Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Latency and Unknown Virus [Closed]

Started by lwest , May 24 2012 03:49 PM

  • This topic is locked This topic is locked

#1
lwest
Posted 24 May 2012 - 03:49 PM

lwest

    New Member

  • Member
  • Pip
  • 6 posts
We have a virus of some kind. We have run Symantec, but nothing is showing up. It is as if someone attached a boat anchor to the computer. This is not the usual thing where say you go to Google and you get re-directed. This is more malicious, more clandestine and I am so confused. Can anyone point us in the right direction? Please please please? We truly appreciate your time and attention.
laura



OTL logfile created on: 5/24/2012 2:33:48 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pwest\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 68.12% Memory free
20.19 Gb Paging File | 17.33 Gb Available in Paging File | 85.87% Paging File free
Paging file location(s): c:\pagefile.sys 12500 13000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.71 Gb Total Space | 673.19 Gb Free Space | 48.58% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 1018.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 70.00 Gb Total Space | 10.07 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive R: | 100.00 Gb Total Space | 14.09 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 14.09 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
Drive U: | 99.90 Gb Total Space | 69.30 Gb Free Space | 69.37% Space Free | Partition Type: NTFS
Drive V: | 99.90 Gb Total Space | 41.15 Gb Free Space | 41.19% Space Free | Partition Type: NTFS
Drive Y: | 99.90 Gb Total Space | 69.30 Gb Free Space | 69.37% Space Free | Partition Type: NTFS

