:15:06.0952 1760 SNMPTRAP - ok
18:15:07.0030 1760 SolarWindsAlertingEngine - ok
18:15:07.0046 1760 SolarwindsSyslogService - ok
18:15:07.0062 1760 SolarWindsTrapService - ok
18:15:07.0093 1760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:15:07.0093 1760 spldr - ok
18:15:07.0249 1760 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:15:07.0311 1760 Spooler - ok
18:15:08.0763 1760 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:15:08.0857 1760 sppsvc - ok
18:15:09.0075 1760 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:15:09.0106 1760 sppuinotify - ok
18:15:09.0465 1760 SQLAgent$SQLEXPRESS (bea7fea5bb31eb58d78971f821ae6844) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:15:09.0481 1760 SQLAgent$SQLEXPRESS - ok
18:15:09.0871 1760 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:15:09.0886 1760 SQLBrowser - ok
18:15:10.0276 1760 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:15:10.0307 1760 SQLWriter - ok
18:15:10.0417 1760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:15:10.0417 1760 srv - ok
18:15:10.0994 1760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:15:11.0009 1760 srv2 - ok
18:15:11.0509 1760 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:15:11.0587 1760 SrvHsfHDA - ok
18:15:11.0914 1760 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:15:12.0039 1760 SrvHsfV92 - ok
18:15:12.0523 1760 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:15:12.0569 1760 SrvHsfWinac - ok
18:15:12.0616 1760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:15:12.0616 1760 srvnet - ok
18:15:12.0679 1760 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:15:12.0710 1760 SSDPSRV - ok
18:15:12.0725 1760 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:15:12.0725 1760 SstpSvc - ok
18:15:13.0225 1760 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
18:15:13.0287 1760 STacSV - ok
18:15:13.0303 1760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:15:13.0303 1760 stexstor - ok
18:15:13.0474 1760 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
18:15:13.0505 1760 STHDA - ok
18:15:13.0568 1760 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
DHubbard
2012-07-18, 02:19
18:15:13.0568 1760 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:15:13.0583 1760 StillCam - ok
18:15:13.0942 1760 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:15:13.0989 1760 stisvc - ok
18:15:14.0239 1760 SWCollectorDataProcessorSvc (9198b04a437aeea787fa1eacfcf5743f) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe
18:15:14.0239 1760 SWCollectorDataProcessorSvc - ok
18:15:14.0317 1760 SWCollectorManagementAgentSvc (a5d4a70c8fe95f919db6a66bff1ec075) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe
18:15:14.0317 1760 SWCollectorManagementAgentSvc - ok
18:15:14.0363 1760 SWCollectorPollingControllerSvc (6ad42b27dea1e1bba790fea2205f823b) C:\Program Files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe
18:15:14.0363 1760 SWCollectorPollingControllerSvc - ok
18:15:14.0410 1760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:15:14.0410 1760 swenum - ok
18:15:14.0535 1760 SWInfoServiceSvc (53c548b69d2de6d3832e63bc6d5007e1) C:\Program Files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe
18:15:14.0535 1760 SWInfoServiceSvc - ok
18:15:14.0675 1760 SWJobEngineSvc (5deb7c52a43d54bdece4b28e3320d81a) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe
18:15:14.0675 1760 SWJobEngineSvc - ok
18:15:14.0769 1760 SWJobEngineSvc2 (b8d9a2125115a62f766f466408dc3ba3) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe
18:15:14.0769 1760 SWJobEngineSvc2 - ok
18:15:14.0831 1760 SWJobSchedulerSvc (1375c917839648a6be8c45c2b0c0e48b) C:\Program Files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe
18:15:14.0831 1760 SWJobSchedulerSvc - ok
18:15:14.0831 1760 SWOrionInformationServicev1 - ok
18:15:15.0253 1760 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:15:15.0502 1760 swprv - ok
18:15:16.0407 1760 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
18:15:16.0423 1760 SynTP - ok
18:15:17.0483 1760 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:15:17.0530 1760 SysMain - ok
18:15:18.0201 1760 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:15:18.0279 1760 TabletInputService - ok
18:15:18.0357 1760 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:15:18.0435 1760 TapiSrv - ok
18:15:18.0466 1760 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:15:18.0466 1760 TBS - ok
18:15:19.0777 1760 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:15:19.0823 1760 Tcpip - ok
18:15:21.0118 1760 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:15:21.0149 1760 TCPIP6 - ok
18:15:21.0758 1760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:15:21.0758 1760 tcpipreg - ok
