Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on Vista startup, something evil here


  • This topic is locked This topic is locked
18 replies to this topic

#1 R.P.D.

R.P.D.

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 09 May 2012 - 01:23 AM

Hello,

I have a friend's laptop that appears to be infected with something(s) and has been worked on by at least one other person, unsuccessfully. Data is safe but would like to avoid OS reinstall and I'm curious to see if that is necessary. I can boot into safe mode and things seem mostly OK, maybe not quite right, but I get an instant Blue Screen of Death if booted into regular Vista.

A Malwarebytes scan I did showed some Trojan.Vundo, Trojan.BHO, and Trojan.Agent, and Pup.MyWebSearch related items but it didn't seem able to clear them away.

DDS logs attached per prep guide. 64 bit OS.

Thanks for any help,
Rich

----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_26
Run by Edee at 23:15:46 on 2012-05-08
.
============== Running Processes ===============
.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Edee\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://inc.mlxchange.com/
mStart Page = hxxp://www.startsearcher.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Facetheme: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - C:\Program Files (x86)\Object\bho_project.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Agile1pAgent] "C:\Program Files (x86)\1Password\Agile1pAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: americashomerescue.com\www
Trusted Zone: bizsiteservice.com\secure11
Trusted Zone: cnn.com\www
Trusted Zone: doccentral.com
Trusted Zone: docusign.net\www
Trusted Zone: facebook.com\upload
Trusted Zone: fanniemae.com\www
Trusted Zone: fedex.com\www
Trusted Zone: fnismls.com
Trusted Zone: fnismls.com\nnrmls
Trusted Zone: getmedianow.com
Trusted Zone: getyourview.com
Trusted Zone: getyourview.com\*.admin
Trusted Zone: getyourview.com\admin
Trusted Zone: marketlins.com\tm
Trusted Zone: marketlinx.com\tm
Trusted Zone: marketlinx.com\www.tm
Trusted Zone: mckissock.com\www
Trusted Zone: mlxchange.com\inc
Trusted Zone: nnrmls.com
Trusted Zone: rdesk.com
Trusted Zone: realtytools.com
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net\idp.nnrmls
Trusted Zone: salesaspects.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: sobamalibu.com\www
Trusted Zone: spellchecker.net
Trusted Zone: spokeo.com\www
Trusted Zone: tacforeclosures.com\www
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: tourfactory.com
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: trueformsonline.com\aar
Trusted Zone: trueformsonline.com\gbr
Trusted Zone: trueformsonline.com\www
Trusted Zone: usbank.com\www
Trusted Zone: usbank.com\www4
Trusted Zone: virtualearth.net
Trusted Zone: voicecloud.com
Trusted Zone: voicecloud.com\www
Trusted Zone: voicecloudvct.com\www
Trusted Zone: washoecounty.us\icris
Trusted Zone: xmlsweb.com
Trusted Zone: yahoo.com\messenger
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://nnrmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://dem.mlxchange.com/5.0.08.4151/Control/FileCruiser.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://dem.mlxchange.com/5.0.08.4151/Control/Specfile.cab
DPF: {17176F8B-9599-4E68-96A8-6163E91FA4E1} - hxxp://tourfactory.com/ActiveX/OutlookTF.CAB
DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} - hxxp://www.toolkitcma.com/tkweb/tkweb.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://inc.mlxchange.com/5.0.08.4151/Control/MLSClientUtils.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://dem.mlxchange.com/5.0.08.4151/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://dem.mlxchange.com/5.0.08.4151/Control/IRCWebPrint.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://inc.mlxchange.com/5.1.01.7036/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://inc.mlxchange.com/5.0.08.4151/Control/WebDog.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CB166B52-6741-412A-AF4C-FE59A35F5001} - hxxp://tourfactory.com/Inventory/UploadWizard/UploadWizard.CAB
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://dem.mlxchange.com/5.0.08.4151/Control/AspCustomCtrls.cab
TCP: DhcpNameServer = 192.168.0.99
TCP: Interfaces\{6F6C25F1-AE2F-4F33-AB31-025DA233D46F} : DhcpNameServer = 192.168.0.99
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Facetheme: {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files (x86)\Object\bho_project.dll
BHO-X64: BHO Project - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Agile1pAgent] "C:\Program Files (x86)\1Password\Agile1pAgent.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R? {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/05 03:32:25]
R? Agile1Password;1Password
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? Com4QLBEx;Com4QLBEx
R? FontCache;Windows Font Cache Service
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GT72NDISIPXP;GT 72 IP NDIS
R? GT72UBUS;GT 72 U BUS
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? hpsrv;HP Service
R? IntcHdmiAddService;Intel® High Definition Audio HDMI
R? KAPFA;KAPFA
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McShield;McShield
R? mfeavfk;McAfee Inc. mfeavfk
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfehidk;McAfee Inc. mfehidk
R? mfenlfk;McAfee NDIS Light Filter
R? mferkdet;McAfee Inc. mferkdet
R? mfevtp;McAfee Validation Trust Protection Service
R? mfewfpk;McAfee Inc. mfewfpk
R? NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit
R? PCASp50a64;PCASp50a64 NDIS Protocol Driver
R? PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver
R? PerfHost;Performance Counter DLL Host
R? Recovery Service for Windows;Recovery Service for Windows
R? ssrangdr;ssrangdr
R? TVCapSvc;TV Background Capture Service (TVBCS)
R? TVSched;TV Task Scheduler (TVTS)
R? USBAAPL64;Apple Mobile USB Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
S? enecir;ENE CIR Receiver
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-09 05:42:33 315392 ----a-w- C:\pscp.exe
2012-05-09 05:29:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F2805FB-3005-45AD-B8AF-8A306EBEEE5D}\mpengine.dll
2012-05-09 04:50:37 -------- d-----w- C:\Users\Edee\AppData\Local\temp
2012-04-24 12:51:54 -------- d-----w- C:\Users\Edee\AppData\Local\Temp(122)
2012-04-10 19:56:33 -------- d-----w- C:\Users\Edee\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-05 18:31:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 23:15:57.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 11 May 2012 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 May 2012 - 09:59 AM

Thank you, nasdaq, I will do that immediately and report back. I assume this can be done from Safe Mode since that is all I can get to at the moment.

Rich

#4 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 May 2012 - 11:22 AM

I downloaded the TDSSKiller.zip in Safe Mode but could not extract it on the infected machine. Microsoft Picture Manager popped up instead. Either the computer has a bad program associated with the .zip extension or some malware is interfering? So I downloaded the .zip to another machine, extracted the .exe there, and copied that over to the laptop and ran the scan. A suspicious service was detected (mfeavfk01) but no malicious objects. No reboot was directed. Log file and Report pasted below. (I forgot to copy the Report on the first run so the log file and report are from two different runs but apparently the same result.)

At startup, aswMBR.exe asked if I should download the latest Avast! virus definitions for scanning. I said yes. It downloaded and then I did the scan. AV scan "Quickscan" was the default and I left that as it was. The file aswMBR.txt is below. MBR.zip attached.

Thanks,
Rich

----
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 08:52:16
-----------------------------
08:52:16.792 OS Version: Windows x64 6.0.6002 Service Pack 2
08:52:16.792 Number of processors: 2 586 0x170A
08:52:16.792 ComputerName: EDEE-PC UserName: Edee
08:52:17.806 Initialize success
08:56:37.578 AVAST engine defs: 12051100
08:57:35.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:57:35.266 Disk 0 Vendor: TOSHIBA_MK3255GSX FG011C Size: 305245MB BusType: 3
08:57:35.641 Disk 0 MBR read successfully
08:57:35.656 Disk 0 MBR scan
08:57:35.656 Disk 0 unknown MBR code
08:57:35.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292363 MB offset 2048
08:57:35.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12878 MB offset 598761472
08:57:35.719 Disk 0 scanning C:\Windows\system32\drivers
08:57:46.171 Service scanning
08:57:59.259 Service mfeavfk01 C:\Windows\System32\Drivers\mfeavfk01.sys **HIDDEN**
08:58:17.979 Modules scanning
08:58:17.979 Disk 0 trace - called modules:
08:58:18.026 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:58:18.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc7790]
08:58:18.026 3 CLASSPNP.SYS[fffffa6000a57c33] -> nt!IofCallDriver -> [0xfffffa8004cc6a20]
08:58:18.042 5 hpdskflt.sys[fffffa60019f70ee] -> nt!IofCallDriver -> [0xfffffa8004b7b2a0]
08:58:18.042 7 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004baa060]
08:58:18.853 AVAST engine scan C:\Windows
08:58:22.566 AVAST engine scan C:\Windows\system32
09:02:20.856 AVAST engine scan C:\Windows\system32\drivers
09:02:37.392 AVAST engine scan C:\Users\Edee
09:04:58.057 Disk 0 MBR has been saved successfully to "C:\Users\Edee\Desktop\MBR.dat"
09:04:58.072 The log file has been saved successfully to "C:\Users\Edee\Desktop\aswMBR.txt"
----

