Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupted or Infected System?


  • This topic is locked This topic is locked
12 replies to this topic

#1 nostalgix

nostalgix

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 24 May 2011 - 09:53 PM

Here are the main DDS log and, in place of GMER, as instructed, my one and only ComboFix log from half a year ago when I ran it, probably unnecessarily.
Since the second DDS log ("Attach") said to not post it here unless requested, I'm not posting it yet.

My original topic & info

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=BEGIN MAIN DDS LOG=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by hsq91 at 22:24:13 on 2011-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6111.4127 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avast! Free Antivirus\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\Core Temp 64-bit\Core Temp.exe
C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Avast! Free Antivirus\AvastUI.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\hsq91\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ifgfphiladelphia.org/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
StartupFolder: C:\Users\hsq91\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\Core Temp 64-bit\Core Temp.exe
StartupFolder: C:\Users\hsq91\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskSave.lnk - C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: accessallstate.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: sumtotalsystems.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [Avast!] %ProgramFiles%\Avast! Free Antivirus\AvastUI.exe /nogui
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/|http://mail.yahoo.com/|http://www.adsense.com/|http://www.adwords.com/|http://www.ifgfphiladelphia.org/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\FilePlanet Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprjplug.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprpjplug.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\hsq91\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\hsq91\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\hsq91\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\hsq91\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast! Free Antivirus\AvastSvc.exe [2011-5-16 42184]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-1-6 43912]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-8 120104]
S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-8 70952]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-8 427304]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-8 75048]
S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-8 91432]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol 52 Percent\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-8 104960]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-8 411496]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-8 468264]
S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-8 357672]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-8 110888]
S4 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-5 129536]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
.
=============== Created Last 30 ================
.
2074-05-07 23:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-05-23 21:49:42 0 ---ha-w- C:\Users\hsq91\AppData\Local\BIT46A0.tmp
2011-05-21 02:51:57 -------- d-----w- C:\Users\hsq91\AppData\Local\{178E4FB5-4BAD-47AF-8863-F0BBC4ABBD87}
2011-05-21 02:49:05 -------- d-----r- C:\Sandbox
2011-05-21 02:44:21 -------- d-----w- C:\Program Files\Sandboxie
2011-05-20 06:54:25 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02E092CE-59E4-43D3-9184-5110A519580A}\mpengine.dll
2011-05-20 06:52:31 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-20 06:52:29 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-20 06:52:28 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-20 06:52:25 2871808 ----a-w- C:\Windows\explorer.exe
2011-05-20 06:52:25 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-05-20 06:52:22 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-20 06:52:22 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-20 06:52:04 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-05-20 06:52:04 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-05-20 06:51:32 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-05-20 06:51:32 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-05-20 06:14:01 -------- d-----w- C:\Program Files\Common Files\Intel
2011-05-20 06:14:00 -------- d-----w- C:\Program Files (x86)\Cisco
2011-05-19 03:58:55 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-05-12 01:19:27 -------- d-----w- C:\Users\hsq91\AppData\Roaming\Hex-Rays
2011-05-12 01:18:50 -------- d-----w- C:\Program Files (x86)\IDA Free Disassembler
2011-05-10 23:58:59 -------- d-----w- C:\Users\hsq91\.VirtualBox
2011-05-10 21:21:26 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys
2011-05-10 21:21:25 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys
2011-05-10 21:21:25 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
2011-05-10 20:34:53 -------- d-----w- C:\Users\hsq91\AppData\Local\{1C1EA569-CAB6-4915-B8DD-6C5D39AEEF9A}
2011-05-10 00:53:08 231600 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-05-10 00:52:56 56816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-05-10 00:52:52 -------- d-----w- C:\Program Files\Oracle
2011-05-09 23:46:30 -------- d-----w- C:\Users\hsq91\AppData\Local\{E1C0B9AB-6E53-4FD1-85A5-A49511186E94}
2011-05-09 23:37:55 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8
2011-05-09 05:26:35 -------- d-----w- C:\Users\hsq91\AppData\Local\{5852D786-390C-4453-9694-4A9BA89ACEC4}
2011-05-08 17:25:51 -------- d-----w- C:\Users\hsq91\AppData\Local\{62B31E1A-A4E6-46EE-BD98-51B7B789BAD5}
2011-05-07 19:48:17 -------- d-----w- C:\Users\hsq91\AppData\Local\{44372329-8A72-4647-9A07-D836DAB38D64}
2011-05-07 01:13:54 -------- d-----w- C:\!KillBox
2011-05-06 23:33:15 -------- d-----w- C:\Users\hsq91\AppData\Local\{4F8D1DED-504D-4183-ADCD-7FC10EAB1843}
2011-05-06 23:06:00 -------- d-----w- C:\Users\hsq91\AppData\Roaming\Microsoft FxCop
2011-05-05 01:51:32 -------- d-----w- C:\Users\hsq91\AppData\Local\{1A9736E4-7826-46BF-9DA2-2893EEBDDC78}
2011-05-02 17:26:11 -------- d-----w- C:\Users\hsq91\AppData\Local\{CE353FBA-3440-4286-9AB8-FDEC981A93D8}
2011-05-01 22:02:44 -------- d-----w- C:\Users\hsq91\AppData\Local\{C79BA83E-CF7D-4247-8863-A7EFBCF1C0D6}
2011-05-01 02:20:07 -------- d-----w- C:\Users\hsq91\AppData\Local\{8871AC6C-B997-44AC-8A57-96F057557B9B}
2011-04-30 02:48:56 -------- d-----w- C:\Users\hsq91\AppData\Local\{9BEF7ACB-5970-4D62-8806-C89C9C769AC9}
2011-04-29 14:48:19 -------- d-----w- C:\Users\hsq91\AppData\Local\{2F4E3A3A-69CD-492B-97EC-4EBFF5B694CE}
2011-04-29 01:58:54 -------- d-----w- C:\Users\hsq91\AppData\Local\{570E265D-7DD2-4947-8AA3-9BCAEC72FF0B}
2011-04-28 03:44:54 475 ----a-w- C:\Users\hsq91\notepad.exe
2011-04-26 18:37:38 45616 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2011-04-26 18:37:38 156912 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-04-26 18:37:34 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-04-26 18:37:34 176560 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-20 01:04:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-04-20 01:04:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-18 07:19:08 212 ----a-w- C:\Windows\ildasmfnt.bin
2011-04-14 07:47:32 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-04-14 07:47:30 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-04-09 22:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-15 00:12:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-15 00:12:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 19:44:14 133616 ------w- C:\Windows\SysWow64\pxafs.dll
2011-03-04 19:44:12 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-03-04 19:44:12 126448 ------w- C:\Windows\SysWow64\pxinsi64.exe
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-28 22:37:36 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
.
============= FINISH: 22:24:38.19 ===============