18:15:21.0820 1760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:15:21.0851 1760 TDPIPE - ok
18:15:21.0976 1760 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:15:21.0992 1760 TDTCP - ok
18:15:22.0054 1760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:15:22.0085 1760 tdx - ok
18:15:22.0163 1760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:15:22.0163 1760 TermDD - ok
18:15:23.0021 1760 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:15:23.0177 1760 TermService - ok
18:15:23.0193 1760 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:15:23.0193 1760 Themes - ok
18:15:23.0240 1760 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:15:23.0240 1760 THREADORDER - ok
18:15:23.0255 1760 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:15:23.0255 1760 TrkWks - ok
18:15:23.0333 1760 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:15:23.0396 1760 TrustedInstaller - ok
18:15:23.0443 1760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:15:23.0443 1760 tssecsrv - ok
18:15:23.0567 1760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:15:23.0614 1760 TsUsbFlt - ok
18:15:23.0692 1760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:15:23.0739 1760 tunnel - ok
18:15:23.0926 1760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:15:23.0942 1760 uagp35 - ok
18:15:24.0020 1760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:15:24.0067 1760 udfs - ok
18:15:24.0129 1760 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:15:24.0176 1760 UI0Detect - ok
18:15:24.0301 1760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:15:24.0301 1760 uliagpkx - ok
18:15:24.0379 1760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:15:24.0410 1760 umbus - ok
18:15:24.0441 1760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:15:24.0457 1760 UmPass - ok
18:15:24.0503 1760 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:15:24.0519 1760 upnphost - ok
18:15:24.0628 1760 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:15:24.0675 1760 USBAAPL64 - ok
18:15:24.0815 1760 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:15:24.0862 1760 usbccgp - ok
18:15:24.0878 1760 USBCCID - ok
18:15:25.0018 1760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:15:25.0065 1760 usbcir - ok
18:15:25.0112 1760 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:15:25.0127 1760 usbehci - ok
18:15:25.0190 1760 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
18:15:25.0190 1760 usbfilter - ok
18:15:25.0346 1760 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:15:25.0393 1760 usbhub - ok
18:15:25.0408 1760 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:15:25.0408 1760 usbohci - ok
18:15:25.0439 1760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:15:25.0455 1760 usbprint - ok
18:15:25.0471 1760 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:15:25.0486 1760 USBSTOR - ok
18:15:25.0502 1760 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:15:25.0517 1760 usbuhci - ok
18:15:25.0580 1760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:15:25.0611 1760 usbvideo - ok
18:15:25.0689 1760 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:15:25.0736 1760 UxSms - ok
18:15:25.0783 1760 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:25.0783 1760 VaultSvc - ok
18:15:25.0861 1760 VBoxDrv (d1f5ddf0bd1f1dd4746e8f0141bcf7e2) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:15:25.0861 1760 VBoxDrv - ok
18:15:25.0892 1760 VBoxNetAdp (6640f659a991a988a9e0a3df30108224) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:15:25.0892 1760 VBoxNetAdp - ok
18:15:25.0923 1760 VBoxNetFlt (3be89c54c045428df74072a9740ce654) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:15:25.0939 1760 VBoxNetFlt - ok
18:15:26.0017 1760 VBoxUSBMon (789ae49857013af32a96f0b46c362e59) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:15:26.0017 1760 VBoxUSBMon - ok
18:15:26.0142 1760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:15:26.0142 1760 vdrvroot - ok
18:15:26.0251 1760 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:15:26.0313 1760 vds - ok
18:15:26.0407 1760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:15:26.0438 1760 vga - ok
18:15:26.0454 1760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:15:26.0469 1760 VgaSave - ok
18:15:26.0688 1760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:15:26.0703 1760 vhdmp - ok
18:15:26.0750 1760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:15:26.0750 1760 viaide - ok
18:15:26.0797 1760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:15:26.0797 1760 volmgr - ok
18:15:26.0937 1760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:15:26.0968 1760 volmgrx - ok