----
09:13:39.0284 1972 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:13:40.0267 1972 ============================================================
09:13:40.0267 1972 Current date / time: 2012/05/11 09:13:40.0267
09:13:40.0267 1972 SystemInfo:
09:13:40.0267 1972
09:13:40.0267 1972 OS Version: 6.0.6002 ServicePack: 2.0
09:13:40.0267 1972 Product type: Workstation
09:13:40.0267 1972 ComputerName: EDEE-PC
09:13:40.0267 1972 UserName: Edee
09:13:40.0267 1972 Windows directory: C:\Windows
09:13:40.0267 1972 System windows directory: C:\Windows
09:13:40.0267 1972 Running under WOW64
09:13:40.0267 1972 Processor architecture: Intel x64
09:13:40.0267 1972 Number of processors: 2
09:13:40.0267 1972 Page size: 0x1000
09:13:40.0267 1972 Boot type: Safe boot with network
09:13:40.0267 1972 ============================================================
09:13:40.0532 1972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:40.0532 1972 ============================================================
09:13:40.0532 1972 \Device\Harddisk0\DR0:
09:13:40.0548 1972 MBR partitions:
09:13:40.0548 1972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B05800
09:13:40.0548 1972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B06000, BlocksNum 0x1927000
09:13:40.0548 1972 ============================================================
09:13:40.0579 1972 C: <-> \Device\Harddisk0\DR0\Partition0
09:13:40.0735 1972 D: <-> \Device\Harddisk0\DR0\Partition1
09:13:40.0735 1972 ============================================================
09:13:40.0735 1972 Initialize success
09:13:40.0735 1972 ============================================================
09:13:43.0371 1896 ============================================================
09:13:43.0371 1896 Scan started
09:13:43.0371 1896 Mode: Manual;
09:13:43.0371 1896 ============================================================
09:13:44.0167 1896 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:13:44.0182 1896 Accelerometer - ok
09:13:44.0260 1896 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:13:44.0276 1896 ACPI - ok
09:13:44.0354 1896 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:13:44.0354 1896 adp94xx - ok
09:13:44.0463 1896 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:13:44.0463 1896 adpahci - ok
09:13:44.0494 1896 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:13:44.0494 1896 adpu160m - ok
09:13:44.0541 1896 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:13:44.0541 1896 adpu320 - ok
09:13:44.0588 1896 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
09:13:44.0588 1896 AeLookupSvc - ok
09:13:44.0713 1896 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
09:13:44.0713 1896 Afc - ok
09:13:44.0806 1896 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
09:13:44.0822 1896 AFD - ok
09:13:44.0869 1896 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
09:13:44.0869 1896 AgereModemAudio - ok
09:13:45.0056 1896 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
09:13:45.0134 1896 AgereSoftModem - ok
09:13:45.0337 1896 Agile1Password (440da273c170c984b63edaad08e5dbc3) C:\Program Files (x86)\1Password\Agile1pService.exe
09:13:45.0352 1896 Agile1Password - ok
09:13:45.0540 1896 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:13:45.0540 1896 agp440 - ok
09:13:45.0586 1896 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:13:45.0586 1896 aic78xx - ok
09:13:45.0649 1896 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
09:13:45.0649 1896 ALG - ok
09:13:45.0664 1896 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
09:13:45.0680 1896 aliide - ok
09:13:45.0711 1896 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
09:13:45.0711 1896 amdide - ok
09:13:45.0727 1896 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:13:45.0727 1896 AmdK8 - ok
09:13:45.0774 1896 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
09:13:45.0774 1896 Appinfo - ok
09:13:45.0898 1896 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:13:45.0898 1896 Apple Mobile Device - ok
09:13:45.0930 1896 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:13:45.0930 1896 arc - ok
09:13:45.0961 1896 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:13:45.0976 1896 arcsas - ok
09:13:46.0008 1896 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:46.0008 1896 AsyncMac - ok
09:13:46.0054 1896 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:13:46.0054 1896 atapi - ok
09:13:46.0179 1896 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:13:46.0195 1896 AudioEndpointBuilder - ok
09:13:46.0195 1896 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:13:46.0195 1896 AudioSrv - ok
09:13:46.0600 1896 BCM43XX (eef98ddd0fc6a5da452eb8120d57ce44) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:13:46.0616 1896 BCM43XX - ok
09:13:46.0819 1896 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
09:13:46.0819 1896 BFE - ok
09:13:47.0006 1896 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
09:13:47.0022 1896 BITS - ok
09:13:47.0146 1896 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:13:47.0146 1896 blbdrive - ok
09:13:47.0287 1896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:13:47.0287 1896 Bonjour Service - ok
09:13:47.0349 1896 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:13:47.0349 1896 bowser - ok
09:13:47.0427 1896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:13:47.0427 1896 BrFiltLo - ok
09:13:47.0443 1896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:13:47.0443 1896 BrFiltUp - ok
09:13:47.0474 1896 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
09:13:47.0474 1896 Browser - ok
09:13:47.0521 1896 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:13:47.0521 1896 Brserid - ok
09:13:47.0568 1896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:13:47.0568 1896 BrSerWdm - ok
09:13:47.0599 1896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:13:47.0599 1896 BrUsbMdm - ok
09:13:47.0646 1896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:13:47.0646 1896 BrUsbSer - ok
09:13:47.0677 1896 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:13:47.0677 1896 BTHMODEM - ok
09:13:47.0724 1896 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:13:47.0724 1896 cdfs - ok
09:13:47.0786 1896 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:13:47.0786 1896 cdrom - ok
09:13:47.0833 1896 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:13:47.0833 1896 CertPropSvc - ok
09:13:47.0833 1896 cfwids - ok
09:13:47.0911 1896 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
09:13:47.0911 1896 circlass - ok
09:13:47.0989 1896 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:13:48.0020 1896 CLFS - ok
09:13:48.0160 1896 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:48.0160 1896 clr_optimization_v2.0.50727_32 - ok
09:13:48.0316 1896 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:13:48.0316 1896 clr_optimization_v2.0.50727_64 - ok
09:13:48.0410 1896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:48.0410 1896 clr_optimization_v4.0.30319_32 - ok
09:13:48.0488 1896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:13:48.0488 1896 clr_optimization_v4.0.30319_64 - ok
09:13:48.0535 1896 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:48.0535 1896 CmBatt - ok
09:13:48.0582 1896 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
09:13:48.0582 1896 cmdide - ok
09:13:48.0691 1896 Com4QLBEx (12e94e225bd7b05a2bccd5c0b841e921) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:13:48.0706 1896 Com4QLBEx - ok
09:13:48.0753 1896 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
09:13:48.0753 1896 Compbatt - ok
09:13:48.0753 1896 COMSysApp - ok
09:13:48.0769 1896 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:13:48.0769 1896 crcdisk - ok
09:13:48.0831 1896 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
09:13:48.0831 1896 CryptSvc - ok
09:13:49.0034 1896 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:13:49.0034 1896 DcomLaunch - ok
09:13:49.0096 1896 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:13:49.0096 1896 DfsC - ok
09:13:49.0720 1896 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
09:13:49.0954 1896 DFSR - ok
09:13:50.0126 1896 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
09:13:50.0126 1896 Dhcp - ok
09:13:50.0251 1896 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:13:50.0251 1896 disk - ok
09:13:50.0329 1896 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
09:13:50.0329 1896 Dnscache - ok
09:13:50.0376 1896 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
09:13:50.0376 1896 dot3svc - ok
09:13:50.0454 1896 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
09:13:50.0454 1896 Dot4 - ok
09:13:50.0469 1896 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:13:50.0469 1896 Dot4Print - ok
09:13:50.0516 1896 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
09:13:50.0516 1896 dot4usb - ok
09:13:50.0547 1896 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
09:13:50.0547 1896 DPS - ok
09:13:50.0610 1896 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:13:50.0610 1896 drmkaud - ok
09:13:50.0812 1896 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:13:50.0844 1896 DXGKrnl - ok
09:13:50.0906 1896 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:13:50.0906 1896 E1G60 - ok
09:13:50.0984 1896 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
09:13:50.0984 1896 EapHost - ok
09:13:51.0046 1896 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:13:51.0046 1896 Ecache - ok
09:13:51.0218 1896 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
09:13:51.0218 1896 ehRecvr - ok
09:13:51.0265 1896 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
09:13:51.0265 1896 ehSched - ok
09:13:51.0296 1896 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
09:13:51.0296 1896 ehstart - ok
09:13:51.0452 1896 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:13:51.0452 1896 elxstor - ok
09:13:51.0561 1896 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
09:13:51.0561 1896 EMDMgmt - ok
09:13:51.0639 1896 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
09:13:51.0639 1896 enecir - ok
09:13:51.0686 1896 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:13:51.0686 1896 ErrDev - ok
09:13:51.0764 1896 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
09:13:51.0764 1896 EventSystem - ok
09:13:51.0795 1896 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:13:51.0811 1896 exfat - ok
09:13:51.0873 1896 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:13:51.0873 1896 fastfat - ok
09:13:51.0920 1896 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:13:51.0920 1896 fdc - ok
09:13:51.0982 1896 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
09:13:51.0982 1896 fdPHost - ok
09:13:51.0998 1896 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
09:13:51.0998 1896 FDResPub - ok
09:13:52.0060 1896 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:13:52.0060 1896 FileInfo - ok
09:13:52.0092 1896 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:13:52.0092 1896 Filetrace - ok
09:13:52.0123 1896 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:52.0123 1896 flpydisk - ok
09:13:52.0185 1896 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:13:52.0185 1896 FltMgr - ok
09:13:52.0357 1896 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
09:13:52.0372 1896 FontCache - ok
09:13:52.0513 1896 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:13:52.0513 1896 FontCache3.0.0.0 - ok
09:13:52.0606 1896 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
09:13:52.0622 1896 fssfltr - ok
09:13:52.0903 1896 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:13:52.0934 1896 fsssvc - ok
09:13:52.0965 1896 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:13:52.0965 1896 Fs_Rec - ok
09:13:53.0059 1896 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:13:53.0059 1896 gagp30kx - ok
09:13:53.0106 1896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:13:53.0106 1896 GEARAspiWDM - ok
09:13:53.0246 1896 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
09:13:53.0262 1896 gpsvc - ok
09:13:53.0340 1896 GT72NDISIPXP (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
09:13:53.0340 1896 GT72NDISIPXP - ok
09:13:53.0371 1896 GT72UBUS (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
09:13:53.0371 1896 GT72UBUS - ok
09:13:53.0402 1896 GTPTSER (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
09:13:53.0402 1896 GTPTSER - ok
09:13:53.0667 1896 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:13:53.0683 1896 gupdate - ok
09:13:53.0683 1896 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:13:53.0683 1896 gupdatem - ok
09:13:53.0776 1896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:13:53.0776 1896 gusvc - ok
09:13:53.0870 1896 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:13:53.0870 1896 HdAudAddService - ok
09:13:54.0057 1896 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:13:54.0057 1896 HDAudBus - ok
09:13:54.0151 1896 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:13:54.0151 1896 HidBth - ok
09:13:54.0198 1896 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
09:13:54.0198 1896 HidIr - ok
09:13:54.0276 1896 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
09:13:54.0291 1896 hidserv - ok
09:13:54.0322 1896 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:13:54.0322 1896 HidUsb - ok
09:13:54.0400 1896 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
09:13:54.0400 1896 hkmsvc - ok
09:13:54.0541 1896 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
09:13:54.0541 1896 HP Health Check Service - ok
09:13:54.0572 1896 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:13:54.0572 1896 HpCISSs - ok
09:13:54.0650 1896 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:13:54.0650 1896 hpdskflt - ok
09:13:54.0837 1896 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:13:54.0837 1896 hpqcxs08 - ok
09:13:54.0868 1896 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:13:54.0868 1896 hpqddsvc - ok
09:13:54.0915 1896 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:13:54.0915 1896 HpqKbFiltr - ok
09:13:55.0024 1896 hpqwmiex (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:13:55.0024 1896 hpqwmiex - ok
09:13:55.0071 1896 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
09:13:55.0087 1896 hpsrv - ok
09:13:55.0227 1896 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:13:55.0227 1896 HTTP - ok
09:13:55.0274 1896 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:13:55.0274 1896 i2omp - ok
09:13:55.0321 1896 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:13:55.0321 1896 i8042prt - ok
09:13:55.0368 1896 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:13:55.0383 1896 iaStorV - ok
09:13:55.0539 1896 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:13:55.0539 1896 IDriverT - ok
09:13:55.0789 1896 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:13:55.0836 1896 idsvc - ok
09:13:57.0006 1896 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:13:57.0536 1896 igfx - ok
09:13:57.0832 1896 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:13:57.0832 1896 iirsp - ok
09:13:57.0942 1896 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
09:13:57.0942 1896 IKEEXT - ok
09:13:57.0988 1896 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
09:13:57.0988 1896 IntcHdmiAddService - ok
09:13:58.0020 1896 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
09:13:58.0020 1896 intelide - ok
09:13:58.0035 1896 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:13:58.0035 1896 intelppm - ok
09:13:58.0082 1896 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
09:13:58.0082 1896 IPBusEnum - ok
09:13:58.0144 1896 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:13:58.0144 1896 IpFilterDriver - ok
09:13:58.0238 1896 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
09:13:58.0238 1896 iphlpsvc - ok
09:13:58.0238 1896 IpInIp - ok
09:13:58.0269 1896 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:13:58.0285 1896 IPMIDRV - ok
09:13:58.0332 1896 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:13:58.0332 1896 IPNAT - ok
09:13:58.0612 1896 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
09:13:58.0706 1896 iPod Service - ok
09:13:58.0753 1896 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:13:58.0753 1896 IRENUM - ok
09:13:58.0800 1896 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:13:58.0800 1896 isapnp - ok
09:13:58.0846 1896 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:13:58.0846 1896 iScsiPrt - ok
09:13:58.0924 1896 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:13:58.0924 1896 iteatapi - ok
09:13:58.0924 1896 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:13:58.0924 1896 iteraid - ok
09:13:58.0940 1896 KAPFA - ok
09:13:58.0971 1896 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:13:58.0971 1896 kbdclass - ok
09:13:59.0018 1896 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
09:13:59.0018 1896 kbdhid - ok
09:13:59.0065 1896 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:13:59.0065 1896 KeyIso - ok
09:13:59.0190 1896 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
09:13:59.0205 1896 KSecDD - ok
09:13:59.0252 1896 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:13:59.0252 1896 ksthunk - ok
09:13:59.0377 1896 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
09:13:59.0392 1896 KtmRm - ok
09:13:59.0424 1896 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
09:13:59.0424 1896 LanmanServer - ok
09:13:59.0517 1896 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
09:13:59.0517 1896 LanmanWorkstation - ok
09:13:59.0673 1896 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:13:59.0673 1896 LightScribeService - ok
09:13:59.0704 1896 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:13:59.0704 1896 lltdio - ok
09:13:59.0829 1896 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
09:13:59.0860 1896 lltdsvc - ok
09:13:59.0907 1896 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
09:13:59.0907 1896 lmhosts - ok
09:13:59.0970 1896 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:13:59.0970 1896 LSI_FC - ok
09:14:00.0001 1896 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:14:00.0001 1896 LSI_SAS - ok
09:14:00.0079 1896 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:14:00.0079 1896 LSI_SCSI - ok
09:14:00.0172 1896 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:14:00.0172 1896 luafv - ok
09:14:00.0266 1896 McAfee SiteAdvisor Service - ok
09:14:00.0282 1896 McComponentHostService - ok
09:14:00.0406 1896 McMPFSvc - ok
09:14:00.0406 1896 mcmscsvc - ok
09:14:00.0438 1896 McNaiAnn - ok
09:14:00.0453 1896 McNASvc - ok
09:14:00.0484 1896 McODS - ok
09:14:00.0484 1896 McProxy - ok
09:14:00.0531 1896 McShield - ok
09:14:00.0609 1896 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
09:14:00.0609 1896 Mcx2Svc - ok
09:14:00.0672 1896 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:14:00.0672 1896 megasas - ok
09:14:00.0734 1896 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:14:00.0750 1896 MegaSR - ok
09:14:00.0750 1896 mfeapfk - ok
09:14:00.0750 1896 mfeavfk - ok
09:14:00.0765 1896 Suspicious service (Hidden): mfeavfk01
09:14:00.0765 1896 mfeavfk01 ( HiddenService.Multi.Generic ) - warning
09:14:00.0765 1896 mfeavfk01 - detected HiddenService.Multi.Generic (1)
09:14:00.0781 1896 mfefire - ok
09:14:00.0781 1896 mfefirek - ok
09:14:00.0796 1896 mfehidk - ok
09:14:00.0828 1896 mfenlfk - ok
09:14:00.0828 1896 mferkdet - ok
09:14:00.0828 1896 mfevtp - ok
09:14:00.0843 1896 mfewfpk - ok
09:14:00.0906 1896 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:14:00.0921 1896 MMCSS - ok
09:14:00.0937 1896 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:14:00.0937 1896 Modem - ok
09:14:00.0984 1896 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:14:00.0984 1896 monitor - ok
09:14:01.0015 1896 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:14:01.0015 1896 mouclass - ok
09:14:01.0062 1896 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:14:01.0062 1896 mouhid - ok
09:14:01.0062 1896 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:14:01.0077 1896 MountMgr - ok
09:14:01.0093 1896 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:14:01.0093 1896 mpio - ok
09:14:01.0124 1896 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:14:01.0124 1896 mpsdrv - ok
09:14:01.0249 1896 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
09:14:01.0249 1896 MpsSvc - ok
09:14:01.0280 1896 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:14:01.0280 1896 Mraid35x - ok
09:14:01.0342 1896 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:14:01.0342 1896 MRxDAV - ok
09:14:01.0436 1896 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:01.0436 1896 mrxsmb - ok
09:14:01.0514 1896 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:01.0514 1896 mrxsmb10 - ok
09:14:01.0576 1896 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:01.0576 1896 mrxsmb20 - ok
09:14:01.0654 1896 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
09:14:01.0654 1896 msahci - ok
09:14:01.0717 1896 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:14:01.0717 1896 msdsm - ok
09:14:01.0764 1896 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
09:14:01.0764 1896 MSDTC - ok
09:14:01.0795 1896 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:14:01.0795 1896 Msfs - ok
09:14:01.0873 1896 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:14:01.0873 1896 msisadrv - ok
09:14:02.0029 1896 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
09:14:02.0029 1896 MSiSCSI - ok
09:14:02.0029 1896 msiserver - ok
09:14:02.0076 1896 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:14:02.0076 1896 MSKSSRV - ok
09:14:02.0091 1896 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:02.0091 1896 MSPCLOCK - ok
09:14:02.0122 1896 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:14:02.0122 1896 MSPQM - ok
09:14:02.0200 1896 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:14:02.0200 1896 MsRPC - ok
09:14:02.0278 1896 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:14:02.0278 1896 mssmbios - ok
09:14:02.0310 1896 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:14:02.0310 1896 MSTEE - ok
09:14:02.0372 1896 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:14:02.0388 1896 Mup - ok
09:14:02.0497 1896 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
09:14:02.0512 1896 napagent - ok