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=BEGIN COMBOFIX LOG=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 10-12-08.02 - hsq91 09-Dec-10 0:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6111.4215 [GMT -5:00]
Running from: c:\users\hsq91\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\hsq91\AppData\Roaming\inst.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 05:52 . 2010-12-09 05:54 -------- d-----w- C:\32788R22FWJFW
2010-12-09 05:00 . 2010-12-09 05:00 -------- d-----w- c:\program files (x86)\Microsoft Virtual PC
2010-12-07 23:15 . 2010-12-07 23:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-07 21:36 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D97431-52F5-4F5D-ACA3-244D8B9DF649}\mpengine.dll
2010-12-07 03:23 . 2010-12-07 03:23 -------- d-----w- c:\users\hsq91\AppData\Local\MetaGeek,_LLC
2010-12-07 03:11 . 2010-12-07 03:11 -------- d-----w- c:\program files\inSSIDer 2.0
2010-12-06 05:15 . 2010-12-06 05:28 -------- d-----w- c:\users\hsq91\AppData\Roaming\DAEMON Tools Lite
2010-12-06 05:15 . 2010-12-06 05:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-03 05:52 . 2010-12-03 05:52 -------- d-----w- c:\users\hsq91\AppData\Roaming\Softland
2010-12-03 05:52 . 2010-12-03 05:52 -------- d-----w- C:\Softland
2010-12-03 05:52 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-12-03 05:40 . 2010-12-03 05:44 -------- d-----w- c:\users\hsq91\AppData\Roaming\PrimoPDF
2010-12-03 05:40 . 2009-12-21 01:42 90624 ----a-w- c:\windows\system32\Primomonnt.dll
2010-12-03 03:34 . 2010-12-06 05:17 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-03 03:34 . 2010-12-03 03:34 -------- d-----w- c:\users\hsq91\AppData\Roaming\DAEMON Tools
2010-11-24 22:48 . 2010-12-04 21:57 -------- d-----w- c:\users\hsq91\.VirtualBox
2010-11-24 22:48 . 2010-10-08 20:52 203024 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-11-24 22:47 . 2010-10-08 20:52 53968 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-11-24 22:47 . 2010-11-24 22:47 -------- d-----w- c:\program files\Oracle
2010-11-24 17:08 . 2010-11-24 17:08 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2010-11-24 17:07 . 2010-11-24 17:07 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2010-11-24 17:07 . 2010-11-24 17:07 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2010-11-24 17:07 . 2010-11-24 17:07 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-24 17:07 . 2010-11-24 17:08 -------- d-----w- c:\program files\realplayer
2010-11-24 17:06 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 17:06 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-24 04:49 . 2010-11-24 04:49 -------- d-----w- c:\program files (x86)\Glary Utilities
2010-11-23 20:32 . 2010-11-23 20:32 -------- d-----w- c:\programdata\Yahoo! Companion
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\Soew Tie\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\Public\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\mitch\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\hsq91\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\Guest\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\users\Default\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\programdata\Roaming
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\programdata\Intel
2010-11-23 19:41 . 2010-11-23 19:41 -------- d-----w- c:\program files\Common Files\Intel
2010-11-23 19:41 . 2010-11-23 19:41 -------- d-----w- c:\program files (x86)\Cisco
2010-11-23 19:29 . 2010-11-23 19:29 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2010-11-23 18:36 . 2010-12-09 00:20 -------- d-----w- c:\program files\CCleaner
2010-11-20 07:34 . 2010-11-20 07:34 -------- d-----w- c:\users\hsq91\.kismet
2010-11-20 06:31 . 2010-11-20 06:31 -------- d-----w- c:\program files\7-Zip
2010-11-20 04:53 . 2010-11-20 04:53 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2010-11-19 04:50 . 2010-11-19 04:50 -------- d-----w- c:\users\hsq91\AppData\Local\gizmorip
2010-11-18 07:01 . 2010-11-18 07:01 -------- d-----w- c:\program files (x86)\iPodRobot iPod Video Converter
2010-11-17 04:35 . 2010-11-17 04:36 -------- d--h--w- c:\windows\msdownld.tmp
2010-11-15 23:54 . 2010-11-15 23:59 -------- d-----w- c:\users\hsq91\AppData\Roaming\tor
2010-11-13 18:47 . 2010-11-13 18:49 -------- d-----w- c:\program files\iTunes
2010-11-13 18:47 . 2010-11-13 18:47 -------- d-----w- c:\program files\iPod
2010-11-12 20:14 . 2010-12-09 00:24 -------- d-----w- c:\program files\SecurityKISS Tunnel
2010-11-12 20:14 . 2010-10-03 16:57 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 23:14 . 2010-07-25 18:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-29 22:42 . 2010-02-11 03:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-02-11 03:09 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 02:50 . 2010-11-04 02:50 1580368 ----a-w- c:\windows\system32\LogiLDA.DLL
2010-11-03 04:06 . 2010-11-03 03:38 82816 ----a-w- c:\users\hsq91\AppData\Roaming\pcouffin.sys
2010-11-03 03:38 . 2010-11-03 03:38 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-22 03:40 . 2010-10-22 03:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2010-10-19 15:41 . 2010-01-17 09:04 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-08 20:52 . 2010-10-08 20:52 164304 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-10-08 20:52 . 2010-10-08 20:52 144784 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-10-08 20:52 . 2010-10-08 20:52 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-09-28 20:44 . 2010-09-28 20:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 18:49 . 2010-09-21 18:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

c:\users\hsq91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Apoint.exe - Shortcut.lnk - c:\program files\Apoint\Apoint.exe [2009-9-4 208384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 133104]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-02 189984]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-06 834544]
S1 aswSP;aswSP; [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 203024]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 53968]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-05 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 164304]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - VMM

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-24 02:55]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 13:01]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 13:01]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-538630267-2966145386-1276743573-1000Core.job
- c:\users\hsq91\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 02:31]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-538630267-2966145386-1276743573-1000UA.job
- c:\users\hsq91\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 02:31]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ifgfphiladelphia.org/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: accessallstate.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: sumtotalsystems.com
FF - ProfilePath - c:\users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/|http://mail.yahoo.com/|http://www.adsense.com/|http://www.adwords.com/|http://www.ifgfphiladelphia.org/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files (x86)\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\hsq91\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\hsq91\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\hsq91\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

Notify-VESWinlogon - VESWinlogon.dll
AddRemove-Notepad++ - j:\notepad++\uninstall.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-538630267-2966145386-1276743573-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,90,ba,eb,85,5a,55,6d,54,50,ee,24,bc,eb,5a,21,f3,31,90,58,df,9e,32,
fb,ea,59,a6,36,f2,c9,d9,43,cb,4b,21,33,e4,22,3e,0e,5c,04,ab,c3,0d,f5,e9,eb,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-538630267-2966145386-1276743573-1000\Software\SecuROM\License information*]
"datasecu"=hex:0c,bc,6a,4b,ad,50,9d,af,d7,92,33,36,c6,0d,94,ac,46,23,bf,df,5f,
5d,c8,32,5c,36,2a,b8,bd,a2,2e,b9,ee,ed,b4,cd,37,a8,3a,ff,81,9b,1f,82,c5,1c,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-09 01:07:43
ComboFix-quarantined-files.txt 2010-12-09 06:07

Pre-Run: 341,084,065,792 bytes free
Post-Run: 342,289,629,184 bytes free

- - End Of File - - 3735299FAD8F1D5045419046F3677534

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:31 PM

Posted 03 June 2011 - 01:59 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 nostalgix

nostalgix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 04 June 2011 - 01:01 AM

Hello, I've not really resolved the original problem I was having, since it would intermittently come back if I use the latest driver for my wireless network card, Intel WiFi Link 5100 AGN. So far, I can use my Windows 7 without any noticeable problems, by using only the basic wireless network card driver from Microsoft, and not from Intel. For more details about my system specs and in-depth info on the original problem, please refer to my original topic.

I do not have my original Windows CD/DVD available, as it was preinstalled on my system. However, I can access Startup Repair by pressing the F8 key on boot, and Sony's System Restore on my hard drive's hidden recovery partition by pressing F10 on boot. Also, a clean install is not an option for me, unless my hard drive fails; I'd rather stay with a workaround. (I do still make weekly image backups of my whole system, though, but I've only maintained the latest ones, which have the same issues in them.)

I've disabled my CD emulation program (Alcohol) using DeFogger. Also, my Windows 7 64-bit seems to be able to run GMER fine! Please inform me if you need logs from it.