18:15:27.0124 1760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:15:27.0140 1760 volsnap - ok
18:15:27.0249 1760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:15:27.0265 1760 vsmraid - ok
18:15:27.0530 1760 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
18:15:27.0530 1760 VSPerfDrv100 - ok
18:15:27.0951 1760 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:15:28.0029 1760 VSS - ok
18:15:28.0248 1760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:15:28.0263 1760 vwifibus - ok
18:15:28.0326 1760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:15:28.0326 1760 vwififlt - ok
18:15:28.0388 1760 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:15:28.0435 1760 W32Time - ok
18:15:28.0669 1760 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
18:15:28.0669 1760 W3SVC - ok
18:15:28.0684 1760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:15:28.0700 1760 WacomPen - ok
18:15:28.0778 1760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:28.0809 1760 WANARP - ok
18:15:28.0809 1760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:28.0809 1760 Wanarpv6 - ok
18:15:28.0840 1760 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
18:15:28.0840 1760 WAS - ok
18:15:29.0090 1760 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:15:29.0106 1760 WatAdminSvc - ok
18:15:29.0386 1760 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:15:29.0527 1760 wbengine - ok
18:15:30.0088 1760 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:15:30.0182 1760 WbioSrvc - ok
18:15:30.0276 1760 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:15:30.0338 1760 wcncsvc - ok
18:15:30.0369 1760 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:15:30.0385 1760 WcsPlugInService - ok
18:15:30.0478 1760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:15:30.0478 1760 Wd - ok
18:15:30.0712 1760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:15:30.0759 1760 Wdf01000 - ok
18:15:30.0790 1760 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:15:30.0790 1760 WdiServiceHost - ok
18:15:30.0806 1760 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:15:30.0806 1760 WdiSystemHost - ok
18:15:30.0868 1760 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:15:30.0962 1760 WebClient - ok
18:15:31.0009 1760 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:15:31.0056 1760 Wecsvc - ok
18:15:31.0071 1760 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:15:31.0071 1760 wercplsupport - ok
18:15:31.0087 1760 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:15:31.0118 1760 WerSvc - ok
18:15:31.0227 1760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:15:31.0243 1760 WfpLwf - ok
18:15:31.0258 1760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:15:31.0274 1760 WIMMount - ok
18:15:31.0305 1760 WinDefend - ok
18:15:31.0352 1760 WinHttpAutoProxySvc - ok
18:15:31.0524 1760 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:15:31.0555 1760 Winmgmt - ok
18:15:32.0319 1760 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:15:32.0522 1760 WinRM - ok
18:15:33.0068 1760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:15:33.0115 1760 WinUsb - ok
18:15:34.0160 1760 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:15:34.0238 1760 Wlansvc - ok
18:15:34.0488 1760 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:15:34.0503 1760 wlcrasvc - ok
18:15:35.0907 1760 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:15:35.0985 1760 wlidsvc - ok
18:15:36.0375 1760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:15:36.0375 1760 WmiAcpi - ok
18:15:36.0718 1760 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:15:36.0718 1760 wmiApSrv - ok
18:15:36.0781 1760 WMPNetworkSvc - ok
18:15:36.0828 1760 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
18:15:36.0859 1760 WMSVC - ok
18:15:36.0874 1760 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:15:36.0906 1760 WPCSvc - ok
18:15:36.0937 1760 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:15:36.0952 1760 WPDBusEnum - ok
18:15:36.0968 1760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:15:36.0984 1760 ws2ifsl - ok
18:15:36.0999 1760 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:15:37.0015 1760 wscsvc - ok
18:15:37.0015 1760 WSearch - ok
18:15:37.0608 1760 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:15:37.0701 1760 wuauserv - ok
18:15:38.0606 1760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:15:38.0668 1760 WudfPf - ok
18:15:38.0887 1760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:15:38.0949 1760 WUDFRd - ok
18:15:39.0027 1760 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:15:39.0058 1760 wudfsvc - ok
18:15:39.0090 1760 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:15:39.0136 1760 WwanSvc - ok