09:14:02.0559 1896 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:14:02.0559 1896 NativeWifiP - ok
09:14:02.0715 1896 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:14:02.0715 1896 NDIS - ok
09:14:02.0778 1896 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:02.0778 1896 NdisTapi - ok
09:14:02.0793 1896 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:02.0793 1896 Ndisuio - ok
09:14:02.0840 1896 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:02.0840 1896 NdisWan - ok
09:14:02.0871 1896 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:14:02.0887 1896 NDProxy - ok
09:14:02.0902 1896 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
09:14:02.0902 1896 Net Driver HPZ12 - ok
09:14:02.0934 1896 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:14:02.0934 1896 NetBIOS - ok
09:14:03.0012 1896 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:14:03.0012 1896 netbt - ok
09:14:03.0043 1896 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:14:03.0043 1896 Netlogon - ok
09:14:03.0121 1896 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
09:14:03.0121 1896 Netman - ok
09:14:03.0168 1896 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
09:14:03.0168 1896 netprofm - ok
09:14:03.0324 1896 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:03.0324 1896 NetTcpPortSharing - ok
09:14:03.0823 1896 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
09:14:04.0010 1896 NETw3v64 - ok
09:14:04.0338 1896 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:14:04.0338 1896 nfrd960 - ok
09:14:04.0447 1896 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
09:14:04.0462 1896 NlaSvc - ok
09:14:04.0494 1896 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:14:04.0494 1896 Npfs - ok
09:14:04.0540 1896 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
09:14:04.0540 1896 nsi - ok
09:14:04.0572 1896 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:14:04.0572 1896 nsiproxy - ok
09:14:04.0806 1896 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:14:04.0899 1896 Ntfs - ok
09:14:05.0149 1896 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:14:05.0149 1896 NuidFltr - ok
09:14:05.0180 1896 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:14:05.0180 1896 Null - ok
09:14:05.0196 1896 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:14:05.0196 1896 nvraid - ok
09:14:05.0242 1896 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:14:05.0242 1896 nvstor - ok
09:14:05.0305 1896 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:14:05.0305 1896 nv_agp - ok
09:14:05.0305 1896 NwlnkFlt - ok
09:14:05.0320 1896 NwlnkFwd - ok
09:14:05.0601 1896 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:05.0617 1896 odserv - ok
09:14:05.0679 1896 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
09:14:05.0679 1896 ohci1394 - ok
09:14:05.0742 1896 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:05.0742 1896 ose - ok
09:14:05.0898 1896 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:14:05.0913 1896 p2pimsvc - ok
09:14:05.0929 1896 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:14:05.0929 1896 p2psvc - ok
09:14:05.0976 1896 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:14:05.0976 1896 Parport - ok
09:14:06.0038 1896 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
09:14:06.0054 1896 partmgr - ok
09:14:06.0054 1896 PCASp50a64 - ok
09:14:06.0100 1896 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
09:14:06.0100 1896 PcaSvc - ok
09:14:06.0194 1896 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:14:06.0194 1896 pci - ok
09:14:06.0225 1896 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
09:14:06.0225 1896 pciide - ok
09:14:06.0256 1896 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:14:06.0256 1896 pcmcia - ok
09:14:06.0256 1896 PCTINDIS5X64 - ok
09:14:06.0397 1896 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:14:06.0444 1896 PEAUTH - ok
09:14:06.0600 1896 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
09:14:06.0600 1896 PerfHost - ok
09:14:06.0802 1896 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
09:14:06.0818 1896 pla - ok
09:14:06.0880 1896 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
09:14:06.0880 1896 PlugPlay - ok
09:14:06.0927 1896 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
09:14:06.0927 1896 Pml Driver HPZ12 - ok
09:14:07.0114 1896 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:14:07.0114 1896 PNRPAutoReg - ok
09:14:07.0130 1896 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:14:07.0146 1896 PNRPsvc - ok
09:14:07.0255 1896 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
09:14:07.0255 1896 PolicyAgent - ok
09:14:07.0380 1896 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:14:07.0380 1896 PptpMiniport - ok
09:14:07.0458 1896 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:14:07.0458 1896 Processor - ok
09:14:07.0536 1896 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
09:14:07.0536 1896 ProfSvc - ok
09:14:07.0598 1896 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:14:07.0614 1896 ProtectedStorage - ok
09:14:07.0645 1896 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:14:07.0645 1896 PSched - ok
09:14:07.0848 1896 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:14:07.0910 1896 ql2300 - ok
09:14:07.0941 1896 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:14:07.0957 1896 ql40xx - ok
09:14:08.0019 1896 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
09:14:08.0019 1896 QWAVE - ok
09:14:08.0097 1896 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:14:08.0097 1896 QWAVEdrv - ok
09:14:08.0128 1896 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:14:08.0128 1896 RasAcd - ok
09:14:08.0238 1896 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
09:14:08.0253 1896 RasAuto - ok
09:14:08.0300 1896 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:08.0300 1896 Rasl2tp - ok
09:14:08.0362 1896 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
09:14:08.0362 1896 RasMan - ok
09:14:08.0409 1896 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:08.0425 1896 RasPppoe - ok
09:14:08.0487 1896 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:14:08.0487 1896 RasSstp - ok
09:14:08.0596 1896 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:14:08.0596 1896 rdbss - ok
09:14:08.0674 1896 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:08.0674 1896 RDPCDD - ok
09:14:08.0737 1896 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:14:08.0752 1896 rdpdr - ok
09:14:08.0752 1896 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:14:08.0752 1896 RDPENCDD - ok
09:14:08.0799 1896 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
09:14:08.0815 1896 RDPWD - ok
09:14:08.0940 1896 Recovery Service for Windows (bc0a4d47472b042537f4e57b950415fa) C:\Program Files (x86)\SMINST\BLService.exe
09:14:08.0955 1896 Recovery Service for Windows - ok
09:14:08.0986 1896 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
09:14:08.0986 1896 RemoteAccess - ok
09:14:09.0096 1896 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
09:14:09.0096 1896 RemoteRegistry - ok
09:14:09.0252 1896 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:14:09.0283 1896 RichVideo - ok
09:14:09.0283 1896 RimUsb - ok
09:14:09.0330 1896 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:14:09.0330 1896 RimVSerPort - ok
09:14:09.0392 1896 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
09:14:09.0392 1896 ROOTMODEM - ok
09:14:09.0486 1896 RoxLiveShare9 - ok
09:14:09.0532 1896 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
09:14:09.0532 1896 RpcLocator - ok
09:14:09.0720 1896 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:14:09.0720 1896 RpcSs - ok
09:14:09.0766 1896 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:14:09.0782 1896 rspndr - ok
09:14:09.0876 1896 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
09:14:09.0876 1896 RTL8169 - ok
09:14:09.0954 1896 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
09:14:09.0954 1896 RTSTOR - ok
09:14:09.0985 1896 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:14:09.0985 1896 SamSs - ok
09:14:10.0032 1896 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:14:10.0047 1896 sbp2port - ok
09:14:10.0094 1896 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
09:14:10.0094 1896 SCardSvr - ok
09:14:10.0281 1896 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
09:14:10.0281 1896 Schedule - ok
09:14:10.0328 1896 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:14:10.0328 1896 SCPolicySvc - ok
09:14:10.0375 1896 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
09:14:10.0375 1896 sdbus - ok
09:14:10.0468 1896 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
09:14:10.0468 1896 SDRSVC - ok
09:14:10.0515 1896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:14:10.0515 1896 secdrv - ok
09:14:10.0609 1896 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
09:14:10.0609 1896 seclogon - ok
09:14:10.0656 1896 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
09:14:10.0656 1896 SENS - ok
09:14:10.0687 1896 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:14:10.0687 1896 Serenum - ok
09:14:10.0765 1896 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:14:10.0796 1896 Serial - ok
09:14:10.0812 1896 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:14:10.0812 1896 sermouse - ok
09:14:10.0858 1896 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
09:14:10.0858 1896 SessionEnv - ok
09:14:10.0890 1896 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:14:10.0890 1896 sffdisk - ok
09:14:10.0952 1896 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:14:10.0952 1896 sffp_mmc - ok
09:14:11.0014 1896 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:14:11.0014 1896 sffp_sd - ok
09:14:11.0061 1896 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:11.0061 1896 sfloppy - ok
09:14:11.0155 1896 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
09:14:11.0170 1896 SharedAccess - ok
09:14:11.0280 1896 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
09:14:11.0280 1896 ShellHWDetection - ok
09:14:11.0326 1896 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:14:11.0326 1896 SiSRaid2 - ok
09:14:11.0373 1896 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:14:11.0373 1896 SiSRaid4 - ok
09:14:11.0779 1896 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
09:14:11.0794 1896 slsvc - ok
09:14:11.0935 1896 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
09:14:11.0950 1896 SLUINotify - ok
09:14:12.0028 1896 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:14:12.0028 1896 Smb - ok
09:14:12.0091 1896 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
09:14:12.0091 1896 SNMPTRAP - ok
09:14:12.0169 1896 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:14:12.0169 1896 spldr - ok
09:14:12.0231 1896 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
09:14:12.0231 1896 Spooler - ok
09:14:12.0387 1896 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:14:12.0403 1896 srv - ok
09:14:12.0450 1896 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:14:12.0450 1896 srv2 - ok
09:14:12.0481 1896 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:14:12.0481 1896 srvnet - ok
09:14:12.0559 1896 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
09:14:12.0559 1896 SSDPSRV - ok
09:14:12.0621 1896 ssrangdr (9777aef5a3dc86b0825ac12de37f8e2e) C:\Windows\system32\DRIVERS\ssrangdr.sys
09:14:12.0621 1896 ssrangdr - ok
09:14:12.0668 1896 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
09:14:12.0668 1896 SstpSvc - ok
09:14:12.0886 1896 STacSV (72eb6157e892a674e47e08732bb5cce3) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
09:14:12.0886 1896 STacSV - ok
09:14:13.0027 1896 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys
09:14:13.0027 1896 STHDA - ok
09:14:13.0058 1896 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
09:14:13.0058 1896 StillCam - ok
09:14:13.0167 1896 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
09:14:13.0183 1896 stisvc - ok
09:14:13.0214 1896 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:14:13.0230 1896 swenum - ok
09:14:13.0276 1896 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
09:14:13.0276 1896 swmsflt - ok
09:14:13.0432 1896 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
09:14:13.0432 1896 swprv - ok
09:14:13.0464 1896 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:14:13.0464 1896 Symc8xx - ok
09:14:13.0495 1896 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:14:13.0495 1896 Sym_hi - ok
09:14:13.0495 1896 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:14:13.0495 1896 Sym_u3 - ok
09:14:13.0604 1896 SynTP (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys
09:14:13.0604 1896 SynTP - ok
09:14:13.0776 1896 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
09:14:13.0791 1896 SysMain - ok
09:14:13.0854 1896 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
09:14:13.0854 1896 TabletInputService - ok
09:14:13.0947 1896 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
09:14:13.0947 1896 TapiSrv - ok
09:14:14.0010 1896 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
09:14:14.0025 1896 TBS - ok
09:14:14.0353 1896 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
09:14:14.0368 1896 Tcpip - ok
09:14:14.0384 1896 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
09:14:14.0400 1896 Tcpip6 - ok
09:14:14.0478 1896 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
09:14:14.0478 1896 tcpipreg - ok
09:14:14.0540 1896 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:14:14.0540 1896 TDPIPE - ok
09:14:14.0587 1896 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:14:14.0587 1896 TDTCP - ok
09:14:14.0634 1896 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:14:14.0634 1896 tdx - ok
09:14:14.0680 1896 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:14:14.0680 1896 TermDD - ok
09:14:14.0805 1896 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
09:14:14.0821 1896 TermService - ok
09:14:14.0930 1896 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
09:14:14.0930 1896 Themes - ok
09:14:14.0977 1896 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:14:14.0977 1896 THREADORDER - ok
09:14:15.0024 1896 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
09:14:15.0024 1896 TrkWks - ok
09:14:15.0133 1896 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
09:14:15.0133 1896 TrustedInstaller - ok
09:14:15.0195 1896 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:15.0195 1896 tssecsrv - ok
09:14:15.0226 1896 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:14:15.0226 1896 tunmp - ok
09:14:15.0273 1896 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
09:14:15.0273 1896 tunnel - ok
09:14:15.0445 1896 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
09:14:15.0445 1896 TVCapSvc - ok
09:14:15.0523 1896 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
09:14:15.0523 1896 TVSched - ok
09:14:15.0554 1896 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:14:15.0554 1896 uagp35 - ok
09:14:15.0694 1896 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:14:15.0694 1896 udfs - ok
09:14:15.0741 1896 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
09:14:15.0757 1896 UI0Detect - ok
09:14:15.0866 1896 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:14:15.0866 1896 uliagpkx - ok
09:14:15.0913 1896 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:14:15.0928 1896 uliahci - ok
09:14:15.0944 1896 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:14:15.0944 1896 UlSata - ok
09:14:16.0022 1896 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:14:16.0022 1896 ulsata2 - ok
09:14:16.0053 1896 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:14:16.0053 1896 umbus - ok
09:14:16.0131 1896 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
09:14:16.0147 1896 upnphost - ok
09:14:16.0272 1896 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:14:16.0272 1896 USBAAPL64 - ok
09:14:16.0318 1896 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:16.0318 1896 usbccgp - ok
09:14:16.0365 1896 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:14:16.0365 1896 usbcir - ok
09:14:16.0428 1896 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:14:16.0428 1896 usbehci - ok
09:14:16.0490 1896 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:14:16.0490 1896 usbhub - ok
09:14:16.0537 1896 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:14:16.0537 1896 usbohci - ok
09:14:16.0584 1896 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:14:16.0584 1896 usbprint - ok
09:14:16.0646 1896 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
09:14:16.0646 1896 usbscan - ok
09:14:16.0724 1896 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:16.0724 1896 USBSTOR - ok
09:14:16.0755 1896 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:14:16.0755 1896 usbuhci - ok
09:14:16.0786 1896 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:14:16.0786 1896 usbvideo - ok
09:14:16.0833 1896 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
09:14:16.0833 1896 UxSms - ok
09:14:16.0958 1896 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
09:14:16.0958 1896 vds - ok
09:14:17.0020 1896 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:17.0020 1896 vga - ok
09:14:17.0067 1896 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:14:17.0067 1896 VgaSave - ok
09:14:17.0130 1896 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
09:14:17.0130 1896 viaide - ok
09:14:17.0176 1896 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:14:17.0176 1896 volmgr - ok
09:14:17.0270 1896 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:14:17.0270 1896 volmgrx - ok
09:14:17.0317 1896 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:14:17.0332 1896 volsnap - ok
09:14:17.0410 1896 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:14:17.0410 1896 vsmraid - ok
09:14:17.0722 1896 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
09:14:17.0738 1896 VSS - ok
09:14:17.0863 1896 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
09:14:17.0863 1896 W32Time - ok
09:14:17.0988 1896 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:14:17.0988 1896 WacomPen - ok
09:14:18.0050 1896 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:18.0050 1896 Wanarp - ok
09:14:18.0066 1896 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:18.0066 1896 Wanarpv6 - ok
09:14:18.0190 1896 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
09:14:18.0190 1896 wcncsvc - ok
09:14:18.0222 1896 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
09:14:18.0237 1896 WcsPlugInService - ok
09:14:18.0300 1896 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:14:18.0300 1896 Wd - ok
09:14:18.0471 1896 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:14:18.0518 1896 Wdf01000 - ok
09:14:18.0549 1896 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:14:18.0549 1896 WdiServiceHost - ok
09:14:18.0549 1896 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:14:18.0565 1896 WdiSystemHost - ok
09:14:18.0658 1896 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
09:14:18.0674 1896 WebClient - ok
09:14:18.0736 1896 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
09:14:18.0736 1896 Wecsvc - ok
09:14:18.0783 1896 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
09:14:18.0783 1896 wercplsupport - ok
09:14:18.0814 1896 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
09:14:18.0814 1896 WerSvc - ok
09:14:18.0846 1896 WinDefend - ok
09:14:18.0846 1896 WinHttpAutoProxySvc - ok
09:14:18.0986 1896 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
09:14:18.0986 1896 Winmgmt - ok
09:14:19.0314 1896 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
09:14:19.0329 1896 WinRM - ok
09:14:19.0392 1896 WinVNC4 - ok
09:14:19.0657 1896 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
09:14:19.0672 1896 Wlansvc - ok
09:14:20.0172 1896 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:14:20.0328 1896 wlidsvc - ok
09:14:20.0562 1896 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:14:20.0562 1896 WmiAcpi - ok
09:14:20.0671 1896 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
09:14:20.0671 1896 wmiApSrv - ok
09:14:20.0764 1896 WMPNetworkSvc - ok
09:14:20.0842 1896 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
09:14:20.0858 1896 WPCSvc - ok
09:14:20.0920 1896 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
09:14:20.0920 1896 WPDBusEnum - ok
09:14:20.0983 1896 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:14:20.0983 1896 WpdUsb - ok
09:14:21.0388 1896 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:14:21.0388 1896 WPFFontCache_v0400 - ok
09:14:21.0420 1896 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:14:21.0420 1896 ws2ifsl - ok
09:14:21.0466 1896 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
09:14:21.0482 1896 wscsvc - ok
09:14:21.0482 1896 WSearch - ok
09:14:21.0872 1896 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
09:14:21.0888 1896 wuauserv - ok
09:14:22.0106 1896 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:22.0106 1896 WUDFRd - ok
09:14:22.0200 1896 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
09:14:22.0200 1896 wudfsvc - ok
09:14:22.0387 1896 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:14:22.0402 1896 YahooAUService - ok
09:14:22.0449 1896 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
09:14:22.0449 1896 yukonx64 - ok
09:14:22.0558 1896 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
09:14:22.0558 1896 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
09:14:22.0605 1896 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
09:14:22.0652 1896 \Device\Harddisk0\DR0 - ok
09:14:22.0683 1896 Boot (0x1200) (e68f655e11e37fbcf682881cca684263) \Device\Harddisk0\DR0\Partition0
09:14:22.0699 1896 \Device\Harddisk0\DR0\Partition0 - ok
09:14:22.0746 1896 Boot (0x1200) (aebbaebb77f0f5c954ee491b6f24b82c) \Device\Harddisk0\DR0\Partition1
09:14:22.0746 1896 \Device\Harddisk0\DR0\Partition1 - ok
09:14:22.0746 1896 ============================================================
09:14:22.0746 1896 Scan finished
09:14:22.0746 1896 ============================================================
09:14:22.0761 1804 Detected object count: 1
09:14:22.0761 1804 Actual detected object count: 1
09:14:29.0204 1804 mfeavfk01 ( HiddenService.Multi.Generic ) - skipped by user
09:14:29.0204 1804 mfeavfk01 ( HiddenService.Multi.Generic ) - User select action: Skip
----