Anyway, following are the fresh set of DDS logs. (DDS said to attach Attach.txt, but the forums here said not to, so I'm not attaching it unless explicitly requested.)





.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by hsq91 at 1:53:32 on 2011-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6111.4418 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avast! Free Antivirus\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avast! Free Antivirus\AvastUI.exe
C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\Core Temp 64-bit\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Sandbox\hsq91\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ifgfphiladelphia.org/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\hsq91\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\Core Temp 64-bit\Core Temp.exe
StartupFolder: C:\Users\hsq91\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskSave.lnk - C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AvastUI.lnk - C:\Program Files (x86)\Avast! Free Antivirus\AvastUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: accessallstate.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: sumtotalsystems.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{4FD302F7-5BE6-49AA-8169-1821D2FB2C4B} : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{4FD302F7-5BE6-49AA-8169-1821D2FB2C4B}\35D616274775562637D236F6 : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\hsq91\AppData\Roaming\LastPass\LPBar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/|http://mail.yahoo.com/|http://www.adsense.com/|http://www.adwords.com/|http://www.ifgfphiladelphia.org/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\FilePlanet Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprjplug.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprpjplug.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\hsq91\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\hsq91\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\hsq91\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\hsq91\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast! Free Antivirus\AvastSvc.exe [2011-5-16 42184]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-2-10 366640]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-1-6 43912]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-8 120104]
S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-8 70952]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-8 427304]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-8 75048]
S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-8 91432]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol 52 Percent\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-8 104960]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-8 411496]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-8 468264]
S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-8 357672]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-8 110888]
S4 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-5 129536]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
.
=============== Created Last 30 ================
.
2074-05-07 23:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-06-03 07:42:53 -------- d-----w- C:\Users\hsq91\AppData\Local\Activision
2011-06-03 07:42:27 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-06-03 07:42:27 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-06-03 07:42:27 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-06-03 07:42:27 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-06-03 07:42:25 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-06-03 07:42:25 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-06-03 03:36:47 -------- d-----w- C:\Program Files (x86)\Keychain Photo Viewer
2011-05-31 05:03:40 -------- d-----w- C:\ProgramData\WEBREG
2011-05-31 03:56:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2011-05-31 03:47:25 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-05-31 03:45:56 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
2011-05-31 03:42:54 880640 ----a-w- C:\Windows\System32\hposwia_p02c.dll
2011-05-31 03:42:54 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-05-31 03:42:54 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-05-31 03:42:54 515072 ----a-w- C:\Windows\System32\hposc_p02a.dll
2011-05-31 03:42:54 1403904 ----a-w- C:\Windows\System32\hpost_p02c.dll
2011-05-23 21:49:42 0 ---ha-w- C:\Users\hsq91\AppData\Local\BIT46A0.tmp
2011-05-21 02:51:57 -------- d-----w- C:\Users\hsq91\AppData\Local\{178E4FB5-4BAD-47AF-8863-F0BBC4ABBD87}
2011-05-21 02:49:05 -------- d-----r- C:\Sandbox
2011-05-21 02:44:21 -------- d-----w- C:\Program Files\Sandboxie
2011-05-20 06:54:25 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02E092CE-59E4-43D3-9184-5110A519580A}\mpengine.dll
2011-05-20 06:52:31 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-20 06:52:29 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-20 06:52:28 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-20 06:52:25 2871808 ----a-w- C:\Windows\explorer.exe
2011-05-20 06:52:25 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-05-20 06:52:22 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-20 06:52:22 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-20 06:52:04 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-05-20 06:52:04 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-05-20 06:51:32 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-05-20 06:51:32 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-05-20 06:14:01 -------- d-----w- C:\Program Files\Common Files\Intel
2011-05-20 06:14:00 -------- d-----w- C:\Program Files (x86)\Cisco
2011-05-19 03:58:55 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-05-12 01:19:27 -------- d-----w- C:\Users\hsq91\AppData\Roaming\Hex-Rays
2011-05-12 01:18:50 -------- d-----w- C:\Program Files (x86)\IDA Free Disassembler
2011-05-10 23:58:59 -------- d-----w- C:\Users\hsq91\.VirtualBox
2011-05-10 21:21:26 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys
2011-05-10 21:21:25 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys
2011-05-10 21:21:25 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
2011-05-10 20:34:53 -------- d-----w- C:\Users\hsq91\AppData\Local\{1C1EA569-CAB6-4915-B8DD-6C5D39AEEF9A}
2011-05-10 00:53:08 231600 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-05-10 00:52:56 56816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-05-10 00:52:52 -------- d-----w- C:\Program Files\Oracle
2011-05-09 23:46:30 -------- d-----w- C:\Users\hsq91\AppData\Local\{E1C0B9AB-6E53-4FD1-85A5-A49511186E94}
2011-05-09 23:37:55 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8
2011-05-09 05:26:35 -------- d-----w- C:\Users\hsq91\AppData\Local\{5852D786-390C-4453-9694-4A9BA89ACEC4}
2011-05-08 17:25:51 -------- d-----w- C:\Users\hsq91\AppData\Local\{62B31E1A-A4E6-46EE-BD98-51B7B789BAD5}
2011-05-07 19:48:17 -------- d-----w- C:\Users\hsq91\AppData\Local\{44372329-8A72-4647-9A07-D836DAB38D64}
2011-05-07 01:13:54 -------- d-----w- C:\!KillBox
2011-05-06 23:33:15 -------- d-----w- C:\Users\hsq91\AppData\Local\{4F8D1DED-504D-4183-ADCD-7FC10EAB1843}
2011-05-06 23:06:00 -------- d-----w- C:\Users\hsq91\AppData\Roaming\Microsoft FxCop
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-28 03:44:57 475 ----a-w- C:\Users\hsq91\notepad.exe
2011-04-26 18:37:38 45616 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2011-04-26 18:37:38 156912 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-04-26 18:37:34 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-04-26 18:37:34 176560 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-04-20 01:04:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-04-20 01:04:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-18 07:19:08 212 ----a-w- C:\Windows\ildasmfnt.bin
2011-04-14 07:47:32 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-04-14 07:47:30 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-04-09 22:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-15 00:12:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-15 00:12:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 1:54:35.04 ===============

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 06 June 2011 - 04:40 PM

Hi nostalgix,

I will be assisting you.

Reading you post and looking at the logs make me believe the problem is not and never has been a malware issue. You are recommended to this forum because you talked about running ComboFix and the people in other forums are not trained to handle the questions about the tool.

As far as ComboFix concerns it has deleted some leftovers from SmitFraudFix. ComboFix might make some changes to the registry but as far as the system files concerns it will not make any change without notification. But let's put the discussion about the Combofix behind and concentrate on the current issue.

As I understand you have currently two issues, one about Intel Wireless Network malfunction and svchost.exe consuming a high CPU. I'm not a system specialist but I guess they might be related. The first issue might trigger the second one.

Though the problem is not malware related we can take a look at it. I see some inconsistency on DDS log and would like to see another log to research it:

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#5 nostalgix

nostalgix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 06 June 2011 - 10:19 PM

Yes, my problem seems to be strongly related to my wireless network card/driver. In fact, it seems as if it's the only culprit. Svchost/system would ENDLESSLY consume 100% CPU time ONLY when my laptop's having trouble connecting to my wireless network (i.e.: endlessly trying to connect or connected, but only with "limited connectivity"). However, can you also please help investigate why some programs would now output faulty output files? Please refer to my original topic again to see which programs I'm talking about.

Also, ever since I've rolled back to using the basic Microsoft driver, I'm no longer experiencing the problem (or, at least, not yet). But, as soon as I use drivers from Intel, the problems will strike back.