18:15:39.0417 1760 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:15:39.0464 1760 yukonw7 - ok
18:15:39.0526 1760 MBR (0x1B8) (cacd25999a387c4eb6974de5b0236404) \Device\Harddisk0\DR0
18:15:40.0338 1760 \Device\Harddisk0\DR0 - ok
18:15:40.0369 1760 Boot (0x1200) (df86fff9291506a3de9b6e367b497f5b) \Device\Harddisk0\DR0\Partition0
18:15:40.0369 1760 \Device\Harddisk0\DR0\Partition0 - ok
18:15:40.0384 1760 Boot (0x1200) (abcd04d584b1d6fe1d0cec7b8ca46e99) \Device\Harddisk0\DR0\Partition1
18:15:40.0384 1760 \Device\Harddisk0\DR0\Partition1 - ok
18:15:40.0416 1760 Boot (0x1200) (ee84bc6cebc4c18fc9a89a8432083000) \Device\Harddisk0\DR0\Partition2
18:15:40.0431 1760 \Device\Harddisk0\DR0\Partition2 - ok
18:15:40.0462 1760 Boot (0x1200) (71a1fa16e31e1d1dc7547288f500b207) \Device\Harddisk0\DR0\Partition3
18:15:40.0478 1760 \Device\Harddisk0\DR0\Partition3 - ok
18:15:40.0478 1760 ============================================================
18:15:40.0478 1760 Scan finished
18:15:40.0478 1760 ============================================================
18:15:40.0509 6048 Detected object count: 0
18:15:40.0509 6048 Actual detected object count: 0
DHubbard
2012-07-18, 02:20
ComboFix 12-07-16.01 - Doug 07/17/2012 18:25:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7932.5906 [GMT -5:00]
Running from: c:\users\Doug\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 23:35 . 2012-07-17 23:35 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-17 23:35 . 2012-07-17 23:35 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-17 23:35 . 2012-07-17 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 23:13 . 2012-07-17 23:13 116016 ----a-w- c:\windows\system32\drivers\33084987.sys
2012-07-17 23:07 . 2012-07-17 23:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 04:28 . 2012-05-04 23:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-17 04:28 . 2012-05-04 23:32 839056 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-17 03:45 . 2012-07-17 03:45 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFDF06B8-7E9A-4081-9CFB-4D01143F3963}\gapaengine.dll
2012-07-17 03:45 . 2012-06-29 08:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{893301AA-3B2A-4332-B0CA-92C8A2DFFA13}\mpengine.dll
2012-07-17 03:42 . 2012-07-17 03:42 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-17 03:42 . 2012-07-17 03:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-17 03:27 . 2012-07-17 03:27 -------- d-----w- c:\users\Doug\AppData\Local\ElevatedDiagnostics
2012-07-17 03:13 . 2012-07-17 03:36 -------- d-----w- c:\program files\CCleaner
2012-07-17 03:12 . 2012-07-17 03:13 -------- d-----w- c:\users\Doug\AppData\Local\Google
2012-07-17 03:12 . 2012-07-17 03:12 -------- d-----w- c:\program files (x86)\Google
2012-07-17 02:36 . 2012-07-17 02:36 -------- d-----w- c:\users\Doug\AppData\Local\Macromedia
2012-07-10 18:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-23 17:35 . 2012-06-23 17:35 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-06-18 22:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 22:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 22:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 22:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 22:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 22:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 22:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 22:01 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 22:01 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 23:37 . 2011-01-14 06:14 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-07-12 01:13 . 2012-05-13 03:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:13 . 2011-07-06 01:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 08:12 . 2012-07-17 01:29 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC3B38DF-BC32-4035-9DD1-068A25FEE5B5}\mpengine.dll
2012-05-15 04:01 . 2012-06-12 22:44 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-12 22:44 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-12 22:44 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 22:44 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 22:44 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 22:44 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 22:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 22:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 22:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 22:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 22:44 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 22:44 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 22:44 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 22:44 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 22:44 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 22:44 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-12 22:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-12 22:44 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 21:40 218408 ------w- c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2010-03-23 18:47 500792 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION);h:\dougrmu\Senior\447\SQLExpress\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