----
08:44:42.0801 1492 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
08:44:43.0425 1492 ============================================================
08:44:43.0425 1492 Current date / time: 2012/05/11 08:44:43.0425
08:44:43.0425 1492 SystemInfo:
08:44:43.0425 1492
08:44:43.0425 1492 OS Version: 6.0.6002 ServicePack: 2.0
08:44:43.0425 1492 Product type: Workstation
08:44:43.0425 1492 ComputerName: EDEE-PC
08:44:43.0425 1492 UserName: Edee
08:44:43.0425 1492 Windows directory: C:\Windows
08:44:43.0425 1492 System windows directory: C:\Windows
08:44:43.0425 1492 Running under WOW64
08:44:43.0425 1492 Processor architecture: Intel x64
08:44:43.0425 1492 Number of processors: 2
08:44:43.0425 1492 Page size: 0x1000
08:44:43.0425 1492 Boot type: Safe boot with network
08:44:43.0425 1492 ============================================================
08:44:43.0909 1492 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:44:43.0909 1492 ============================================================
08:44:43.0909 1492 \Device\Harddisk0\DR0:
08:44:43.0909 1492 MBR partitions:
08:44:43.0909 1492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B05800
08:44:43.0909 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B06000, BlocksNum 0x1927000
08:44:43.0909 1492 ============================================================
08:44:43.0924 1492 C: <-> \Device\Harddisk0\DR0\Partition0
08:44:43.0971 1492 D: <-> \Device\Harddisk0\DR0\Partition1
08:44:43.0971 1492 ============================================================
08:44:43.0971 1492 Initialize success
08:44:43.0971 1492 ============================================================
08:44:48.0682 1644 ============================================================
08:44:48.0682 1644 Scan started
08:44:48.0682 1644 Mode: Manual;
08:44:48.0682 1644 ============================================================
08:44:49.0197 1644 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:44:49.0197 1644 Accelerometer - ok
08:44:49.0244 1644 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
08:44:49.0260 1644 ACPI - ok
08:44:49.0353 1644 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:44:49.0353 1644 adp94xx - ok
08:44:49.0400 1644 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:44:49.0400 1644 adpahci - ok
08:44:49.0416 1644 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:44:49.0431 1644 adpu160m - ok
08:44:49.0478 1644 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:44:49.0494 1644 adpu320 - ok
08:44:49.0540 1644 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
08:44:49.0540 1644 AeLookupSvc - ok
08:44:49.0681 1644 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
08:44:49.0681 1644 Afc - ok
08:44:49.0759 1644 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
08:44:49.0759 1644 AFD - ok
08:44:49.0821 1644 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
08:44:49.0821 1644 AgereModemAudio - ok
08:44:49.0899 1644 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
08:44:49.0915 1644 AgereSoftModem - ok
08:44:50.0055 1644 Agile1Password (440da273c170c984b63edaad08e5dbc3) C:\Program Files (x86)\1Password\Agile1pService.exe
08:44:50.0055 1644 Agile1Password - ok
08:44:50.0180 1644 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:44:50.0180 1644 agp440 - ok
08:44:50.0227 1644 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:44:50.0227 1644 aic78xx - ok
08:44:50.0258 1644 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
08:44:50.0258 1644 ALG - ok
08:44:50.0305 1644 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
08:44:50.0305 1644 aliide - ok
08:44:50.0320 1644 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
08:44:50.0320 1644 amdide - ok
08:44:50.0352 1644 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
08:44:50.0352 1644 AmdK8 - ok
08:44:50.0398 1644 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
08:44:50.0414 1644 Appinfo - ok
08:44:50.0508 1644 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:44:50.0523 1644 Apple Mobile Device - ok
08:44:50.0539 1644 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:44:50.0539 1644 arc - ok
08:44:50.0586 1644 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:44:50.0586 1644 arcsas - ok
08:44:50.0632 1644 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:44:50.0632 1644 AsyncMac - ok
08:44:50.0664 1644 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
08:44:50.0679 1644 atapi - ok
08:44:50.0757 1644 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:44:50.0757 1644 AudioEndpointBuilder - ok
08:44:50.0757 1644 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:44:50.0757 1644 AudioSrv - ok
08:44:50.0960 1644 BCM43XX (eef98ddd0fc6a5da452eb8120d57ce44) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:44:50.0976 1644 BCM43XX - ok
08:44:51.0100 1644 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
08:44:51.0116 1644 BFE - ok
08:44:51.0210 1644 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
08:44:51.0319 1644 BITS - ok
08:44:51.0350 1644 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:44:51.0350 1644 blbdrive - ok
08:44:51.0459 1644 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:44:51.0459 1644 Bonjour Service - ok
08:44:51.0506 1644 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
08:44:51.0506 1644 bowser - ok
08:44:51.0553 1644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:44:51.0553 1644 BrFiltLo - ok
08:44:51.0568 1644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:44:51.0568 1644 BrFiltUp - ok
08:44:51.0615 1644 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
08:44:51.0615 1644 Browser - ok
08:44:51.0646 1644 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:44:51.0662 1644 Brserid - ok
08:44:51.0662 1644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:44:51.0678 1644 BrSerWdm - ok
08:44:51.0693 1644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:44:51.0693 1644 BrUsbMdm - ok
08:44:51.0709 1644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:44:51.0709 1644 BrUsbSer - ok
08:44:51.0740 1644 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:44:51.0740 1644 BTHMODEM - ok
08:44:51.0771 1644 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:44:51.0771 1644 cdfs - ok
08:44:51.0802 1644 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
08:44:51.0818 1644 cdrom - ok
08:44:51.0865 1644 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:44:51.0865 1644 CertPropSvc - ok
08:44:51.0880 1644 cfwids - ok
08:44:51.0927 1644 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
08:44:51.0927 1644 circlass - ok
08:44:51.0974 1644 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
08:44:51.0974 1644 CLFS - ok
08:44:52.0036 1644 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:44:52.0052 1644 clr_optimization_v2.0.50727_32 - ok
08:44:52.0083 1644 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:44:52.0099 1644 clr_optimization_v2.0.50727_64 - ok
08:44:52.0192 1644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:44:52.0224 1644 clr_optimization_v4.0.30319_32 - ok
08:44:52.0255 1644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:44:52.0270 1644 clr_optimization_v4.0.30319_64 - ok
08:44:52.0302 1644 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
08:44:52.0317 1644 CmBatt - ok
08:44:52.0333 1644 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
08:44:52.0333 1644 cmdide - ok
08:44:52.0426 1644 Com4QLBEx (12e94e225bd7b05a2bccd5c0b841e921) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:44:52.0442 1644 Com4QLBEx - ok
08:44:52.0442 1644 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
08:44:52.0442 1644 Compbatt - ok
08:44:52.0458 1644 COMSysApp - ok
08:44:52.0458 1644 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:44:52.0458 1644 crcdisk - ok
08:44:52.0551 1644 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
08:44:52.0551 1644 CryptSvc - ok
08:44:52.0629 1644 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:44:52.0645 1644 DcomLaunch - ok
08:44:52.0692 1644 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
08:44:52.0692 1644 DfsC - ok
08:44:52.0910 1644 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
08:44:53.0019 1644 DFSR - ok
08:44:53.0144 1644 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
08:44:53.0144 1644 Dhcp - ok
08:44:53.0206 1644 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
08:44:53.0206 1644 disk - ok
08:44:53.0253 1644 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
08:44:53.0253 1644 Dnscache - ok
08:44:53.0331 1644 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
08:44:53.0331 1644 dot3svc - ok
08:44:53.0394 1644 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
08:44:53.0394 1644 Dot4 - ok
08:44:53.0409 1644 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:44:53.0409 1644 Dot4Print - ok
08:44:53.0425 1644 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
08:44:53.0425 1644 dot4usb - ok
08:44:53.0456 1644 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
08:44:53.0456 1644 DPS - ok
08:44:53.0503 1644 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
08:44:53.0503 1644 drmkaud - ok
08:44:53.0596 1644 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
08:44:53.0612 1644 DXGKrnl - ok
08:44:53.0643 1644 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:44:53.0643 1644 E1G60 - ok
08:44:53.0659 1644 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
08:44:53.0659 1644 EapHost - ok
08:44:53.0706 1644 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
08:44:53.0706 1644 Ecache - ok
08:44:53.0752 1644 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
08:44:53.0752 1644 ehRecvr - ok
08:44:53.0768 1644 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
08:44:53.0768 1644 ehSched - ok
08:44:53.0830 1644 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
08:44:53.0830 1644 ehstart - ok
08:44:53.0877 1644 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:44:53.0877 1644 elxstor - ok
08:44:53.0924 1644 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
08:44:53.0940 1644 EMDMgmt - ok
08:44:53.0971 1644 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
08:44:53.0971 1644 enecir - ok
08:44:54.0002 1644 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
08:44:54.0002 1644 ErrDev - ok
08:44:54.0049 1644 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
08:44:54.0064 1644 EventSystem - ok
08:44:54.0096 1644 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
08:44:54.0111 1644 exfat - ok
08:44:54.0127 1644 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
08:44:54.0127 1644 fastfat - ok
08:44:54.0189 1644 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:44:54.0189 1644 fdc - ok
08:44:54.0205 1644 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
08:44:54.0205 1644 fdPHost - ok
08:44:54.0205 1644 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
08:44:54.0205 1644 FDResPub - ok
08:44:54.0236 1644 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:44:54.0236 1644 FileInfo - ok
08:44:54.0236 1644 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:44:54.0252 1644 Filetrace - ok
08:44:54.0252 1644 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:44:54.0267 1644 flpydisk - ok
08:44:54.0314 1644 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
08:44:54.0314 1644 FltMgr - ok
08:44:54.0439 1644 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
08:44:54.0454 1644 FontCache - ok
08:44:54.0501 1644 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:44:54.0501 1644 FontCache3.0.0.0 - ok
08:44:54.0579 1644 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
08:44:54.0579 1644 fssfltr - ok
08:44:54.0720 1644 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:44:54.0735 1644 fsssvc - ok
08:44:54.0782 1644 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
08:44:54.0782 1644 Fs_Rec - ok
08:44:54.0813 1644 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:44:54.0829 1644 gagp30kx - ok
08:44:54.0844 1644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:44:54.0844 1644 GEARAspiWDM - ok
08:44:54.0922 1644 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
08:44:54.0922 1644 gpsvc - ok
08:44:55.0000 1644 GT72NDISIPXP (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
08:44:55.0000 1644 GT72NDISIPXP - ok
08:44:55.0032 1644 GT72UBUS (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
08:44:55.0032 1644 GT72UBUS - ok
08:44:55.0047 1644 GTPTSER (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
08:44:55.0063 1644 GTPTSER - ok
08:44:55.0188 1644 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:44:55.0188 1644 gupdate - ok
08:44:55.0219 1644 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:44:55.0219 1644 gupdatem - ok
08:44:55.0266 1644 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:44:55.0266 1644 gusvc - ok
08:44:55.0312 1644 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
08:44:55.0328 1644 HdAudAddService - ok
08:44:55.0390 1644 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:44:55.0406 1644 HDAudBus - ok
08:44:55.0422 1644 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:44:55.0437 1644 HidBth - ok
08:44:55.0453 1644 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
08:44:55.0453 1644 HidIr - ok
08:44:55.0500 1644 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
08:44:55.0500 1644 hidserv - ok
08:44:55.0531 1644 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
08:44:55.0531 1644 HidUsb - ok
08:44:55.0546 1644 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
08:44:55.0546 1644 hkmsvc - ok
08:44:55.0640 1644 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
08:44:55.0640 1644 HP Health Check Service - ok
08:44:55.0687 1644 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:44:55.0687 1644 HpCISSs - ok
08:44:55.0702 1644 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:44:55.0702 1644 hpdskflt - ok
08:44:55.0843 1644 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
08:44:55.0843 1644 hpqcxs08 - ok
08:44:55.0874 1644 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
08:44:55.0874 1644 hpqddsvc - ok
08:44:55.0890 1644 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:44:55.0890 1644 HpqKbFiltr - ok
08:44:55.0968 1644 hpqwmiex (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:44:55.0983 1644 hpqwmiex - ok
08:44:55.0999 1644 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
08:44:55.0999 1644 hpsrv - ok
08:44:56.0077 1644 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
08:44:56.0077 1644 HTTP - ok
08:44:56.0108 1644 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:44:56.0108 1644 i2omp - ok
08:44:56.0155 1644 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:44:56.0155 1644 i8042prt - ok
08:44:56.0186 1644 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:44:56.0186 1644 iaStorV - ok
08:44:56.0280 1644 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:44:56.0280 1644 IDriverT - ok
08:44:56.0389 1644 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:44:56.0404 1644 idsvc - ok
08:44:56.0826 1644 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:44:57.0013 1644 igfx - ok
08:44:57.0091 1644 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:44:57.0091 1644 iirsp - ok
08:44:57.0153 1644 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
08:44:57.0153 1644 IKEEXT - ok
08:44:57.0184 1644 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
08:44:57.0184 1644 IntcHdmiAddService - ok
08:44:57.0231 1644 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
08:44:57.0231 1644 intelide - ok
08:44:57.0247 1644 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:44:57.0247 1644 intelppm - ok
08:44:57.0262 1644 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
08:44:57.0262 1644 IPBusEnum - ok
08:44:57.0325 1644 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:44:57.0325 1644 IpFilterDriver - ok
08:44:57.0372 1644 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
08:44:57.0372 1644 iphlpsvc - ok
08:44:57.0372 1644 IpInIp - ok
08:44:57.0418 1644 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:44:57.0418 1644 IPMIDRV - ok
08:44:57.0434 1644 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:44:57.0434 1644 IPNAT - ok
08:44:57.0543 1644 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:44:57.0559 1644 iPod Service - ok
08:44:57.0574 1644 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:44:57.0574 1644 IRENUM - ok
08:44:57.0621 1644 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:44:57.0621 1644 isapnp - ok
08:44:57.0668 1644 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
08:44:57.0684 1644 iScsiPrt - ok
08:44:57.0715 1644 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:44:57.0730 1644 iteatapi - ok
08:44:57.0746 1644 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:44:57.0746 1644 iteraid - ok
08:44:57.0762 1644 KAPFA - ok
08:44:57.0793 1644 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:44:57.0793 1644 kbdclass - ok
08:44:57.0808 1644 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
08:44:57.0808 1644 kbdhid - ok
08:44:57.0840 1644 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:44:57.0840 1644 KeyIso - ok
08:44:57.0886 1644 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
08:44:57.0886 1644 KSecDD - ok
08:44:57.0949 1644 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:44:57.0949 1644 ksthunk - ok
08:44:58.0011 1644 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
08:44:58.0011 1644 KtmRm - ok
08:44:58.0058 1644 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
08:44:58.0074 1644 LanmanServer - ok
08:44:58.0105 1644 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
08:44:58.0120 1644 LanmanWorkstation - ok
08:44:58.0198 1644 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:44:58.0198 1644 LightScribeService - ok
08:44:58.0214 1644 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:44:58.0214 1644 lltdio - ok
08:44:58.0245 1644 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
08:44:58.0245 1644 lltdsvc - ok
08:44:58.0261 1644 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
08:44:58.0261 1644 lmhosts - ok
08:44:58.0292 1644 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:44:58.0292 1644 LSI_FC - ok
08:44:58.0308 1644 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:44:58.0308 1644 LSI_SAS - ok
08:44:58.0339 1644 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:44:58.0339 1644 LSI_SCSI - ok
08:44:58.0370 1644 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:44:58.0386 1644 luafv - ok
08:44:58.0417 1644 McAfee SiteAdvisor Service - ok
08:44:58.0448 1644 McComponentHostService - ok
08:44:58.0526 1644 McMPFSvc - ok
08:44:58.0542 1644 mcmscsvc - ok
08:44:58.0557 1644 McNaiAnn - ok
08:44:58.0557 1644 McNASvc - ok
08:44:58.0573 1644 McODS - ok
08:44:58.0588 1644 McProxy - ok
08:44:58.0620 1644 McShield - ok
08:44:58.0651 1644 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
08:44:58.0651 1644 Mcx2Svc - ok
08:44:58.0698 1644 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:44:58.0698 1644 megasas - ok
08:44:58.0760 1644 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:44:58.0776 1644 MegaSR - ok
08:44:58.0791 1644 mfeapfk - ok
08:44:58.0791 1644 mfeavfk - ok
08:44:58.0791 1644 Suspicious service (Hidden): mfeavfk01
08:44:58.0807 1644 mfeavfk01 ( HiddenService.Multi.Generic ) - warning
08:44:58.0807 1644 mfeavfk01 - detected HiddenService.Multi.Generic (1)
08:44:58.0822 1644 mfefire - ok
08:44:58.0822 1644 mfefirek - ok
08:44:58.0822 1644 mfehidk - ok
08:44:58.0838 1644 mfenlfk - ok
08:44:58.0838 1644 mferkdet - ok
08:44:58.0838 1644 mfevtp - ok
08:44:58.0869 1644 mfewfpk - ok
08:44:58.0900 1644 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:44:58.0900 1644 MMCSS - ok
08:44:58.0900 1644 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:44:58.0900 1644 Modem - ok
08:44:58.0963 1644 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:44:58.0963 1644 monitor - ok
08:44:58.0978 1644 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:44:58.0978 1644 mouclass - ok
08:44:59.0010 1644 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:44:59.0010 1644 mouhid - ok
08:44:59.0010 1644 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:44:59.0010 1644 MountMgr - ok
08:44:59.0056 1644 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:44:59.0056 1644 mpio - ok
08:44:59.0072 1644 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:44:59.0072 1644 mpsdrv - ok
08:44:59.0134 1644 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
08:44:59.0134 1644 MpsSvc - ok
08:44:59.0150 1644 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:44:59.0166 1644 Mraid35x - ok
08:44:59.0197 1644 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
08:44:59.0212 1644 MRxDAV - ok
08:44:59.0228 1644 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:44:59.0228 1644 mrxsmb - ok
08:44:59.0275 1644 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:44:59.0275 1644 mrxsmb10 - ok
08:44:59.0290 1644 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:44:59.0290 1644 mrxsmb20 - ok
08:44:59.0322 1644 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
08:44:59.0322 1644 msahci - ok
08:44:59.0353 1644 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:44:59.0353 1644 msdsm - ok
08:44:59.0368 1644 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
08:44:59.0384 1644 MSDTC - ok
08:44:59.0431 1644 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:44:59.0431 1644 Msfs - ok
08:44:59.0478 1644 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:44:59.0478 1644 msisadrv - ok
08:44:59.0509 1644 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
08:44:59.0524 1644 MSiSCSI - ok
08:44:59.0524 1644 msiserver - ok
08:44:59.0556 1644 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:44:59.0556 1644 MSKSSRV - ok
08:44:59.0571 1644 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:44:59.0571 1644 MSPCLOCK - ok
08:44:59.0587 1644 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:44:59.0587 1644 MSPQM - ok
08:44:59.0634 1644 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
08:44:59.0634 1644 MsRPC - ok
08:44:59.0649 1644 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:44:59.0649 1644 mssmbios - ok
08:44:59.0696 1644 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:44:59.0696 1644 MSTEE - ok
08:44:59.0712 1644 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
08:44:59.0727 1644 Mup - ok
08:44:59.0774 1644 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
08:44:59.0774 1644 napagent - ok
08:44:59.0836 1644 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