Anyway, as requested, following are the contents of the OTL.txt file, and attached is the Extras.txt file.





OTL logfile created on: 06-Jun-11 10:51:39 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\hsq91\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

5.97 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.75% Memory free
11.93 Gb Paging File | 9.77 Gb Available in Paging File | 81.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.68 Gb Total Space | 162.80 Gb Free Space | 35.57% Space Free | Partition Type: NTFS

Computer Name: PSP-HSQ91-LAP | User Name: hsq91 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-06 22:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hsq91\Desktop\OTL.exe
PRC - [2011-06-05 19:38:39 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Avast! Free Antivirus\AvastUI.exe
PRC - [2011-05-10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Avast! Free Antivirus\AvastSvc.exe
PRC - [2011-03-24 07:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\32\SbieSvc.exe
PRC - [2008-07-26 20:56:04 | 000,082,944 | ---- | M] () -- C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe


========== Modules (SafeList) ==========

MOD - [2011-06-06 22:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hsq91\Desktop\OTL.exe
MOD - [2011-05-10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Avast! Free Antivirus\snxhk.dll
MOD - [2010-11-20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2011-05-10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast! Free Antivirus\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-24 07:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011-01-12 15:57:54 | 001,430,800 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-01-12 15:38:18 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-01-12 15:36:22 | 000,840,976 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009-11-05 09:45:12 | 000,129,536 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009-09-02 19:45:08 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009-08-22 17:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009-07-27 16:22:02 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009-06-26 17:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009-06-26 17:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009-06-17 21:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011-06-02 23:01:30 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-05-18 19:10:39 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011-01-06 15:42:14 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-12-23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol 52 Percent\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-07-27 19:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009-07-27 19:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009-07-27 19:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009-07-27 19:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009-07-27 19:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009-07-23 13:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009-07-23 13:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009-07-23 13:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009-07-22 18:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009-07-01 14:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009-06-26 14:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009-06-26 14:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009-06-16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009-02-06 20:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-09-18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007-01-04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-05-10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-04-26 14:37:38 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011-03-24 07:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011-03-04 15:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-02-18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-01-19 06:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010-12-12 22:00:21 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-11-20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-11-20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-02 23:38:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010-10-03 12:57:38 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010-06-09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010-04-14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010-02-26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010-02-26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010-02-26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010-02-26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009-12-01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009-08-09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009-08-03 16:14:11 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009-08-03 16:14:10 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009-08-03 16:14:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009-08-03 16:13:42 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009-08-03 16:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009-07-31 16:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009-07-31 16:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009-07-27 16:22:05 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-07-24 01:12:53 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-06-10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-06-10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-12-26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007-04-16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007-02-18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2007-01-29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2010-02-07 21:55:15 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009-12-18 12:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2007-02-07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ifgfphiladelphia.org/
IE - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://mail.google.com/|http://mail.yahoo.com/|http://www.adsense.com/|http://www.adwords.com/|http://www.ifgfphiladelphia.org/"
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-08-08 03:18:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast! Free Antivirus\WebRep\FF [2011-05-16 17:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-19 21:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-19 21:04:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-04-19 21:05:24 | 000,000,000 | ---D | M]