R2 NetPerfMonService;SolarWinds Network Performance Monitor;h:\dougrmu\Senior\447\NetPerfMonService.exe [x]
R2 OrionModuleEngine;SolarWinds Orion Module Engine;h:\dougrmu\Senior\447\SolarWinds.BusinessLayerHost.exe [x]
R2 SolarWindsAlertingEngine;SolarWinds Alerting Engine;h:\dougrmu\Senior\447\AlertingEngine.exe [x]
R2 SolarwindsSyslogService;SolarWinds Syslog Service;h:\dougrmu\Senior\447\SyslogService.exe [x]
R2 SolarWindsTrapService;SolarWinds Trap Service;h:\dougrmu\Senior\447\SWTrapService.exe [x]
R2 SWOrionInformationServicev1;SolarWinds Orion Information Service v1;h:\dougrmu\Senior\447\Information Service\1.0\SolarWinds.InformationService.Service.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-03 202576]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-03 53520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-10-21 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-01-18 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-01-18 441344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SWCollectorDataProcessorSvc;SolarWinds Collector Data Processor;c:\program files (x86)\Common Files\SolarWinds\Collector\SolarWinds.DataProcessor.exe [2010-12-06 29184]
S2 SWCollectorManagementAgentSvc;SolarWinds Collector Management Agent;c:\program files (x86)\Common Files\SolarWinds\Collector\SolarWinds.ManagementAgent.exe [2010-12-06 29184]
S2 SWCollectorPollingControllerSvc;SolarWinds Collector Polling Controller;c:\program files (x86)\Common Files\SolarWinds\Collector\SolarWinds.PollingController.exe [2010-12-06 29184]
S2 SWInfoServiceSvc;SolarWinds Information Service;c:\program files (x86)\Common Files\SolarWinds\InformationService\SolarWinds.InformationService.Service.exe [2010-10-18 34304]
S2 SWJobEngineSvc;SolarWinds Job Engine;c:\program files (x86)\Common Files\SolarWinds\JobEngine\SWJobEngineSvc.exe [2010-11-29 33280]
S2 SWJobEngineSvc2;SolarWinds Job Engine v2;c:\program files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineSvc2.exe [2010-12-27 37376]
S2 SWJobSchedulerSvc;SolarWinds Job Scheduler;c:\program files (x86)\Common Files\SolarWinds\JobEngine\SWJobSchedulerSvc.exe [2010-11-29 36352]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-03 144656]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-03 164176]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 01:13]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 03:12]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 03:12]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981133466-1286039072-1923035676-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:57]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981133466-1286039072-1923035676-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:57]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-10-21 487424]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 2727936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ar0x28wm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb35076&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-NortonOnlineBackupReminder - c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
MSConfigStartUp-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SolarWinds Information Service]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SolarWinds: Collector DataProcessor]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Solarwinds: Job Broker]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Solarwinds: Job Engine]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Solarwinds: Job Engine v2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Solarwinds: Job Scheduler]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Solarwinds: Job Scheduler v2]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-17 18:51:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 23:51
.
Pre-Run: 203,337,527,296 bytes free
Post-Run: 202,699,141,120 bytes free
.
- - End Of File - - 0F358E32DB7D56CD81992E29074ED138
DHubbard
2012-07-18, 03:31
it doesn't show up in Spybot anymore. I think TSS took care of the infection(?)
Satchfan
2012-07-18, 09:56
That’s looking good – you did a good job.