08:44:59.0836 1644 NativeWifiP - ok
08:44:59.0914 1644 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
08:44:59.0914 1644 NDIS - ok
08:44:59.0946 1644 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:44:59.0946 1644 NdisTapi - ok
08:44:59.0961 1644 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:44:59.0961 1644 Ndisuio - ok
08:45:00.0008 1644 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
08:45:00.0008 1644 NdisWan - ok
08:45:00.0024 1644 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:45:00.0024 1644 NDProxy - ok
08:45:00.0070 1644 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
08:45:00.0070 1644 Net Driver HPZ12 - ok
08:45:00.0086 1644 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:45:00.0086 1644 NetBIOS - ok
08:45:00.0133 1644 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
08:45:00.0133 1644 netbt - ok
08:45:00.0164 1644 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:45:00.0164 1644 Netlogon - ok
08:45:00.0195 1644 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
08:45:00.0211 1644 Netman - ok
08:45:00.0226 1644 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
08:45:00.0242 1644 netprofm - ok
08:45:00.0304 1644 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:00.0304 1644 NetTcpPortSharing - ok
08:45:00.0507 1644 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
08:45:00.0601 1644 NETw3v64 - ok
08:45:00.0741 1644 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:45:00.0741 1644 nfrd960 - ok
08:45:00.0772 1644 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
08:45:00.0772 1644 NlaSvc - ok
08:45:00.0804 1644 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
08:45:00.0804 1644 Npfs - ok
08:45:00.0835 1644 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
08:45:00.0835 1644 nsi - ok
08:45:00.0850 1644 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:45:00.0850 1644 nsiproxy - ok
08:45:00.0960 1644 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
08:45:00.0991 1644 Ntfs - ok
08:45:01.0069 1644 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:45:01.0069 1644 NuidFltr - ok
08:45:01.0100 1644 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:45:01.0100 1644 Null - ok
08:45:01.0100 1644 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:45:01.0100 1644 nvraid - ok
08:45:01.0116 1644 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:45:01.0116 1644 nvstor - ok
08:45:01.0147 1644 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:45:01.0162 1644 nv_agp - ok
08:45:01.0162 1644 NwlnkFlt - ok
08:45:01.0178 1644 NwlnkFwd - ok
08:45:01.0272 1644 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:45:01.0287 1644 odserv - ok
08:45:01.0350 1644 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
08:45:01.0350 1644 ohci1394 - ok
08:45:01.0396 1644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:45:01.0396 1644 ose - ok
08:45:01.0490 1644 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:45:01.0490 1644 p2pimsvc - ok
08:45:01.0506 1644 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:45:01.0506 1644 p2psvc - ok
08:45:01.0537 1644 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
08:45:01.0537 1644 Parport - ok
08:45:01.0568 1644 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
08:45:01.0568 1644 partmgr - ok
08:45:01.0584 1644 PCASp50a64 - ok
08:45:01.0630 1644 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
08:45:01.0630 1644 PcaSvc - ok
08:45:01.0677 1644 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
08:45:01.0677 1644 pci - ok
08:45:01.0708 1644 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
08:45:01.0708 1644 pciide - ok
08:45:01.0740 1644 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:45:01.0740 1644 pcmcia - ok
08:45:01.0740 1644 PCTINDIS5X64 - ok
08:45:01.0786 1644 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:45:01.0818 1644 PEAUTH - ok
08:45:01.0864 1644 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
08:45:01.0880 1644 PerfHost - ok
08:45:02.0005 1644 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
08:45:02.0020 1644 pla - ok
08:45:02.0067 1644 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
08:45:02.0083 1644 PlugPlay - ok
08:45:02.0114 1644 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
08:45:02.0114 1644 Pml Driver HPZ12 - ok
08:45:02.0192 1644 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:45:02.0192 1644 PNRPAutoReg - ok
08:45:02.0208 1644 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:45:02.0208 1644 PNRPsvc - ok
08:45:02.0270 1644 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
08:45:02.0286 1644 PolicyAgent - ok
08:45:02.0348 1644 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
08:45:02.0348 1644 PptpMiniport - ok
08:45:02.0379 1644 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:45:02.0379 1644 Processor - ok
08:45:02.0426 1644 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
08:45:02.0426 1644 ProfSvc - ok
08:45:02.0457 1644 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:45:02.0457 1644 ProtectedStorage - ok
08:45:02.0488 1644 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
08:45:02.0488 1644 PSched - ok
08:45:02.0566 1644 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:45:02.0582 1644 ql2300 - ok
08:45:02.0598 1644 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:45:02.0598 1644 ql40xx - ok
08:45:02.0613 1644 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
08:45:02.0629 1644 QWAVE - ok
08:45:02.0644 1644 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:45:02.0644 1644 QWAVEdrv - ok
08:45:02.0660 1644 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:45:02.0660 1644 RasAcd - ok
08:45:02.0722 1644 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
08:45:02.0722 1644 RasAuto - ok
08:45:02.0769 1644 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:45:02.0769 1644 Rasl2tp - ok
08:45:02.0800 1644 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
08:45:02.0800 1644 RasMan - ok
08:45:02.0847 1644 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
08:45:02.0847 1644 RasPppoe - ok
08:45:02.0878 1644 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
08:45:02.0878 1644 RasSstp - ok
08:45:02.0925 1644 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
08:45:02.0925 1644 rdbss - ok
08:45:02.0956 1644 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:45:02.0956 1644 RDPCDD - ok
08:45:02.0988 1644 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
08:45:02.0988 1644 rdpdr - ok
08:45:02.0988 1644 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:45:02.0988 1644 RDPENCDD - ok
08:45:03.0019 1644 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
08:45:03.0034 1644 RDPWD - ok
08:45:03.0128 1644 Recovery Service for Windows (bc0a4d47472b042537f4e57b950415fa) C:\Program Files (x86)\SMINST\BLService.exe
08:45:03.0128 1644 Recovery Service for Windows - ok
08:45:03.0144 1644 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
08:45:03.0144 1644 RemoteAccess - ok
08:45:03.0206 1644 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
08:45:03.0206 1644 RemoteRegistry - ok
08:45:03.0268 1644 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:45:03.0268 1644 RichVideo - ok
08:45:03.0284 1644 RimUsb - ok
08:45:03.0315 1644 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:45:03.0315 1644 RimVSerPort - ok
08:45:03.0378 1644 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
08:45:03.0378 1644 ROOTMODEM - ok
08:45:03.0409 1644 RoxLiveShare9 - ok
08:45:03.0424 1644 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
08:45:03.0440 1644 RpcLocator - ok
08:45:03.0502 1644 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:45:03.0502 1644 RpcSs - ok
08:45:03.0534 1644 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:45:03.0534 1644 rspndr - ok
08:45:03.0596 1644 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:45:03.0596 1644 RTL8169 - ok
08:45:03.0627 1644 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
08:45:03.0627 1644 RTSTOR - ok
08:45:03.0658 1644 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:45:03.0658 1644 SamSs - ok
08:45:03.0674 1644 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:45:03.0674 1644 sbp2port - ok
08:45:03.0721 1644 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
08:45:03.0721 1644 SCardSvr - ok
08:45:03.0799 1644 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
08:45:03.0814 1644 Schedule - ok
08:45:03.0846 1644 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:45:03.0846 1644 SCPolicySvc - ok
08:45:03.0877 1644 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
08:45:03.0877 1644 sdbus - ok
08:45:03.0908 1644 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
08:45:03.0908 1644 SDRSVC - ok
08:45:03.0924 1644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:45:03.0924 1644 secdrv - ok
08:45:03.0939 1644 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
08:45:03.0939 1644 seclogon - ok
08:45:03.0955 1644 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
08:45:03.0955 1644 SENS - ok
08:45:03.0970 1644 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
08:45:03.0970 1644 Serenum - ok
08:45:04.0002 1644 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
08:45:04.0002 1644 Serial - ok
08:45:04.0017 1644 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:45:04.0017 1644 sermouse - ok
08:45:04.0048 1644 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
08:45:04.0048 1644 SessionEnv - ok
08:45:04.0064 1644 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:45:04.0080 1644 sffdisk - ok
08:45:04.0095 1644 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:45:04.0095 1644 sffp_mmc - ok
08:45:04.0126 1644 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:45:04.0126 1644 sffp_sd - ok
08:45:04.0158 1644 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
08:45:04.0158 1644 sfloppy - ok
08:45:04.0189 1644 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
08:45:04.0204 1644 SharedAccess - ok
08:45:04.0267 1644 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
08:45:04.0267 1644 ShellHWDetection - ok
08:45:04.0282 1644 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:45:04.0282 1644 SiSRaid2 - ok
08:45:04.0298 1644 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:45:04.0298 1644 SiSRaid4 - ok
08:45:04.0454 1644 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
08:45:04.0485 1644 slsvc - ok
08:45:04.0579 1644 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
08:45:04.0579 1644 SLUINotify - ok
08:45:04.0626 1644 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
08:45:04.0626 1644 Smb - ok
08:45:04.0704 1644 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
08:45:04.0704 1644 SNMPTRAP - ok
08:45:04.0750 1644 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
08:45:04.0750 1644 spldr - ok
08:45:04.0782 1644 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
08:45:04.0797 1644 Spooler - ok
08:45:04.0844 1644 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
08:45:04.0844 1644 srv - ok
08:45:04.0891 1644 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
08:45:04.0891 1644 srv2 - ok
08:45:04.0922 1644 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
08:45:04.0922 1644 srvnet - ok
08:45:04.0953 1644 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
08:45:04.0953 1644 SSDPSRV - ok
08:45:05.0016 1644 ssrangdr (9777aef5a3dc86b0825ac12de37f8e2e) C:\Windows\system32\DRIVERS\ssrangdr.sys
08:45:05.0016 1644 ssrangdr - ok
08:45:05.0062 1644 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
08:45:05.0062 1644 SstpSvc - ok
08:45:05.0172 1644 STacSV (72eb6157e892a674e47e08732bb5cce3) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
08:45:05.0187 1644 STacSV - ok
08:45:05.0250 1644 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys
08:45:05.0265 1644 STHDA - ok
08:45:05.0281 1644 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
08:45:05.0296 1644 StillCam - ok
08:45:05.0343 1644 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
08:45:05.0359 1644 stisvc - ok
08:45:05.0374 1644 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:45:05.0374 1644 swenum - ok
08:45:05.0421 1644 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
08:45:05.0421 1644 swmsflt - ok
08:45:05.0484 1644 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
08:45:05.0484 1644 swprv - ok
08:45:05.0499 1644 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:45:05.0499 1644 Symc8xx - ok
08:45:05.0515 1644 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:45:05.0515 1644 Sym_hi - ok
08:45:05.0530 1644 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:45:05.0530 1644 Sym_u3 - ok
08:45:05.0562 1644 SynTP (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys
08:45:05.0577 1644 SynTP - ok
08:45:05.0640 1644 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
08:45:05.0655 1644 SysMain - ok
08:45:05.0671 1644 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
08:45:05.0671 1644 TabletInputService - ok
08:45:05.0718 1644 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
08:45:05.0733 1644 TapiSrv - ok
08:45:05.0749 1644 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
08:45:05.0749 1644 TBS - ok
08:45:05.0874 1644 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
08:45:05.0889 1644 Tcpip - ok
08:45:05.0889 1644 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
08:45:05.0905 1644 Tcpip6 - ok
08:45:05.0936 1644 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
08:45:05.0936 1644 tcpipreg - ok
08:45:05.0967 1644 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:45:05.0967 1644 TDPIPE - ok
08:45:05.0983 1644 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:45:05.0998 1644 TDTCP - ok
08:45:06.0014 1644 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
08:45:06.0030 1644 tdx - ok
08:45:06.0061 1644 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
08:45:06.0061 1644 TermDD - ok
08:45:06.0123 1644 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
08:45:06.0139 1644 TermService - ok
08:45:06.0186 1644 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
08:45:06.0186 1644 Themes - ok
08:45:06.0201 1644 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:45:06.0201 1644 THREADORDER - ok
08:45:06.0232 1644 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
08:45:06.0248 1644 TrkWks - ok
08:45:06.0295 1644 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
08:45:06.0295 1644 TrustedInstaller - ok
08:45:06.0310 1644 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:45:06.0326 1644 tssecsrv - ok
08:45:06.0357 1644 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:45:06.0357 1644 tunmp - ok
08:45:06.0388 1644 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
08:45:06.0388 1644 tunnel - ok
08:45:06.0482 1644 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
08:45:06.0482 1644 TVCapSvc - ok
08:45:06.0498 1644 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
08:45:06.0498 1644 TVSched - ok
08:45:06.0529 1644 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:45:06.0529 1644 uagp35 - ok
08:45:06.0576 1644 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
08:45:06.0576 1644 udfs - ok
08:45:06.0622 1644 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
08:45:06.0622 1644 UI0Detect - ok
08:45:06.0654 1644 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:45:06.0654 1644 uliagpkx - ok
08:45:06.0685 1644 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:45:06.0685 1644 uliahci - ok
08:45:06.0700 1644 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:45:06.0716 1644 UlSata - ok
08:45:06.0732 1644 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:45:06.0732 1644 ulsata2 - ok
08:45:06.0747 1644 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:45:06.0747 1644 umbus - ok
08:45:06.0794 1644 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
08:45:06.0794 1644 upnphost - ok
08:45:06.0856 1644 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:45:06.0856 1644 USBAAPL64 - ok
08:45:06.0903 1644 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:45:06.0903 1644 usbccgp - ok
08:45:06.0934 1644 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:45:06.0950 1644 usbcir - ok
08:45:06.0966 1644 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
08:45:06.0966 1644 usbehci - ok
08:45:07.0012 1644 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
08:45:07.0028 1644 usbhub - ok
08:45:07.0044 1644 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
08:45:07.0044 1644 usbohci - ok
08:45:07.0075 1644 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
08:45:07.0075 1644 usbprint - ok
08:45:07.0137 1644 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
08:45:07.0137 1644 usbscan - ok
08:45:07.0168 1644 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:45:07.0168 1644 USBSTOR - ok
08:45:07.0200 1644 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
08:45:07.0200 1644 usbuhci - ok
08:45:07.0246 1644 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
08:45:07.0246 1644 usbvideo - ok
08:45:07.0293 1644 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
08:45:07.0293 1644 UxSms - ok
08:45:07.0340 1644 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
08:45:07.0356 1644 vds - ok
08:45:07.0371 1644 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:45:07.0371 1644 vga - ok
08:45:07.0402 1644 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:45:07.0402 1644 VgaSave - ok
08:45:07.0418 1644 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
08:45:07.0418 1644 viaide - ok
08:45:07.0449 1644 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
08:45:07.0449 1644 volmgr - ok
08:45:07.0496 1644 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
08:45:07.0512 1644 volmgrx - ok
08:45:07.0558 1644 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
08:45:07.0558 1644 volsnap - ok
08:45:07.0574 1644 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:45:07.0574 1644 vsmraid - ok
08:45:07.0668 1644 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
08:45:07.0699 1644 VSS - ok
08:45:07.0761 1644 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
08:45:07.0777 1644 W32Time - ok
08:45:07.0824 1644 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:45:07.0824 1644 WacomPen - ok
08:45:07.0870 1644 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:45:07.0870 1644 Wanarp - ok
08:45:07.0870 1644 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:45:07.0870 1644 Wanarpv6 - ok
08:45:07.0948 1644 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
08:45:07.0948 1644 wcncsvc - ok
08:45:07.0980 1644 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
08:45:07.0980 1644 WcsPlugInService - ok
08:45:07.0995 1644 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:45:08.0011 1644 Wd - ok
08:45:08.0058 1644 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
08:45:08.0058 1644 Wdf01000 - ok
08:45:08.0073 1644 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:45:08.0073 1644 WdiServiceHost - ok
08:45:08.0073 1644 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:45:08.0089 1644 WdiSystemHost - ok
08:45:08.0136 1644 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
08:45:08.0136 1644 WebClient - ok
08:45:08.0167 1644 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
08:45:08.0167 1644 Wecsvc - ok
08:45:08.0182 1644 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
08:45:08.0198 1644 wercplsupport - ok
08:45:08.0214 1644 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
08:45:08.0214 1644 WerSvc - ok
08:45:08.0229 1644 WinDefend - ok
08:45:08.0245 1644 WinHttpAutoProxySvc - ok
08:45:08.0307 1644 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
08:45:08.0307 1644 Winmgmt - ok
08:45:08.0432 1644 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
08:45:08.0463 1644 WinRM - ok
08:45:08.0510 1644 WinVNC4 - ok
08:45:08.0635 1644 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
08:45:08.0635 1644 Wlansvc - ok
08:45:08.0869 1644 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:45:08.0900 1644 wlidsvc - ok
08:45:08.0994 1644 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:45:08.0994 1644 WmiAcpi - ok
08:45:09.0056 1644 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
08:45:09.0056 1644 wmiApSrv - ok
08:45:09.0087 1644 WMPNetworkSvc - ok
08:45:09.0118 1644 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
08:45:09.0118 1644 WPCSvc - ok
08:45:09.0165 1644 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
08:45:09.0165 1644 WPDBusEnum - ok
08:45:09.0228 1644 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
08:45:09.0228 1644 WpdUsb - ok
08:45:09.0368 1644 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:45:09.0368 1644 WPFFontCache_v0400 - ok
08:45:09.0399 1644 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:45:09.0399 1644 ws2ifsl - ok
08:45:09.0446 1644 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
08:45:09.0446 1644 wscsvc - ok
08:45:09.0446 1644 WSearch - ok
08:45:09.0602 1644 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
08:45:09.0618 1644 wuauserv - ok
08:45:09.0727 1644 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:45:09.0727 1644 WUDFRd - ok
08:45:09.0758 1644 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
08:45:09.0758 1644 wudfsvc - ok
08:45:09.0883 1644 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:45:09.0898 1644 YahooAUService - ok
08:45:09.0930 1644 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
08:45:09.0945 1644 yukonx64 - ok
08:45:10.0008 1644 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
08:45:10.0008 1644 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
08:45:10.0054 1644 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
08:45:10.0086 1644 \Device\Harddisk0\DR0 - ok
08:45:10.0117 1644 Boot (0x1200) (e68f655e11e37fbcf682881cca684263) \Device\Harddisk0\DR0\Partition0
08:45:10.0117 1644 \Device\Harddisk0\DR0\Partition0 - ok
08:45:10.0148 1644 Boot (0x1200) (aebbaebb77f0f5c954ee491b6f24b82c) \Device\Harddisk0\DR0\Partition1
08:45:10.0148 1644 \Device\Harddisk0\DR0\Partition1 - ok
08:45:10.0148 1644 ============================================================
08:45:10.0148 1644 Scan finished
08:45:10.0148 1644 ============================================================
08:45:10.0164 0388 Detected object count: 1
08:45:10.0164 0388 Actual detected object count: 1
08:46:54.0496 0388 mfeavfk01 ( HiddenService.Multi.Generic ) - skipped by user
08:46:54.0496 0388 mfeavfk01 ( HiddenService.Multi.Generic ) - User select action: Skip
08:47:47.0536 1212 Deinitialize success
----