[2010-01-21 22:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Extensions
[2011-05-01 18:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\extensions
[2011-05-01 18:01:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011-04-16 22:02:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-07-25 14:16:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-02-10 04:11:48 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\hsq91\AppData\Roaming\Mozilla\Firefox\Profiles\49bsgnuw.default\extensions\smartbookmarksbar@remy.juteau
[2011-03-23 16:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-10-09 18:22:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-12-07 19:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-08 00:09:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-10 20:37:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011-05-16 17:10:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST! FREE ANTIVIRUS\WEBREP\FF
[2011-04-19 21:04:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\HSQ91\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\49BSGNUW.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\HSQ91\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\49BSGNUW.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\HSQ91\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\49BSGNUW.DEFAULT\EXTENSIONS\{FCAB6FDD-5585-425B-95C1-5ED856F3FD08}.XPI
() (No name found) -- C:\USERS\HSQ91\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\49BSGNUW.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011-03-18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2008-08-16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
[2008-08-16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
[2008-08-16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\ctxlogging.dll
[2008-05-21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcm80.dll
[2008-05-21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcp80.dll
[2008-05-21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr80.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-08-16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
[2008-08-16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
[2010-01-01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010-12-12 17:29:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast! Free Antivirus\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\hsq91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk = C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\Core Temp 64-bit\Core Temp.exe ()
O4 - Startup: C:\Users\hsq91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSave.lnk = C:\Users\hsq91\Documents\Saved Original App Installers\System Integrity, Data & Monitor Tools\DeskSave\DeskSave.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Sandbox_hsq91_DefaultBox\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: accessallstate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([agencygateway] * in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([agencygateway1] * in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([agencygateway2] * in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([allianceweb] * in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstate.com ([mymail] * in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: allstatehelp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: custhelp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: gotoassist.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: insmark.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: insmark.us ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: insmarkstore.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538630267-2966145386-1276743573-1000\..Trusted Domains: sumtotalsystems.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-04-04 01:08:27 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06f9411c-061c-11e0-90a5-f61778ed4e73}\Shell - "" = AutoRun
O33 - MountPoints2\{06f9411c-061c-11e0-90a5-f61778ed4e73}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{06f9411c-061c-11e0-90a5-f61778ed4e73}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{20f446be-0673-11e0-b51a-bf37152cfd56}\Shell - "" = AutoRun
O33 - MountPoints2\{20f446be-0673-11e0-b51a-bf37152cfd56}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{20f446be-0673-11e0-b51a-bf37152cfd56}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe
O33 - MountPoints2\{20f446be-0673-11e0-b51a-bf37152cfd56}\Shell\setup\command - "" = D:\setup.exe
O33 - MountPoints2\{fad8e46e-8b9e-11df-af2b-002643ad693d}\Shell - "" = AutoRun
O33 - MountPoints2\{fad8e46e-8b9e-11df-af2b-002643ad693d}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\D\Shell\readit\command - "" = notepad readme.doc
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-06-06 22:48:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\hsq91\Desktop\OTL.exe
[2011-06-04 22:00:12 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011-06-04 01:52:04 | 000,607,222 | R--- | C] (Swearware) -- C:\Users\hsq91\Desktop\dds.scr
[2011-06-03 03:42:53 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\Activision
[2011-06-03 03:42:27 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011-06-03 03:42:27 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011-06-03 03:42:27 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011-06-03 03:42:27 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011-06-03 03:42:25 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011-06-03 03:42:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011-06-03 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\hsq91\Desktop\Fixing WiFi Card Probs
[2011-06-02 23:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keychain Photo Viewer
[2011-06-02 23:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Keychain Photo Viewer
[2011-05-31 01:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011-05-30 23:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011-05-30 23:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011-05-30 23:45:56 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
[2011-05-30 23:42:54 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
[2011-05-30 23:42:54 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
[2011-05-30 23:42:54 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011-05-30 23:42:54 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011-05-30 23:42:54 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
[2011-05-20 22:51:57 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\{178E4FB5-4BAD-47AF-8863-F0BBC4ABBD87}
[2011-05-20 22:49:05 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011-05-20 22:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011-05-20 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011-05-20 02:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011-05-20 02:52:31 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-05-20 02:52:29 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-05-20 02:52:28 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-05-20 02:52:25 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011-05-20 02:52:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011-05-20 02:52:22 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-05-20 02:52:22 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-05-20 02:52:04 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011-05-20 02:52:04 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011-05-20 02:51:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011-05-20 02:51:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011-05-20 02:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2011-05-20 02:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011-05-20 02:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011-05-18 23:59:29 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Roaming\Audacity
[2011-05-18 23:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011-05-11 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Roaming\Hex-Rays
[2011-05-11 21:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Pro Free
[2011-05-11 21:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDA Free Disassembler
[2011-05-10 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\hsq91\Documents\PCSX2
[2011-05-10 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\hsq91\.VirtualBox
[2011-05-10 17:21:26 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2011-05-10 17:21:25 | 000,194,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2011-05-10 17:21:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2011-05-10 16:34:53 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\{1C1EA569-CAB6-4915-B8DD-6C5D39AEEF9A}
[2011-05-09 20:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011-05-09 20:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011-05-09 19:46:30 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\{E1C0B9AB-6E53-4FD1-85A5-A49511186E94}
[2011-05-09 19:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2011-05-09 19:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 0.9.8
[2011-05-09 01:26:35 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\{5852D786-390C-4453-9694-4A9BA89ACEC4}
[2011-05-08 13:25:51 | 000,000,000 | ---D | C] -- C:\Users\hsq91\AppData\Local\{62B31E1A-A4E6-46EE-BD98-51B7B789BAD5}
[2010-11-02 23:38:52 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\hsq91\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hsq91\AppData\Local\*.tmp files -> C:\Users\hsq91\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-06 22:48:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hsq91\Desktop\OTL.exe
[2011-06-06 22:20:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-06 22:12:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-538630267-2966145386-1276743573-1000UA.job
[2011-06-06 21:12:12 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-06 21:12:12 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-06 21:11:34 | 000,876,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-06-06 21:11:34 | 000,731,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-06-06 21:11:34 | 000,148,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-06-06 21:05:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-06 21:05:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011-06-06 21:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-06 21:04:13 | 510,935,039 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-04 01:51:59 | 000,607,222 | R--- | M] (Swearware) -- C:\Users\hsq91\Desktop\dds.scr
[2011-06-02 23:36:48 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\KeyChain PhotoViewer.lnk
[2011-06-02 16:53:12 | 000,001,532 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AvastUI.lnk
[2011-06-02 00:26:19 | 000,445,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-31 02:02:44 | 000,208,133 | ---- | M] () -- C:\Windows\hpoins43.dat
[2011-05-30 23:48:28 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011-05-30 14:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-538630267-2966145386-1276743573-1000Core.job
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-27 17:53:15 | 000,000,155 | ---- | M] () -- C:\Users\hsq91\SecurityKISSTunnel.config
[2011-05-24 21:03:59 | 000,000,020 | ---- | M] () -- C:\Users\hsq91\defogger_reenable
[2011-05-24 19:06:51 | 000,003,220 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011-05-23 18:12:17 | 476,957,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-05-23 17:49:58 | 000,000,000 | ---- | M] () -- C:\Users\hsq91\AppData\Local\{56506ACB-D913-4C26-84F9-5618A3CBF28B}
[2011-05-20 23:37:49 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Skype [Sandboxed].lnk
[2011-05-20 23:17:27 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Messenger [Sandboxed].lnk
[2011-05-20 23:15:57 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Opera [Sandboxed].lnk
[2011-05-20 23:14:31 | 000,001,233 | ---- | M] () -- C:\Users\hsq91\Desktop\InChrCognito [Sandboxed].lnk
[2011-05-20 23:14:12 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome [Sandboxed].lnk
[2011-05-20 23:13:55 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Safari [Sandboxed].lnk
[2011-05-20 23:12:50 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox [Sandboxed].lnk
[2011-05-20 23:05:51 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer [Sandboxed].lnk
[2011-05-20 02:44:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011-05-20 01:31:24 | 000,000,819 | ---- | M] () -- C:\Users\hsq91\Desktop\RealPlayer.lnk
[2011-05-18 23:59:04 | 000,001,144 | ---- | M] () -- C:\Users\hsq91\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011-05-11 21:18:56 | 000,000,984 | ---- | M] () -- C:\Users\hsq91\Desktop\Disassembler (IDA Pro Free v5).lnk
[2011-05-10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-05-10 08:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-05-10 08:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011-05-10 08:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-05-10 08:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-05-10 07:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-05-10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-05-10 07:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-05-09 21:26:10 | 000,000,950 | ---- | M] () -- C:\Users\hsq91\.recently-used.xbel
[2011-05-09 20:53:09 | 000,001,034 | ---- | M] () -- C:\Users\hsq91\Desktop\Oracle VM VirtualBox.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hsq91\AppData\Local\*.tmp files -> C:\Users\hsq91\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-02 23:36:48 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\KeyChain PhotoViewer.lnk
[2011-06-02 16:52:48 | 000,001,532 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AvastUI.lnk
[2011-05-31 00:28:15 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011-05-30 23:48:28 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011-05-30 23:43:26 | 000,208,133 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011-05-30 23:43:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011-05-24 21:03:59 | 000,000,020 | ---- | C] () -- C:\Users\hsq91\defogger_reenable
[2011-05-23 17:49:42 | 000,000,000 | ---- | C] () -- C:\Users\hsq91\AppData\Local\{56506ACB-D913-4C26-84F9-5618A3CBF28B}
[2011-05-20 23:34:13 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Skype [Sandboxed].lnk
[2011-05-20 23:09:13 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Messenger [Sandboxed].lnk
[2011-05-20 23:07:53 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Opera [Sandboxed].lnk
[2011-05-20 23:07:41 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Safari [Sandboxed].lnk
[2011-05-20 23:06:25 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox [Sandboxed].lnk
[2011-05-20 22:56:40 | 000,001,233 | ---- | C] () -- C:\Users\hsq91\Desktop\InChrCognito [Sandboxed].lnk
[2011-05-20 22:54:21 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer [Sandboxed].lnk
[2011-05-20 22:54:05 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome [Sandboxed].lnk
[2011-05-20 22:44:33 | 000,003,220 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011-05-20 02:26:09 | 000,002,530 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSave.lnk
[2011-05-20 02:25:20 | 000,002,376 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
[2011-05-18 23:59:04 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011-05-18 23:59:04 | 000,001,144 | ---- | C] () -- C:\Users\hsq91\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011-05-11 21:18:56 | 000,000,984 | ---- | C] () -- C:\Users\hsq91\Desktop\Disassembler (IDA Pro Free v5).lnk
[2011-05-09 21:26:10 | 000,000,950 | ---- | C] () -- C:\Users\hsq91\.recently-used.xbel
[2011-05-09 20:53:09 | 000,001,034 | ---- | C] () -- C:\Users\hsq91\Desktop\Oracle VM VirtualBox.lnk
[2011-04-18 03:19:08 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin
[2011-04-17 00:00:13 | 000,446,334 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2011-04-17 00:00:13 | 000,000,509 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-02-25 00:08:48 | 000,006,314 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011-02-25 00:08:46 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2011-02-25 00:08:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2011-02-25 00:08:46 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2011-02-25 00:08:46 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2011-02-25 00:08:46 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2011-02-25 00:08:46 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2011-02-25 00:08:46 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2011-02-25 00:08:46 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2011-02-25 00:08:46 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2011-02-25 00:08:46 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2011-02-25 00:08:46 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2011-02-25 00:08:46 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2011-02-25 00:08:46 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2011-02-25 00:08:46 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2011-02-25 00:08:46 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2011-02-25 00:08:46 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2011-02-10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010-12-09 01:54:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-12-09 01:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-12-09 01:54:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010-12-09 01:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-12-09 01:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-12-07 18:22:28 | 000,000,230 | ---- | C] () -- C:\Windows\w32demo8.ini
[2010-11-02 23:38:52 | 000,007,859 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\pcouffin.cat
[2010-11-02 23:38:52 | 000,001,167 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\pcouffin.inf
[2010-10-04 01:20:44 | 000,010,802 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010-10-03 23:56:28 | 000,031,569 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010-08-08 02:57:15 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010-07-19 00:09:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-07-15 03:39:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-06-08 20:00:41 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-06-08 20:00:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-06-08 20:00:38 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010-06-08 20:00:38 | 002,041,363 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010-06-08 20:00:38 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-06-08 20:00:38 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-06-08 20:00:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-03-15 14:49:38 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010-03-10 19:21:16 | 000,873,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-02-23 18:48:45 | 000,027,648 | ---- | C] () -- C:\Users\hsq91\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-20 22:08:33 | 000,199,720 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010-02-04 02:12:48 | 000,007,595 | ---- | C] () -- C:\Users\hsq91\AppData\Local\Resmon.ResmonCfg
[2010-01-19 23:15:10 | 000,000,220 | ---- | C] () -- C:\Users\hsq91\AppData\Roaming\wklnhst.dat
[2009-09-08 09:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009-09-04 13:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008-08-07 10:15:34 | 000,000,036 | ---- | C] () -- C:\Windows\webica.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Attached Files