We’ll have to run a bit more to be sure we clean up everything because this was/is a nasty infection.

Download Malwarebytes-Anti-Malware

Click here (http://www.malwarebytes.org/products/malwarebytes_free )

double-click mbam-setup.exe and follow the prompts to install the program.
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).

save it to your Desktop. double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. a Notepad document should open automatically called checkup.txt; please post the contents of that document.


Logs to include with the next post:

Mbam.txt
checkup.txt

Can you tell me if there are any outstanding problems.

Satchfan
DHubbard
2012-07-18, 19:34
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Owner :: OWNER-PC [administrator]

7/18/2012 12:09:42 PM
mbam-log-2012-07-18 (12-09-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272555
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Doug\Downloads\ccleaner.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Doug\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\IWON.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)
DHubbard
2012-07-18, 19:35
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup 2011
Java(TM) 6 Update 31
Java(TM) SE Development Kit 6 Update 22
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
DHubbard
2012-07-18, 19:43
The problems (audio ads, immediate shutdown, and search engine manipulation) have seem to have subsided.

Satchfan, I thank you very much for your work to help me with this issue. I'm a hardware guy and don't run into problems like this, ever. I was pretty much dead in the water until you helped me.

I can't believe that infections like that are out there! It started playing x-rated stuff while I was looking at guitars at musicians friend's site! I was checking out this new Dave Mustaine acoustic guitar by Dean and it starts with moaning and crap. My daughter was sitting here with me! Then it changed to Spanish ads. Thank you that its gone now! :thanks::thanks:
Satchfan
2012-07-18, 23:34
I’m pleased to have been able to help.

Before we finish I’d like you to run one more scan and then we’ll tidy up and update a bit.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan (http://www.eset.com/online-scanner)

1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish

If a log has been produced post it in your next reply.

NOTE. If Eset doesn't find any threats, it won't produce a log.

Satchfan
DHubbard
2012-07-20, 03:22
ESET Scanner found no threats and produced no log file.

Sounds like good news!
:rockon:
Satchfan
2012-07-20, 08:54
Good job :yes:

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

You can delete the DDS, TDSS Killer, Security Check and aswMBR logs and programs from your desktop.

Uninstall Combofix

Follow these steps to uninstall Combofix

click START then RUN
now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
http://i944.photobucket.com/albums/ad283/Ninamf/WTT/CFuninstall.jpg

please follow the prompts to uninstall Combofix.
once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL

Double-click OTL.exe
Click the CleanUp! button.
Select Yes when the Begin cleanup Process? prompt appears.
If you are prompted to reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can just delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Uninstall Java

You have old versions on your computer which are vulnerable to infections.

from the Start menu, select Control Panel
in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program[/b.
select any versions of Java EXCEPT Version 7 Update 5 and click [b]Uninstall.

Install the latest version of Java from here (http://www.java.com/en/download/manual.jsp)

===================================================


Windows updates

I notice that Windows updates are waiting to be installed. Click here (http://update.microsoft.com) for information on how to get the latest Windows updates:

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.

===========================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker (http://www.filehippo.com/updatechecker/FHsetup.exe) is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware (http://miekiemoes.blogspot.com/2008/02/how-to-prevent-malware.html) by miekiemoes

Safe computing

Satchfan