Attached Files

  • Attached File  MBR.zip   547bytes   0 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 11 May 2012 - 12:53 PM

C:\Windows\System32\Drivers\mfeavfk01.sys **HIDDEN**

This file is from the McAfee Firewall...

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

p.s. Run ComboFix in safe mode with internet connectivity.

#6 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 May 2012 - 01:28 PM

ComboFix does the restore point thing then prints "Completed Stage_1" and "Completed Stage_2" then there is a popup "Microsoft Windows" in the title bar with the message "pev.3XE has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." I did not go on to the other directions in your post and the poup message is still onscreen.

Rich

#7 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 May 2012 - 03:49 PM

I went ahead and closed the ComboFix pev.3XE popup and ran SecurityCheck. Output pasted below.

Thanks,
Rich

----
Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee AntiVirus Plus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#8 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 May 2012 - 10:35 PM

I'm up late in case you have any more suggestions tonight. Thanks for you help in any case.

Rich

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 12 May 2012 - 08:13 AM

You should execute the following when you have access to the internet in Normal mode.

Important security issue

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791

As indicated on the Microsoft page SP1 must be installed before proceeding to install SP2.
You will find the necessary link on the page.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java™ 6 Update 7


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Let me see the result of this scan.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#10 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 May 2012 - 10:06 AM

I cannot get to Normal mode. BSOD occurs just after the Welcome message, when the Desktop should appear. I will do updates as you suggest as soon as I can get to Normal mode.

ComboFix failed after stage 2 with the pev.3XE popup that I mentioned.

Below are the OTL scan results, done in Safe Mode since that's still all I can do.

Rich

----
OTL logfile created on: 5/12/2012 7:43:55 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Edee\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 82.68% Memory free
4.01 Gb Paging File | 3.46 Gb Available in Paging File | 86.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 173.41 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.73 Gb Free Space | 13.79% Space Free | Partition Type: NTFS

Computer Name: EDEE-PC | User Name: Edee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Edee\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe File not found
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe File not found
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe File not found
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe File not found
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Agile1Password) -- C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ssrangdr) -- C:\Windows\SysNative\DRIVERS\ssrangdr.sys (SupportSoft Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCYYYYYYYYUS&ptb=M54GBLJM7kvhk7COt8gk_A&psa=&ind=2010101515&ptnrS=ZCYYYYYYYYUS&si=&st=sb&n=77cfb70b&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Edee\AppData\LocalLow\ToolkitCMA\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://inc.mlxchange.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 74 1E 40 16 5D CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_enUS354
IE - HKCU\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Edee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Edee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Edee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Edee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Edee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/05/08 21:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2010/06/13 09:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edee\AppData\Roaming\mozilla\Extensions
[2012/01/05 23:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions
[2010/06/13 09:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 09:16:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/08 12:52:13 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\plugin@yontoo.com
[2011/11/25 20:27:07 | 000,000,558 | ---- | M] () -- C:\Users\Edee\AppData\Roaming\Mozilla\Firefox\Profiles\qdxej28e.default\searchplugins\bing.xml
[2010/11/16 17:09:36 | 000,010,025 | ---- | M] () -- C:\Users\Edee\AppData\Roaming\Mozilla\Firefox\Profiles\qdxej28e.default\searchplugins\mywebsearch.xml
[2012/01/27 13:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/19 13:05:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/27 15:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/08 21:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/10/06 18:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 18:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/03/08 12:51:56 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober8862323.xml

O1 HOSTS File: ([2012/05/08 21:50:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files (x86)\Object\bho_project.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: americashomerescue.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: americashomerescue.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bizsiteservice.com ([secure11] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cnn.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: doccentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: docusign.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([upload] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fanniemae.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fedex.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fedex.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([nnrmls] http in Trusted sites)
O15 - HKCU\..Trusted Domains: getmedianow.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([*.admin] * in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([admin] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlins.com ([tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([tm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([www.tm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([www.tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mckissock.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mlxchange.com ([inc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nnrmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rdesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: realtytools.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safemls.net ([idp.nnrmls] http in Trusted sites)
O15 - HKCU\..Trusted Domains: salesaspects.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: showingtime.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sitexdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sobamalibu.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: spellchecker.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: spokeo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tacforeclosures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma2.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: tourfactory.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: transactionpoint.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trpoint.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([aar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([gbr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: usbank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usbank.com ([www4] https in Trusted sites)
O15 - HKCU\..Trusted Domains: virtualearth.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloud.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloud.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloudvct.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: washoecounty.us ([icris] http in Trusted sites)
O15 - HKCU\..Trusted Domains: xmlsweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([messenger] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} http://nnrmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab (PrintPreview Class)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://dem.mlxchange.com/5.0.08.4151/Control/FileCruiser.cab (FileCruiser Class)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://dem.mlxchange.com/5.0.08.4151/Control/Specfile.cab (Specfile Control)
O16 - DPF: {17176F8B-9599-4E68-96A8-6163E91FA4E1} http://tourfactory.com/ActiveX/OutlookTF.CAB (OutlookTF.ClientMSG)
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} http://www.toolkitcma.com/tkweb/tkweb.cab (Tkweb Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://inc.mlxchange.com/5.0.08.4151/Control/MLSClientUtils.cab (MLS Client Utils)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://dem.mlxchange.com/5.0.08.4151/Control/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://dem.mlxchange.com/5.0.08.4151/Control/IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://inc.mlxchange.com/5.1.01.7036/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://inc.mlxchange.com/5.0.08.4151/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CB166B52-6741-412A-AF4C-FE59A35F5001} http://tourfactory.com/Inventory/UploadWizard/UploadWizard.CAB (UploadWizard.VirtualTour)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://dem.mlxchange.com/5.0.08.4151/Control/AspCustomCtrls.cab (DropList Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F6C25F1-AE2F-4F33-AB31-025DA233D46F}: DhcpNameServer = 192.168.0.99
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Edee\Pictures\photo[1].JPG
O24 - Desktop BackupWallPaper: C:\Users\Edee\Pictures\photo[1].JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 07:40:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Edee\Desktop\OTL.exe
[2012/05/11 11:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 11:25:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/11 11:24:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/11 11:23:56 | 004,490,638 | R--- | C] (Swearware) -- C:\Users\Edee\Desktop\ComboFix.exe
[2012/05/11 08:52:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Edee\Desktop\aswMBR.exe
[2012/05/11 08:44:37 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edee\Desktop\TDSSKiller.exe
[2012/05/11 08:44:14 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edee\TDSSKiller.exe
[2012/05/08 22:42:33 | 000,315,392 | ---- | C] (Simon Tatham) -- C:\pscp.exe
[2012/05/08 22:41:29 | 000,315,392 | ---- | C] (Simon Tatham) -- C:\Users\Edee\Desktop\pscp.exe
[2012/05/08 22:31:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Edee\Desktop\dds.scr
[2012/05/08 22:10:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/08 21:50:37 | 000,000,000 | ---D | C] -- C:\Users\Edee\AppData\Local\temp
[2012/05/08 21:03:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 21:03:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 21:03:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/08 20:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/04/24 05:51:54 | 000,000,000 | ---D | C] -- C:\Users\Edee\AppData\Local\Temp(122)
[2012/04/24 05:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\Edee\Documents\2011-10-22 2011 Panama Canal Cruise and WDW
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 07:42:26 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 07:42:26 | 000,606,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 07:42:26 | 000,104,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/12 07:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Edee\Desktop\OTL.exe
[2012/05/12 07:38:18 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/05/12 07:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/12 07:38:02 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2012/05/12 07:36:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 13:48:09 | 000,000,600 | ---- | M] () -- C:\Users\Edee\AppData\Local\PUTTY.RND
[2012/05/11 13:45:05 | 000,879,714 | ---- | M] () -- C:\Users\Edee\Desktop\SecurityCheck.exe
[2012/05/11 11:23:56 | 004,490,638 | R--- | M] (Swearware) -- C:\Users\Edee\Desktop\ComboFix.exe
[2012/05/11 09:12:02 | 000,000,547 | ---- | M] () -- C:\Users\Edee\Desktop\MBR.zip
[2012/05/11 09:04:58 | 000,000,512 | ---- | M] () -- C:\Users\Edee\Desktop\MBR.dat
[2012/05/11 08:52:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Edee\Desktop\aswMBR.exe
[2012/05/11 08:44:15 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edee\TDSSKiller.exe
[2012/05/11 08:44:15 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edee\Desktop\TDSSKiller.exe
[2012/05/11 08:42:13 | 002,055,783 | ---- | M] () -- C:\Users\Edee\tdsskiller.zip
[2012/05/11 08:40:42 | 002,055,783 | ---- | M] () -- C:\Users\Edee\Desktop\tdsskiller.zip
[2012/05/08 22:41:32 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\Users\Edee\Desktop\pscp.exe
[2012/05/08 22:41:32 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\pscp.exe
[2012/05/08 22:40:30 | 000,000,732 | ---- | M] () -- C:\Users\Edee\AppData\Local\d3d9caps64.dat
[2012/05/08 22:31:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Edee\Desktop\dds.scr
[2012/05/08 21:50:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/08 20:20:49 | 000,006,756 | ---- | M] () -- C:\Users\Edee\AppData\Local\d3d9caps.dat
[2012/05/08 20:20:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 19:13:43 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{526342F3-8E9D-4B0F-86AC-4DBED001B3F9}.job
[2012/04/14 09:35:23 | 000,000,195 | ---- | M] () -- C:\Users\Edee\Desktop\PDF Converter.url
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 13:44:57 | 000,879,714 | ---- | C] () -- C:\Users\Edee\Desktop\SecurityCheck.exe
[2012/05/11 11:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 11:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 11:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 09:12:02 | 000,000,547 | ---- | C] () -- C:\Users\Edee\Desktop\MBR.zip
[2012/05/11 09:04:58 | 000,000,512 | ---- | C] () -- C:\Users\Edee\Desktop\MBR.dat
[2012/05/11 08:42:05 | 002,055,783 | ---- | C] () -- C:\Users\Edee\tdsskiller.zip
[2012/05/11 08:40:42 | 002,055,783 | ---- | C] () -- C:\Users\Edee\Desktop\tdsskiller.zip
[2012/05/08 23:11:02 | 000,000,600 | ---- | C] () -- C:\Users\Edee\AppData\Local\PUTTY.RND
[2012/05/08 21:03:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 21:03:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/08 20:20:04 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 19:04:39 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys
[2012/04/24 01:10:26 | 000,000,732 | ---- | C] () -- C:\Users\Edee\AppData\Local\d3d9caps64.dat
[2011/12/03 21:30:43 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/12/03 12:14:21 | 000,000,000 | ---- | C] () -- C:\Users\Edee\AppData\Local\{ECE33D41-F67C-4E44-8BDC-04256849E90F}
[2011/11/28 00:11:27 | 000,148,960 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/11/28 00:11:02 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/09/28 12:15:01 | 000,012,969 | ---- | C] () -- C:\Users\Edee\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/09/28 12:05:04 | 000,038,431 | ---- | C] () -- C:\Users\Edee\AppData\Roaming\Comma Separated Values (DOS).ADR