Edited by nostalgix, 06 June 2011 - 10:26 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 07 June 2011 - 05:03 AM

Hi Again,

  • Your version of Java Runtime Environment are either old or for x32 version.
    I recommend to download Java™ 6 Update 25 (x64-bit) to your desktop.

    Uninstall all the older version of Java:
    Java™ 6 Update 15 (64-bit)
    Java™ 6 Update 24


    Then install the latest Java you have downloaded.
  • As far as I can see there are two Intel wireless drivers on the system. One of them is running and one of them is stopped.

    From the logs:

    R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    DRV:64bit: - [2009-06-10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

    This is the Adapter driver for Vista 64 Bit which is running.

    S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    DRV:64bit: - [2011-01-19 06:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

    This is the same driver for Windows 7 which is stopped.

    It means your system is using the Vista version instead of the Windows 7 version. However, since it is working perhaps no need to change anything.
  • As far as the output files you are referring to I really have no idea why but the Windows version (x64 bit) might have to do with it.
    To check and replace the corrupted system files you may do the following:

    Click Start, type cmd.exe into the Start/Search box, right-click cmd.exe in the list above and select 'Run as Administrator'.
    Copy and paste the following in the open command prompt window and press Enter:

    sfc /scannow

    Wait until it is done.
  • The last step is to go to update Windows and install all the important updates.

Please let me know if you have any question.

#7 nostalgix

nostalgix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 08 June 2011 - 09:59 PM

  • Hi, yes, the Java RE version used globally by my system was old (Update 15 64-bit); I've now updated it to update 26, the latest version as of this writing.
    I've also updated the other Java RE to update 26, which is for Google Chrome (it doesn't/wouldn't use the global JRE).
  • About the multiple Intel wireless drivers, I'm not sure, but the second wireless driver you're seeing that's stopped might actually be one of these things I use that are related to it:
    • TAP-Win32 Adapter V9 for my SecurityKISS Tunnel program,
    • VirtualBox Bridged Networking Adapters used in Oracle VirtualBox,
    • or, maybe, they're Microsoft Virtual WiFi Miniport Adapters.

    To minimize the networking problems, I've disabled all network adapters, except the main wireless driver, from device manager.

    Also, the reason you're seeing the running driver as adapter for Vista 64 bit is probably because the basic wireless network card driver that I'm currently using (from Microsoft) was derived from the same driver used in Vista 64 bit. And the Windows 7 version of the drivers may probably be the stuff I listed above, or maybe the leftover of the drivers from Intel. Or, at least I guess so.
  • For the output files I'm referring to, I don't think it simply got to do with my Windows being x64 bit, since, as I mentioned in my original topic, the same exact programs (and same versions) with the same exact input files will now produce faulty output files, while not before. For example, converting poorly-coded HTML pages to PDF using Winnovative Free HTML to PDF Converter now produces PDFs nearly 5x the file sizes of what they used to be. (When viewed, the PDFs become pixelated/blurry, probably because they contain extra bytes of junk data.) This is also similar to whenever I now try to convert videos using iPod Robot Video Converter. Before all these madness happened--and even immediately after I ran ComboFix--those exact same programs, with the same exact files, were still producing output files normally.

    I've known of and always ran SFC /SCANNOW whenever I suspect something in my system/its DLLs are corrupt. It never found anything; it always said: "Windows Resource Protection did not find any integrity violations." I just ran it again, and I got the same exact output.
  • I've set Windows to manual update, since I thought automatic updates might have contributed to this problem. I run it at least once every few months, still, though, with the last updates installed successfully yesterday. I just ran it again and no new updates so far.

So, in conclusion, what do you think may be the problem here? Could you find any more software-related causes? Could it be my network card hardware being faulty? I certainly hope not, though :(. But, again, this is very confusing, as I'm not experiencing any noticeable problems yet by just using the basic driver from Microsoft. My computer/networking functionality seems to be fine now.

Edited by nostalgix, 08 June 2011 - 10:16 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 09 June 2011 - 05:56 AM

About the Network drivers, both are from Intel. OTL has listed the company name.

what do you think may be the problem here? Could you find any more software-related causes? Could it be my network card hardware being faulty?

The truth is that I really don't know. I can imagine a faulty network driver can cause issues when in the process of converting a URL should be authenticated or a software uses some online on the fly utility to convert data. But whether it applies to this case I'm not so sure. And since both the converters have issues there should be a common cause like when a DLL file or a service that is used in both cases is faulty. OTL could not list the eventview errors to see if any error is reported relating to the issue. Let's take a look at all services and drivers and whether there is anything wrong with the eventlog service.

  • First use both the softwares you mentioned one by one to perform a converting task. We need to see if any error is generated on the eventviewer log.
  • Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following checkbox:

    • List last 10 Event Viewer log
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
  • Please run OTL again. This time set Services and Drivers to All. Set the rest of options (including file search) to None. Click scan and post the OTL.txt log.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 14 June 2011 - 04:53 PM

Are you still there?

#10 nostalgix

nostalgix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 14 June 2011 - 05:43 PM

Yes, I'm still here. I'm sorry for the delay.

Anyway, I just ran the HTML2PDF converter, still producing PDFs from HTMLs 6 times the normal size. I also ran iPod Robot Video Converter to convert just first 5 mins of a movie; just to test, so I don't know if it's having problems.

So, following are the contents of Result.txt (I don't see any errors that are generated the same time when I ran those programs, though; I couldn't do anything about the ATI errors, since SONY never even released updated graphics driver for my OEM-only graphics card. Please ignore the backup errors, as I recently didn't backup, as I've scheduled weekly.)





MiniToolBox by Farbar
Ran by hsq91 (administrator) on 14-06-2011 at 18:29:41
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************


========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2011 10:21:36 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/04/2011 08:16:51 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/04/2011 08:06:59 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/28/2011 08:00:02 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/21/2011 08:00:03 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/21/2011 05:55:37 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14ac

Start Time: 01cc17ff0efd4d32

Termination Time: 38

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 0bfa80c3-83f5-11e0-a78b-cf7bc32f6241

Error: (05/20/2011 06:14:34 AM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (05/20/2011 02:12:25 AM) (Source: MsiInstaller) (User: hsq91)hsq91
Description: Product: Intel® PROSet/Wireless WiFi Software -- Error 2753.The File 'iwrap.exe' is not marked for installation.

Error: (05/20/2011 00:14:16 AM) (Source: PerfNet) (User: )
Description:

Error: (05/20/2011 00:08:17 AM) (Source: PerfNet) (User: )
Description:


System errors:
=============
Error: (06/14/2011 06:21:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
PxHlpa64

Error: (06/14/2011 06:20:42 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/14/2011 06:20:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/13/2011 11:22:38 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:
%%1056

Error: (06/13/2011 11:21:38 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/13/2011 11:21:19 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/13/2011 09:22:32 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/13/2011 08:30:45 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/13/2011 07:01:54 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/13/2011 07:01:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


Microsoft Office Sessions:
=========================
Error: (05/04/2011 03:28:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9060 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (07/18/2010 09:40:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4635 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (04/12/2010 09:26:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 6750 seconds with 5940 seconds of active time. This session ended with a crash.

Error: (02/04/2010 00:34:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 523 seconds with 360 seconds of active time. This session ended with a crash.

Error: (02/04/2010 00:25:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7064 seconds with 4920 seconds of active time. This session ended with a crash.


========================= End of Event log errors =========================




Following is the new OTL.txt, as requested, with Services and Drivers set to "All"; The following have been set to "None": Processes, Modules, Standard Registry, Extra Registry, Files Created Within, Files Modified Within. (Note: "Scan All Users" is not checked; "Standard Output" is set)


OTL logfile created on: 14-Jun-11 6:41:39 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\hsq91\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

5.97 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 67.52% Memory free
11.93 Gb Paging File | 9.65 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.68 Gb Total Space | 164.99 Gb Free Space | 36.05% Space Free | Partition Type: NTFS

Computer Name: PSP-HSQ91-LAP | User Name: hsq91 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Win32 Services (All) ==========

SRV:64bit: - [2011-06-07 17:51:16 | 000,934,176 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2011-05-10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast! Free Antivirus\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-24 07:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011-03-03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2011-02-19 08:05:15 | 001,139,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2011-01-12 15:57:54 | 001,430,800 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-01-12 15:38:18 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-01-12 15:36:22 | 000,840,976 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010-11-20 09:27:32 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010-11-20 09:27:32 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2010-11-20 09:27:29 | 002,018,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2010-11-20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010-11-20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010-11-20 09:27:28 | 000,444,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010-11-20 09:27:28 | 000,258,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010-11-20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2010-11-20 09:27:28 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2010-11-20 09:27:27 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010-11-20 09:27:27 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010-11-20 09:27:26 | 001,743,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2010-11-20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:64bit: - [2010-11-20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2010-11-20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010-11-20 09:27:26 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2010-11-20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010-11-20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2010-11-20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2010-11-20 09:27:25 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2010-11-20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2010-11-20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010-11-20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010-11-20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010-11-20 09:27:23 | 001,389,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:64bit: - [2010-11-20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010-11-20 09:27:23 | 000,476,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010-11-20 09:27:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010-11-20 09:27:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2010-11-20 09:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2010-11-20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010-11-20 09:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010-11-20 09:26:46 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2010-11-20 09:26:42 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2010-11-20 09:26:39 | 000,569,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2010-11-20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2010-11-20 09:26:36 | 000,853,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2010-11-20 09:26:28 | 000,777,728 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2010-11-20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2010-11-20 09:26:07 | 000,162,816 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:64bit: - [2010-11-20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010-11-20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010-11-20 09:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010-11-20 09:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010-11-20 09:25:47 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010-11-20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2010-11-20 09:25:44 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010-11-20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010-11-20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010-11-20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2010-11-20 09:25:33 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2010-11-20 09:25:28 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2010-11-20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010-11-20 09:25:25 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:64bit: - [2010-11-20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2010-11-20 09:25:04 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2010-11-20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:64bit: - [2010-11-20 09:24:47 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2010-09-21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010-09-17 12:35:08 | 057,966,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV:64bit: - [2010-09-17 12:35:08 | 000,154,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV:64bit: - [2010-09-17 12:33:26 | 000,430,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV:64bit: - [2010-06-09 18:42:56 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009-11-05 09:45:12 | 000,129,536 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009-09-02 19:45:08 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009-08-22 17:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009-07-27 16:22:02 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-22 04:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV:64bit: - [2009-07-13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009-07-13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009-07-13 21:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009-07-13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009-07-13 21:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009-07-13 21:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:64bit: - [2009-07-13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009-07-13 21:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009-07-13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009-07-13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009-07-13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2009-07-13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2009-07-13 21:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009-07-13 21:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009-07-13 21:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009-07-13 21:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009-07-13 21:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009-07-13 21:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:64bit: - [2009-07-13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009-07-13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009-07-13 21:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009-07-13 21:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009-07-13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009-07-13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009-07-13 21:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009-07-13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009-07-13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009-07-13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:64bit: - [2009-07-13 21:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009-07-13 21:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009-07-13 21:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009-07-13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009-07-13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009-07-13 21:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:64bit: - [2009-07-13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009-07-13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009-07-13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:64bit: - [2009-07-13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009-07-13 21:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009-07-13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009-07-13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009-07-13 21:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009-07-13 21:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009-07-13 21:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009-07-13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009-07-13 21:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009-07-13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:64bit: - [2009-07-13 21:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009-07-13 21:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009-07-13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:64bit: - [2009-07-13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009-07-13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009-07-13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009-07-13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009-07-13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009-07-13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009-07-13 21:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009-07-13 21:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009-07-13 21:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009-07-13 21:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2009-07-13 21:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009-07-13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:64bit: - [2009-07-13 21:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009-07-13 21:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009-07-13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009-07-01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009-06-26 17:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009-06-26 17:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009-06-17 21:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009-05-14 16:49:26 | 000,089,600 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\HPZipm12.dll -- (Pml Driver HPZ12)
SRV:64bit: - [2009-05-14 16:49:24 | 000,071,680 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2011-06-02 23:01:30 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-05-18 19:10:39 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011-02-18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011-01-06 15:42:14 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010-11-20 09:25:23 | 000,194,048 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010-11-20 09:24:42 | 000,696,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010-11-20 08:21:39 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2010-11-20 08:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010-11-20 08:21:35 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010-11-20 08:21:35 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010-11-20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2010-11-20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2010-11-20 08:21:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2010-11-20 08:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010-11-20 08:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2010-11-20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010-11-20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2010-11-20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010-11-04 21:53:03 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2010-11-04 21:52:14 | 000,856,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010-03-18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-12-23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol 52 Percent\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-11-18 04:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009-11-18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009-09-08 09:01:17 | 000,133,104 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2009-09-08 09:01:17 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009-07-27 19:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009-07-27 19:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009-07-27 19:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009-07-27 19:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009-07-27 19:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009-07-23 13:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009-07-23 13:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009-07-23 13:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009-07-22 18:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009-07-13 21:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009-07-13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009-07-13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009-07-13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009-07-13 21:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009-07-13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009-07-13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009-07-13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009-07-13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009-07-13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009-07-13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009-07-13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009-07-13 21:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2009-07-13 21:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009-07-13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009-07-01 14:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009-06-26 14:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009-06-26 14:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009-06-16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009-06-04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009-03-30 04:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009-02-06 20:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-09-18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007-01-04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-10-26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (All) ==========