========== LOP Check ==========

[2012/02/20 13:03:34 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Agile Web Solutions
[2011/12/03 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Canon
[2010/04/09 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 17:45:19 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Dropbox
[2010/02/28 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Facebook
[2011/11/28 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Image Zone Express
[2012/01/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Neat
[2012/01/05 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Nuance
[2011/11/27 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Printer Info Cache
[2009/10/10 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Sierra Wireless
[2009/07/15 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\SupportSoft
[2009/07/23 17:11:11 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Template
[2011/04/25 12:01:50 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\ToolkitCMA
[2011/03/08 12:54:55 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Uniblue
[2011/02/15 16:33:16 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\WeatherBug
[2012/04/02 08:24:56 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/08 19:13:43 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{526342F3-8E9D-4B0F-86AC-4DBED001B3F9}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/05/08 22:41:32 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\pscp.exe

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/05/08 22:29:18 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1237640583-1751890312-3189557689-1000\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/01/13 09:52:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2009/01/13 09:52:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/10 23:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/10 23:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 19:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 00:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\SysNative\autochk.exe
[2009/04/11 00:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 19:49:38 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/28 23:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 00:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 19:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/28 23:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 22:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 19:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 19:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/02/13 00:24:13 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 19:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/13 00:47:27 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 01:19:50 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2011/04/12 09:15:13 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2299078C1E59FE69ADDF49897D6A373A -- C:\Windows\SysNative\kernel32.dll
[2011/04/12 09:15:13 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2299078C1E59FE69ADDF49897D6A373A -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_f1a0c2e10be78eec\kernel32.dll
[2009/02/13 01:54:16 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2011/04/12 07:33:49 | 000,860,160 | ---- | M] (Microsoft Corporation) MD5=35FC1E7929DA4828B9CC73DC84B42E6F -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_fa6188305c690deb\kernel32.dll
[2009/02/13 00:16:20 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/13 00:25:34 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2011/04/12 08:14:49 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=6ADB508FEADBDEC41C194B4C03FA5201 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_efbd1caf0ec055f8\kernel32.dll
[2011/04/12 07:56:23 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=6EBBE14BE54877C386C63FFED52D391D -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_fa11c701432117f3\kernel32.dll
[2011/04/12 07:55:40 | 001,213,440 | ---- | M] (Microsoft Corporation) MD5=777DF7F47BEE82833E324F0EB18B7ED1 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_f00cddde28084bf0\kernel32.dll
[2008/01/20 19:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2011/04/12 09:11:05 | 000,859,648 | ---- | M] (Microsoft Corporation) MD5=7F4CAEAC24592FA9F574E1F8CD1D0604 -- C:\Windows\SysWOW64\kernel32.dll
[2011/04/12 09:11:05 | 000,859,648 | ---- | M] (Microsoft Corporation) MD5=7F4CAEAC24592FA9F574E1F8CD1D0604 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_fbf56d33404850e7\kernel32.dll
[2009/02/13 01:57:39 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/11 00:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/10 23:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2011/04/12 08:11:55 | 000,860,672 | ---- | M] (Microsoft Corporation) MD5=BBB3D68596C6B6E8A7ECAFDB2962E89B -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_fc90aa945959509a\kernel32.dll
[2009/02/13 01:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2011/04/12 08:22:51 | 001,211,904 | ---- | M] (Microsoft Corporation) MD5=F2338C94CDCD7AD28A14428D46A05D0B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_f23c004224f88e9f\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 00:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 00:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 19:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009/04/11 00:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SysNative\drivers\ndis.sys
[2009/04/11 00:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 00:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\SysNative\drivers\ntfs.sys
[2009/04/11 00:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 19:50:39 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 19:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 04:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\SysNative\proquota.exe
[2006/11/02 04:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 02:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 02:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/11 00:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SysNative\qmgr.dll
[2009/04/11 00:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 19:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 07:54:44 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=439017BE66398AB809D81B3AE8393883 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe
[2010/08/17 07:02:18 | 000,270,848 | ---- | M] (Microsoft Corporation) MD5=7F59AA690212241B398D6DBE4071EE3C -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe
[2010/08/17 07:04:48 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=92E6738D25C2123BE9515C0EAC0776CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe
[2008/01/20 19:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 00:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
[2010/08/17 07:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\SysNative\spoolsv.exe
[2010/08/17 07:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 00:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\SysNative\termsrv.dll
[2009/04/11 00:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 19:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< End of report >

----


----
OTL Extras logfile created on: 5/12/2012 7:43:55 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Edee\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 82.68% Memory free
4.01 Gb Paging File | 3.46 Gb Available in Paging File | 86.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 173.41 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.73 Gb Free Space | 13.79% Space Free | Partition Type: NTFS

Computer Name: EDEE-PC | User Name: Edee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 30 F8 41 8A CA 89 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DE9A108-B87C-4506-85C9-3F00E032A7D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45EF98B6-60DF-4A61-9796-4BF0804B3568}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B767D00-3A81-4BAF-A82E-1244D1E77626}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD3FD0AE-CA48-4C62-9186-31954F453A8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C675EDF6-ED39-4ED7-BD94-FB3D6E36569A}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA58FEDD-CA9F-4BF8-99E6-83DAF75276A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF4E9B58-EBA8-4397-B233-FF2D7A5393A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D72E2E5C-F3E6-47E0-9E2A-BCB668F695A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D7D0E155-4F67-467D-90A1-210DF4183EB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{E204A4F7-3C9F-4834-8995-2443D85549F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3FC42B3-175E-4940-89F5-1E13A5F6F2F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8AB1FE6-016E-4937-AE81-72629AAA5839}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA05786F-F310-4E3A-ABAA-41771C7686F3}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00752C74-464E-4888-A2F9-BA72E2AF7A2F}" = protocol=17 | dir=in | app=c:\users\edee\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D08AB1A-11D9-4F8B-BB7E-CCA737ACD9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{14DC360B-EF02-4D23-B777-3BC288D96FF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{172E50AC-9E48-4B53-B6C5-66B844DF0759}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{1F87714F-8CE4-4E0C-85A8-698A1D4A289F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{298E379A-2FBE-4E1D-80B7-771D68A42D60}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2F7DBF10-66F2-4E4D-ABD8-A29D32A81A66}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{30F27AFD-94E9-48DE-BEFD-D8B3F2976851}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{3141A3BB-FC02-4CD7-B0B9-C961A26FEB31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{323D087D-A2EB-435B-9E21-F161B2E2275D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3AF26753-9C21-4CF6-A710-BADABB1D297D}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45801E8F-7318-4620-B011-F51D303626C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50D4692D-7BD9-44E8-B54C-6640DDC196FA}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{5BF4BE2C-D150-4CB1-B6A7-788A075244ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{62C6D787-5E76-4FC4-886D-77C1B9EC3F6C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{64599A38-F215-45E1-B8D4-9CC0549762BC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{6C136A67-4D39-43C6-A726-19CAD09DA7BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6CCD49CA-5294-44A6-B9B0-01942E05B1B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{72701082-17D4-4E83-B6F7-61A4DBB037B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74222A83-2E2C-4B40-8A24-7902AD973D2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{76A4D879-28F0-4127-910D-92FE0C56359E}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{7907FD70-9F12-4931-9CE1-3599BAAE1144}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{868B9674-57E3-433B-A41D-52D891427874}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{8D85D22F-AFC5-4108-A983-3D3267E0B339}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{90002028-FC06-4B13-BC45-2A59B87F1064}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{9B093B6F-0F0C-41D0-AFD0-8C50F68C824C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9E5A1F86-A240-41F4-BC1F-13B67C41FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ABE01A6A-3795-4E37-BA0E-B4E9D33A345B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B1D3BD0B-EBEB-449A-BC8D-925A856DB2A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B253B807-EA86-4DC4-90B0-FA75A58A7ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B6DA91DF-21E7-413F-8BF5-80315B29A9C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA9EC729-A690-4137-A547-C44E14EE47BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D2BF95FD-6CE8-4946-8644-D4310843BF80}" = protocol=6 | dir=in | app=c:\users\edee\appdata\roaming\dropbox\bin\dropbox.exe |
"{D2E6A8CC-8B0E-4B29-9462-72A18CEF81B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3BD478F-8C0A-4707-8DB1-49492BF1CB98}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DD0FF00B-1594-48E8-B5D0-69C4469146E4}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{F3371230-0D5F-4686-A487-1E3E2AC5EBF3}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F4C794A3-9F5F-4D78-87B9-64852B13E383}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F829D3E1-69D3-4578-98DD-D11226838167}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FA2C1529-F1E0-435A-928B-9F49B1F1AD7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{4CADC559-03F4-433C-BDA4-C6462471A5D9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A7D0B9E5-BD95-4713-AB56-BDFE3F5FD8FE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BE46F7-166A-4716-8603-75518EA54B3F}" = Driver Installer
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
"{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"{F8776060-6929-480C-9CD0-AD4920C354EF}" = 64 Bit HP BiDi Channel Components Installer
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon SELPHY CP800" = Canon SELPHY CP800
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"1Password_is1" = 1Password 1.0.9.288
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Facetheme" = Face Theme
"Google Calendar Sync" = Google Calendar Sync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee AntiVirus Plus
"NeatWorks" = NeatWorks
"OUTLOOKR" = Microsoft Office Outlook 2007
"RealVNC_is1" = VNC Enterprise Edition E4.3-K1
"Salescalculator_National" = Salescalculator_National
"SELPHY Photo Print" = Canon Utilities SELPHY Photo Print
"SELPHY Print Contents 110" = Canon Utilities SELPHY Print Contents 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"ToolkitCMA" = ToolkitCMA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


----

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 12 May 2012 - 10:40 AM

We will clean these items from the registry. I do not think that it will restore your Normal mode.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCYYYYYYYYUS&ptb=M54GBLJM7kvhk7COt8gk_A&psa=&ind=2010101515&ptnrS=ZCYYYYYYYYUS&si=&st=sb&n=77cfb70b&searchfor={searchTerms}
    FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    [2010/11/16 17:09:36 | 000,010,025 | ---- | M] () -- C:\Users\Edee\AppData\Roaming\Mozilla\Firefox\Profiles\qdxej28e.default\searchplugins\mywebsearch.xml
    File not found (No name found) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
    [2010/10/06 18:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2010/10/06 18:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files (x86)\Object\bho_project.dll File not found
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O18:64bit: - Protocol\Handler\gopher - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:
Microsoft article.
http://support.microsoft.com/kb/929833

Post the OTL log and let me know if the problem persists.

#12 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 May 2012 - 12:35 PM

I ran the OTL fixes you supplied and it appeared to go OK. I let the computer try to boot into Normal mode and it failed with BSOD just after the welcome screen as before.

I booted into Safe Mode and did the OTL Quick Scan with default paramaters. Logs are below.

I ran sfc at administrator cmd prompt. It reported that a corrupt file was found and could not be fixed automatically. I examined the log file per the instructions and all the errors seemed to relate to settings.ini for Windows-Sidebar. Curiously the sfc log does not seem to give the full pathname, but I presume the file is %localappdata%\Microsoft\Windows Sidebar\Settings.ini (but maybe instead it is a systemwide file?) Anyway, I renamed that file to Settings-broken.ini hoping a good file would be created automatically. I tried to reboot into Normal mode but got same BSOD error just after the Welcome screen. I rebooted into Safe Mode and copied the Settings.ini from a working Vista machine, did the takeown and icacls commands per the help document, and then did another sfc scan. This reported the same problems on Settings.ini for Windows-Sidebar. I suppose some Sidebar related problem would make sense since Sidebar might be started with the Desktop. See portion of SFC log below.

Hmm, this document seems to suggest the sfc message concerning Settings.ini is spurious: http://support.microsoft.com/kb/947595

Thanks,
Rich

----
2012-05-12 10:23:56, Info CSI 000004ee [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:23:59, Info CSI 000004f0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:23:59, Info CSI 000004f1 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2012-05-12 10:26:45, Info CSI 0000058f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:26:46, Info CSI 00000594 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:30:39, Info CSI 000006a8 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:30:39, Info CSI 000006aa [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:30:39, Info CSI 000006ac [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:30:39, Info CSI 000006ad [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2012-05-12 10:30:39, Info CSI 000006af [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-05-12 10:30:39, Info CSI 000006b0 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"



----


----
OTL logfile created on: 5/12/2012 9:11:14 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Edee\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 3.31 Gb Available Physical Memory | 84.74% Memory free
4.01 Gb Paging File | 3.55 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 172.67 Gb Free Space | 60.48% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.73 Gb Free Space | 13.79% Space Free | Partition Type: NTFS

Computer Name: EDEE-PC | User Name: Edee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 07:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Edee\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2009/06/03 21:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 05:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/19 12:06:50 | 000,768,776 | ---- | M] (AgileBits) [Auto | Stopped] -- C:\Program Files (x86)\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/17 17:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 17:13:08 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 17:13:08 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/22 12:52:40 | 002,685,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 04:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/06/03 21:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/22 09:13:38 | 000,004,608 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssrangdr.sys -- (ssrangdr)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/21 23:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/28 01:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/21 22:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/19 17:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 10:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/24 09:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/17 14:30:08 | 000,030,088 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/18 16:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2008/02/08 12:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/30 12:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/05 03:32:25] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCYYYYYYYYUS&ptb=M54GBLJM7kvhk7COt8gk_A&psa=&ind=2010101515&ptnrS=ZCYYYYYYYYUS&si=&st=sb&n=77cfb70b&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Edee\AppData\LocalLow\ToolkitCMA\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://inc.mlxchange.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 74 1E 40 16 5D CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}: "URL" = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_enUS354
IE - HKCU\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Edee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Edee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Edee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Edee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Edee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/05/08 21:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2010/06/13 09:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edee\AppData\Roaming\mozilla\Extensions
[2012/01/05 23:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions
[2010/06/13 09:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 09:16:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/08 12:52:13 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Edee\AppData\Roaming\mozilla\Firefox\Profiles\qdxej28e.default\extensions\plugin@yontoo.com
[2011/11/25 20:27:07 | 000,000,558 | ---- | M] () -- C:\Users\Edee\AppData\Roaming\Mozilla\Firefox\Profiles\qdxej28e.default\searchplugins\bing.xml
[2012/01/27 13:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/19 13:05:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/27 15:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/08 21:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/08 12:51:56 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober8862323.xml