DRV:64bit: - [2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-05-10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-04-26 14:38:56 | 000,231,600 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV:64bit: - [2011-04-26 14:37:38 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011-04-26 14:37:38 | 000,056,816 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV:64bit: - [2011-04-26 14:37:38 | 000,045,616 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV:64bit: - [2011-04-26 14:37:34 | 000,176,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV:64bit: - [2011-03-24 07:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011-03-04 15:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-02-23 00:56:31 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011-02-23 00:56:27 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011-02-23 00:56:03 | 000,411,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011-02-23 00:55:47 | 000,167,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011-02-23 00:55:12 | 000,287,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011-02-23 00:55:12 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011-02-23 00:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2011-01-19 06:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010-12-12 22:00:21 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-11-20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010-11-20 09:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010-11-20 09:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010-11-20 09:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010-11-20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2010-11-20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2010-11-20 09:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010-11-20 09:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010-11-20 09:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010-11-20 09:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010-11-20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2010-11-20 09:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2010-11-20 09:33:48 | 000,075,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2010-11-20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2010-11-20 09:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010-11-20 09:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010-11-20 09:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010-11-20 09:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010-11-20 09:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010-11-20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2010-11-20 09:33:38 | 000,152,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2010-11-20 09:33:38 | 000,095,616 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2010-11-20 09:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010-11-20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 09:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010-11-20 09:33:25 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010-11-20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 09:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010-11-20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-20 09:28:59 | 000,459,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2010-11-20 09:28:59 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010-11-20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 07:04:09 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010-11-20 06:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010-11-20 06:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010-11-20 06:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV:64bit: - [2010-11-20 06:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010-11-20 06:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV:64bit: - [2010-11-20 06:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010-11-20 06:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010-11-20 06:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010-11-20 06:51:48 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010-11-20 06:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010-11-20 06:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010-11-20 06:44:52 | 000,552,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2010-11-20 06:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010-11-20 06:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2010-11-20 06:44:33 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2010-11-20 06:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2010-11-20 06:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010-11-20 06:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2010-11-20 06:44:03 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2010-11-20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-11-20 06:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010-11-20 06:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2010-11-20 06:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010-11-20 06:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010-11-20 06:43:32 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010-11-20 06:42:44 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010-11-20 06:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010-11-20 06:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010-11-20 06:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010-11-20 06:32:44 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Prt.sys -- (Dot4Print)
DRV:64bit: - [2010-11-20 06:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010-11-20 06:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010-11-20 06:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010-11-20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-20 05:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010-11-20 05:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010-11-20 05:26:42 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010-11-20 05:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010-11-20 05:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010-11-20 05:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010-11-20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2010-11-20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010-11-20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010-11-20 05:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010-11-02 23:38:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010-10-03 12:57:38 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010-06-09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010-04-14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010-02-26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010-02-26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010-02-26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010-02-26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009-12-01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009-08-09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009-08-03 16:14:11 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009-08-03 16:14:10 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009-08-03 16:14:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009-08-03 16:13:42 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009-08-03 16:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009-07-31 16:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009-07-31 16:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009-07-27 16:22:05 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-07-24 01:12:53 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009-07-24 00:34:15 | 001,822,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2009-07-13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS) Common Log (CLFS)
DRV:64bit: - [2009-07-13 21:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009-07-13 21:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009-07-13 21:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009-07-13 21:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009-07-13 21:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009-07-13 21:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009-07-13 21:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009-07-13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009-07-13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009-07-13 21:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009-07-13 21:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009-07-13 21:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009-07-13 21:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009-07-13 21:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009-07-13 21:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009-07-13 21:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009-07-13 21:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009-07-13 21:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009-07-13 21:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009-07-13 21:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009-07-13 21:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009-07-13 21:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009-07-13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009-07-13 21:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009-07-13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009-07-13 21:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009-07-13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009-07-13 21:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009-07-13 21:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009-07-13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009-07-13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009-07-13 21:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009-07-13 21:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009-07-13 21:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009-07-13 21:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009-07-13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-13 21:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009-07-13 21:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009-07-13 21:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009-07-13 21:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009-07-13 21:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009-07-13 21:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009-07-13 21:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009-07-13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009-07-13 21:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009-07-13 21:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009-07-13 21:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009-07-13 21:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)
DRV:64bit: - [2009-07-13 21:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (Bridge)
DRV:64bit: - [2009-07-13 21:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009-07-13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009-07-13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009-07-13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-07-13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009-07-13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009-07-13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009-07-13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009-07-13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2009-07-13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009-07-13 20:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009-07-13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009-07-13 20:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV:64bit: - [2009-07-13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009-07-13 20:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009-07-13 20:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009-07-13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009-07-13 20:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009-07-13 20:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009-07-13 20:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009-07-13 20:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009-07-13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009-07-13 20:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV:64bit: - [2009-07-13 20:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009-07-13 20:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009-07-13 20:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009-07-13 20:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009-07-13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009-07-13 20:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009-07-13 20:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009-07-13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (VWiFiFlt)
DRV:64bit: - [2009-07-13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009-07-13 20:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009-07-13 20:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009-07-13 20:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009-07-13 20:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009-07-13 20:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009-07-13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009-07-13 20:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV:64bit: - [2009-07-13 20:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2009-07-13 20:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009-07-13 20:06:30 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2009-07-13 20:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2009-07-13 20:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2009-07-13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009-07-13 20:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009-07-13 20:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009-07-13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009-07-13 20:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009-07-13 20:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009-07-13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009-07-13 20:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009-07-13 20:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009-07-13 20:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009-07-13 20:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009-07-13 20:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009-07-13 20:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009-07-13 20:00:20 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4usb.sys -- (dot4usb)
DRV:64bit: - [2009-07-13 20:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009-07-13 20:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009-07-13 20:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009-07-13 20:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009-07-13 20:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009-07-13 20:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009-07-13 20:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009-07-13 20:00:16 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4.sys -- (Dot4)
DRV:64bit: - [2009-07-13 19:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009-07-13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009-07-13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009-07-13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009-07-13 19:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009-07-13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009-07-13 19:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009-07-13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009-07-13 19:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009-07-13 19:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009-07-13 19:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009-07-13 19:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009-07-13 19:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009-07-13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009-07-13 19:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009-07-13 19:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009-07-13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009-07-13 19:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009-06-11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-06-10 16:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009-06-10 16:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009-06-10 16:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009-06-10 16:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009-06-10 16:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009-06-10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-06-10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-30 04:53:56 | 000,311,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0103.sys -- (RsFx0103)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-12-26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007-04-16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007-02-18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2007-01-29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2010-03-18 00:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010-02-07 21:55:15 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009-12-18 12:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007-02-07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


< End of report >

Edited by nostalgix, 14 June 2011 - 05:45 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 15 June 2011 - 12:02 PM

Good news is that eventlog service is up and running while it was not the case when you ran OTL. The service could have been disabled and MiniToolBox enabled the service as it is a vital service and was needed to run.

Bad news is that the converters you used before running the tool didn't created any error to give us a clue to what is going on. So I'm clueless on this.

The only conclusion is that the problem doesn't seem to be malware related at this point. I think you are better off if you seek assistant on open technical forums.

#12 nostalgix

nostalgix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 15 June 2011 - 01:35 PM

Hmmm... I've always used the event log and "perfmon /rel" frequently, even before running the Toolbox/OTL, and they seem to work fine. Maybe OTL misreported it or something.

Oh, well, thanks a lot for your help and everyone at BleepingComputer.com, anyway! I think I can live with the basic-driver workaround, since I'm no longer seeing the original CPU/Memory leak problems. I'll try to resolve the other, less relevant issues as time goes on.

The only guess I have left for problems with my wireless driver is maybe the Intel drivers I got directly from Intel aren't compatible with my SONY machine, while the basic one from Microsoft does. (Even the one directly from SONY was creating problems as well, as I've mentioned before.)

Again, thanks a lot for everyone's time, attention, and cooperation.

Edited by nostalgix, 15 June 2011 - 01:38 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 15 June 2011 - 01:48 PM

Yes maybe OTL had trouble reading eventlog for other reasons.

Good luck with other issues.

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users