O1 HOSTS File: ([2012/05/08 21:50:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files (x86)\Object\bho_project.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516145158.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: americashomerescue.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: americashomerescue.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bizsiteservice.com ([secure11] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cnn.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: doccentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: docusign.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([upload] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fanniemae.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fedex.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fedex.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([nnrmls] http in Trusted sites)
O15 - HKCU\..Trusted Domains: getmedianow.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([*.admin] * in Trusted sites)
O15 - HKCU\..Trusted Domains: getyourview.com ([admin] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlins.com ([tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([tm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([www.tm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marketlinx.com ([www.tm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mckissock.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mlxchange.com ([inc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nnrmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rdesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: realtytools.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safemls.net ([idp.nnrmls] http in Trusted sites)
O15 - HKCU\..Trusted Domains: salesaspects.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: showingtime.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sitexdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sobamalibu.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: spellchecker.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: spokeo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tacforeclosures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolkitcma2.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: tourfactory.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: transactionpoint.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trpoint.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([aar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([gbr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: trueformsonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: usbank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usbank.com ([www4] https in Trusted sites)
O15 - HKCU\..Trusted Domains: virtualearth.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloud.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloud.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: voicecloudvct.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: washoecounty.us ([icris] http in Trusted sites)
O15 - HKCU\..Trusted Domains: xmlsweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([messenger] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} http://nnrmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab (PrintPreview Class)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://dem.mlxchange.com/5.0.08.4151/Control/FileCruiser.cab (FileCruiser Class)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://dem.mlxchange.com/5.0.08.4151/Control/Specfile.cab (Specfile Control)
O16 - DPF: {17176F8B-9599-4E68-96A8-6163E91FA4E1} http://tourfactory.com/ActiveX/OutlookTF.CAB (OutlookTF.ClientMSG)
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} http://www.toolkitcma.com/tkweb/tkweb.cab (Tkweb Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://inc.mlxchange.com/5.0.08.4151/Control/MLSClientUtils.cab (MLS Client Utils)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://dem.mlxchange.com/5.0.08.4151/Control/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://dem.mlxchange.com/5.0.08.4151/Control/IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://inc.mlxchange.com/5.1.01.7036/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://inc.mlxchange.com/5.0.08.4151/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CB166B52-6741-412A-AF4C-FE59A35F5001} http://tourfactory.com/Inventory/UploadWizard/UploadWizard.CAB (UploadWizard.VirtualTour)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://dem.mlxchange.com/5.0.08.4151/Control/AspCustomCtrls.cab (DropList Class)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Edee\Pictures\photo[1].JPG
O24 - Desktop BackupWallPaper: C:\Users\Edee\Pictures\photo[1].JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 09:04:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/12 07:40:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Edee\Desktop\OTL.exe
[2012/05/11 11:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 11:25:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/11 11:24:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/11 11:23:56 | 004,490,638 | R--- | C] (Swearware) -- C:\Users\Edee\Desktop\ComboFix.exe
[2012/05/11 08:52:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Edee\Desktop\aswMBR.exe
[2012/05/11 08:44:37 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edee\Desktop\TDSSKiller.exe
[2012/05/11 08:44:14 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Edee\TDSSKiller.exe
[2012/05/08 22:42:33 | 000,315,392 | ---- | C] (Simon Tatham) -- C:\pscp.exe
[2012/05/08 22:41:29 | 000,315,392 | ---- | C] (Simon Tatham) -- C:\Users\Edee\Desktop\pscp.exe
[2012/05/08 22:31:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Edee\Desktop\dds.scr
[2012/05/08 22:10:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/08 21:50:37 | 000,000,000 | ---D | C] -- C:\Users\Edee\AppData\Local\temp
[2012/05/08 21:03:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 21:03:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 21:03:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/08 20:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/04/24 05:51:54 | 000,000,000 | ---D | C] -- C:\Users\Edee\AppData\Local\Temp(122)
[2012/04/24 05:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\Edee\Documents\2011-10-22 2011 Panama Canal Cruise and WDW
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 09:09:23 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/05/12 09:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/12 09:09:06 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2012/05/12 09:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 09:08:01 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{526342F3-8E9D-4B0F-86AC-4DBED001B3F9}.job
[2012/05/12 08:02:39 | 000,000,600 | ---- | M] () -- C:\Users\Edee\AppData\Local\PUTTY.RND
[2012/05/12 07:42:26 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 07:42:26 | 000,606,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 07:42:26 | 000,104,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/12 07:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Edee\Desktop\OTL.exe
[2012/05/11 13:45:05 | 000,879,714 | ---- | M] () -- C:\Users\Edee\Desktop\SecurityCheck.exe
[2012/05/11 11:23:56 | 004,490,638 | R--- | M] (Swearware) -- C:\Users\Edee\Desktop\ComboFix.exe
[2012/05/11 09:12:02 | 000,000,547 | ---- | M] () -- C:\Users\Edee\Desktop\MBR.zip
[2012/05/11 09:04:58 | 000,000,512 | ---- | M] () -- C:\Users\Edee\Desktop\MBR.dat
[2012/05/11 08:52:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Edee\Desktop\aswMBR.exe
[2012/05/11 08:44:15 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edee\TDSSKiller.exe
[2012/05/11 08:44:15 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Edee\Desktop\TDSSKiller.exe
[2012/05/11 08:42:13 | 002,055,783 | ---- | M] () -- C:\Users\Edee\tdsskiller.zip
[2012/05/11 08:40:42 | 002,055,783 | ---- | M] () -- C:\Users\Edee\Desktop\tdsskiller.zip
[2012/05/08 22:41:32 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\Users\Edee\Desktop\pscp.exe
[2012/05/08 22:41:32 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\pscp.exe
[2012/05/08 22:40:30 | 000,000,732 | ---- | M] () -- C:\Users\Edee\AppData\Local\d3d9caps64.dat
[2012/05/08 22:31:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Edee\Desktop\dds.scr
[2012/05/08 21:50:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/08 20:20:49 | 000,006,756 | ---- | M] () -- C:\Users\Edee\AppData\Local\d3d9caps.dat
[2012/05/08 20:20:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 09:35:23 | 000,000,195 | ---- | M] () -- C:\Users\Edee\Desktop\PDF Converter.url
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 13:44:57 | 000,879,714 | ---- | C] () -- C:\Users\Edee\Desktop\SecurityCheck.exe
[2012/05/11 11:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 11:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 11:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 09:12:02 | 000,000,547 | ---- | C] () -- C:\Users\Edee\Desktop\MBR.zip
[2012/05/11 09:04:58 | 000,000,512 | ---- | C] () -- C:\Users\Edee\Desktop\MBR.dat
[2012/05/11 08:42:05 | 002,055,783 | ---- | C] () -- C:\Users\Edee\tdsskiller.zip
[2012/05/11 08:40:42 | 002,055,783 | ---- | C] () -- C:\Users\Edee\Desktop\tdsskiller.zip
[2012/05/08 23:11:02 | 000,000,600 | ---- | C] () -- C:\Users\Edee\AppData\Local\PUTTY.RND
[2012/05/08 21:03:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 21:03:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/08 20:20:04 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 19:04:39 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys
[2012/04/24 01:10:26 | 000,000,732 | ---- | C] () -- C:\Users\Edee\AppData\Local\d3d9caps64.dat
[2011/12/03 21:30:43 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/12/03 12:14:21 | 000,000,000 | ---- | C] () -- C:\Users\Edee\AppData\Local\{ECE33D41-F67C-4E44-8BDC-04256849E90F}
[2011/11/28 00:11:27 | 000,148,960 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/11/28 00:11:02 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/09/28 12:15:01 | 000,012,969 | ---- | C] () -- C:\Users\Edee\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/09/28 12:05:04 | 000,038,431 | ---- | C] () -- C:\Users\Edee\AppData\Roaming\Comma Separated Values (DOS).ADR

========== LOP Check ==========

[2012/02/20 13:03:34 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Agile Web Solutions
[2011/12/03 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Canon
[2010/04/09 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 17:45:19 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Dropbox
[2010/02/28 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Facebook
[2011/11/28 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Image Zone Express
[2012/01/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Neat
[2012/01/05 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Nuance
[2011/11/27 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Printer Info Cache
[2009/10/10 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Sierra Wireless
[2009/07/15 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\SupportSoft
[2009/07/23 17:11:11 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Template
[2011/04/25 12:01:50 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\ToolkitCMA
[2011/03/08 12:54:55 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\Uniblue
[2011/02/15 16:33:16 | 000,000,000 | ---D | M] -- C:\Users\Edee\AppData\Roaming\WeatherBug
[2012/04/02 08:24:56 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/12 09:08:01 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{526342F3-8E9D-4B0F-86AC-4DBED001B3F9}.job

========== Purity Check ==========



< End of report >

----


----
OTL Extras logfile created on: 5/12/2012 9:11:14 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Edee\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 3.31 Gb Available Physical Memory | 84.74% Memory free
4.01 Gb Paging File | 3.55 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 172.67 Gb Free Space | 60.48% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.73 Gb Free Space | 13.79% Space Free | Partition Type: NTFS

Computer Name: EDEE-PC | User Name: Edee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 30 F8 41 8A CA 89 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DE9A108-B87C-4506-85C9-3F00E032A7D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45EF98B6-60DF-4A61-9796-4BF0804B3568}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B767D00-3A81-4BAF-A82E-1244D1E77626}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD3FD0AE-CA48-4C62-9186-31954F453A8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C675EDF6-ED39-4ED7-BD94-FB3D6E36569A}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA58FEDD-CA9F-4BF8-99E6-83DAF75276A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF4E9B58-EBA8-4397-B233-FF2D7A5393A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D72E2E5C-F3E6-47E0-9E2A-BCB668F695A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D7D0E155-4F67-467D-90A1-210DF4183EB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{E204A4F7-3C9F-4834-8995-2443D85549F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3FC42B3-175E-4940-89F5-1E13A5F6F2F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8AB1FE6-016E-4937-AE81-72629AAA5839}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA05786F-F310-4E3A-ABAA-41771C7686F3}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00752C74-464E-4888-A2F9-BA72E2AF7A2F}" = protocol=17 | dir=in | app=c:\users\edee\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D08AB1A-11D9-4F8B-BB7E-CCA737ACD9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{14DC360B-EF02-4D23-B777-3BC288D96FF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{172E50AC-9E48-4B53-B6C5-66B844DF0759}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{1F87714F-8CE4-4E0C-85A8-698A1D4A289F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{298E379A-2FBE-4E1D-80B7-771D68A42D60}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2F7DBF10-66F2-4E4D-ABD8-A29D32A81A66}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{30F27AFD-94E9-48DE-BEFD-D8B3F2976851}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{3141A3BB-FC02-4CD7-B0B9-C961A26FEB31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{323D087D-A2EB-435B-9E21-F161B2E2275D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3AF26753-9C21-4CF6-A710-BADABB1D297D}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45801E8F-7318-4620-B011-F51D303626C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50D4692D-7BD9-44E8-B54C-6640DDC196FA}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{5BF4BE2C-D150-4CB1-B6A7-788A075244ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{62C6D787-5E76-4FC4-886D-77C1B9EC3F6C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{64599A38-F215-45E1-B8D4-9CC0549762BC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{6C136A67-4D39-43C6-A726-19CAD09DA7BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6CCD49CA-5294-44A6-B9B0-01942E05B1B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{72701082-17D4-4E83-B6F7-61A4DBB037B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74222A83-2E2C-4B40-8A24-7902AD973D2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{76A4D879-28F0-4127-910D-92FE0C56359E}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{7907FD70-9F12-4931-9CE1-3599BAAE1144}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{868B9674-57E3-433B-A41D-52D891427874}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{8D85D22F-AFC5-4108-A983-3D3267E0B339}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{90002028-FC06-4B13-BC45-2A59B87F1064}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{9B093B6F-0F0C-41D0-AFD0-8C50F68C824C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9E5A1F86-A240-41F4-BC1F-13B67C41FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ABE01A6A-3795-4E37-BA0E-B4E9D33A345B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B1D3BD0B-EBEB-449A-BC8D-925A856DB2A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B253B807-EA86-4DC4-90B0-FA75A58A7ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B6DA91DF-21E7-413F-8BF5-80315B29A9C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA9EC729-A690-4137-A547-C44E14EE47BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D2BF95FD-6CE8-4946-8644-D4310843BF80}" = protocol=6 | dir=in | app=c:\users\edee\appdata\roaming\dropbox\bin\dropbox.exe |
"{D2E6A8CC-8B0E-4B29-9462-72A18CEF81B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3BD478F-8C0A-4707-8DB1-49492BF1CB98}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DD0FF00B-1594-48E8-B5D0-69C4469146E4}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{F3371230-0D5F-4686-A487-1E3E2AC5EBF3}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F4C794A3-9F5F-4D78-87B9-64852B13E383}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F829D3E1-69D3-4578-98DD-D11226838167}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FA2C1529-F1E0-435A-928B-9F49B1F1AD7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{4CADC559-03F4-433C-BDA4-C6462471A5D9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A7D0B9E5-BD95-4713-AB56-BDFE3F5FD8FE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BE46F7-166A-4716-8603-75518EA54B3F}" = Driver Installer
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
"{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"{F8776060-6929-480C-9CD0-AD4920C354EF}" = 64 Bit HP BiDi Channel Components Installer
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon SELPHY CP800" = Canon SELPHY CP800
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"1Password_is1" = 1Password 1.0.9.288
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Facetheme" = Face Theme
"Google Calendar Sync" = Google Calendar Sync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee AntiVirus Plus
"NeatWorks" = NeatWorks
"OUTLOOKR" = Microsoft Office Outlook 2007
"RealVNC_is1" = VNC Enterprise Edition E4.3-K1
"Salescalculator_National" = Salescalculator_National
"SELPHY Photo Print" = Canon Utilities SELPHY Photo Print
"SELPHY Print Contents 110" = Canon Utilities SELPHY Print Contents 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"ToolkitCMA" = ToolkitCMA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

----

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 12 May 2012 - 01:23 PM

Disable firewall or Anti-virus software on the client.

Disconnect from the internet close all windows and running programs. Restart the computer. If still no joy.

Continue.

1. Disable firewall or Anti-virus software on the client.

2. Stop the Automatic Updates service and BITS service.

net stop wuauserv

net stop bits

3. Delete “%windir%\softwaredistribution” directory.

4 Start the Automatic Updates service and BITS service. When these two services
have been started, they will auto-create “softwaredistribution” and its subfolder
at system directory.

net start wuauserv

net start bits

5. Stop the Cryptographic Services

6. Rename the C:\windows\System32\catroot2 folder Rename it catroot2old

7. After the “%windir%\softwaredistribution” directory has been generated, please
let the client contact the WSUS server immediately.

wuauclt.exe /resetauthorization /detectnow

8. After 15 minutes, please check the client to confirm whether it detects needed
updates.

If the problem still exists, please check %windir%\windowsupdate.log and post the error message in this thread

p.s.
To stop or start the services run MSCONFIG.EXE the services will be listed.

If at any time you need help before proceeding please ask.

#14 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 May 2012 - 04:06 PM

When I did net stop wuauserv I was told the Windows Update service is not started. Same with Background Intelligent Transfer Service. I deleted the SoftwareDistribution directory. When I tried to start wuauserv it gave error 1084 and said the service could not be started in Safe Mode. I stopped there.

Rich

#15 R.P.D.

R.P.D.
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 May 2012 - 04:07 PM

Also, though I didn't get far enough to the Stop Cryptographic Services step, I'm not sure how I would do that.

Thanks,
Rich




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users