Computer Name: PWOFFICEHP | User Name: pwest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/24 14:32:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pwest\Downloads\OTL(1).exe
PRC - [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/01 12:55:50 | 026,646,368 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2011/06/22 14:14:10 | 002,050,832 | ---- | M] (Ilium Software, Inc.) -- C:\Program Files (x86)\Ilium Software\eWallet\eWallet.exe
PRC - [2011/01/06 03:14:46 | 000,086,062 | ---- | M] (Westbrook Technologies, Inc.) -- v:\Fortis\FortisLT.exe
PRC - [2011/01/06 03:14:14 | 001,019,945 | ---- | M] (Westbrook Technologies, Inc.) -- V:\Fortis\fmp.exe
PRC - [2010/11/23 10:02:44 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [1999/12/31 17:00:00 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [1999/12/31 17:00:00 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 11:30:21 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3d86888a0b8d944d0234009495e8ad6f\IAStorUtil.ni.dll
MOD - [2012/05/23 11:30:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7dfa3741328f59fd6997794a8c92ce64\IAStorCommon.ni.dll
MOD - [2012/05/18 17:42:22 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/11 03:55:15 | 000,497,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\483f47b06b4b353ba85b586d879ea3ad\System.Data.SQLite.ni.dll
MOD - [2012/05/11 03:55:15 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PasswordGenerator\6e6ac27fc22cc545d749fb128554ba9a\PasswordGenerator.ni.dll
MOD - [2012/05/11 03:55:15 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll
MOD - [2012/05/11 03:55:14 | 001,119,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sync\1237a54cc740723dd0d4b18b0f7ec034\Sync.ni.dll
MOD - [2012/05/11 03:55:14 | 001,111,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DBWallet\61d0ec914aa0e24beed39cb2264e968c\DBWallet.ni.dll
MOD - [2012/05/11 03:55:14 | 000,107,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WltSQLiteConverter\8a3cbc94c3f8158d96d95429e9ba1588\WltSQLiteConverter.ni.dll
MOD - [2012/05/11 03:55:13 | 012,311,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\035bdd94ec8b54eb09c128243d644072\DevComponents.DotNetBar2.ni.dll
MOD - [2012/05/11 03:55:08 | 003,808,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\eWallet\c065bc20312a2b0244bcf900d56ee708\eWallet.ni.exe
MOD - [2012/05/11 03:54:59 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/11 03:29:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012/05/11 03:29:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:29:36 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd01ba2b65ff9f81f0981507d264c8d1\System.Data.ni.dll
MOD - [2012/05/11 03:29:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:29:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 03:29:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/11 03:29:13 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/11 03:29:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 03:29:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:29:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:29:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:28:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/01/06 03:16:50 | 000,303,149 | ---- | M] () -- V:\Fortis\WIDGE32.dll
MOD - [2011/01/06 03:12:08 | 000,020,480 | ---- | M] () -- V:\Fortis\daohelpr.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/23 12:53:56 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Ilium Software\eWallet\System.Data.SQLite.dll
MOD - [2008/07/10 02:38:22 | 000,013,336 | ---- | M] () -- C:\Windows\Downloaded Program Files\rsclientprint_1033.rll
MOD - [2007/09/11 12:49:40 | 000,089,776 | ---- | M] () -- V:\Fortis\AMPLM.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/05/22 07:16:11 | 008,412,160 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware3rd\mysql\5_0_51-64\bin\mysqld-nt.exe -- (MySQL)
SRV:64bit: - [2012/05/22 07:12:26 | 000,078,336 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\synergy\tomcat-6.0.32\bin\native\windows\x64\tomcat6.exe -- (Synergy)
SRV:64bit: - [2012/05/22 07:10:00 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\bin\owprocman.exe -- (OWProcMan)
SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/07 21:35:02 | 000,057,344 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe -- (Veeam Backup Catalog Data Service)
SRV:64bit: - [2011/04/07 21:33:58 | 000,249,856 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\Veeam.Backup.Service.exe -- (Veeam Backup and Replication Service)
SRV:64bit: - [2011/04/07 20:42:48 | 000,876,544 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\VeeamNFSSvc.exe -- (VeeamNfsSvc)
SRV:64bit: - [2011/01/26 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/20 11:12:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 17:42:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 22:51:20 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptagentservice.exe -- (QuestNmsAgent)
SRV - [2012/05/09 22:51:18 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptserverservice.exe -- (QuestNmsServer)
SRV - [2012/02/13 09:57:54 | 000,045,704 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe -- (SWBrowserIntegration)
SRV - [2012/02/06 10:34:22 | 000,058,880 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2011/12/27 05:21:02 | 000,031,744 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe -- (SolarWinds SFTP Server)
SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service)
SRV - [2011/10/12 12:28:54 | 002,804,312 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/12 12:28:36 | 000,181,616 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/01 13:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Disabled | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/23 21:48:20 | 000,028,672 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe -- (VeeamBackupService.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1999/12/31 17:00:00 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/23 12:03:02 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/09/09 14:46:30 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/08/30 06:56:24 | 000,071,288 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/08/30 06:56:24 | 000,055,416 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 13:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 10:00:28 | 000,382,024 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/01/26 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/17 22:22:36 | 000,125,552 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/08 20:29:42 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/06/08 20:29:36 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [1999/12/31 17:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [1999/12/31 17:00:00 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2011/08/30 06:56:24 | 000,101,624 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{5BE16D09-ADA9-4B05-8E1C-55ABFF135617}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sharepoint/ht...lserver/reports [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spradsrv.com/
IE - HKCU\..\SearchScopes,DefaultScope = {DA677D0A-6753-4D18-B7E4-E641EE14E57C}
IE - HKCU\..\SearchScopes\{DA677D0A-6753-4D18-B7E4-E641EE14E57C}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/05 17:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 17:42:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/19 11:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Extensions
[2012/05/07 09:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Firefox\Profiles\1hupbap2.default\extensions
[2012/05/22 19:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/18 17:42:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/10 15:38:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/10 15:38:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CANON DR3010C SVC] C:\Windows\SysNative\DR301SVC.dll (Canon Electronics)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BucksBee Loyalty Plugin - Softonic Notifications - {829cbb8d-4fbc-2464-e9d7-d55180b193b4} - C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic\ribbon.hta ()
O9 - Extra 'Tools' menuitem : BucksBee Loyalty Plugin - Softonic Notifications - {a8e3281a-999a-ab24-9566-42314ed92b6e} - C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic\ribbon_menu.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: sites ([]https in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} http://sqlserver/rep...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spradsreno.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA309A65-07BE-4F2F-ADBB-32858216A714}: NameServer = 192.168.1.25,192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/03/27 11:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 11:32:34 | 000,685,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/05/23 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2012/05/23 11:29:37 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/23 11:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/23 11:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/05/23 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/23 11:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/23 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/05/23 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/05/23 11:26:27 | 000,000,000 | ---D | C] -- C:\AMD
[2012/05/23 11:12:40 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/05/23 11:08:10 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SlimWare Utilities Inc
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/05/23 11:08:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/23 10:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/23 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Malwarebytes
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/23 10:47:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/22 22:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/22 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 22:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/05/22 22:18:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/22 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/22 21:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/22 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HELP
[2012/05/22 20:17:21 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Applet
[2012/05/22 19:51:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{27A5929E-A7D7-49FD-8F20-58D051718F42}
[2012/05/22 19:47:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3D34A5B4-A900-489B-A2F4-E50705D1B71B}
[2012/05/22 19:15:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A0B13B96-FCF9-4207-9BB1-08D28A069F51}
[2012/05/22 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A1F6ECFE-734C-4BA6-9670-E301A0E4BC49}
[2012/05/22 18:59:59 | 000,000,000 | ---D | C] -- C:\.jmsn
[2012/05/22 18:31:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\vlc
[2012/05/22 18:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/05/22 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/05/22 07:11:36 | 000,000,000 | ---D | C] -- C:\tmp
[2012/05/22 07:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2012/05/22 06:40:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/05/21 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Netgear
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartControlCenter
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netgear
[2012/05/21 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Downloaded Installations
[2012/05/21 00:59:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{FF059468-5730-4B73-9070-07636A5B45F3}
[2012/05/20 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1D0BF810-B874-438B-8FEA-97D2F41B7D3D}
[2012/05/20 13:00:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{14553E54-DA10-4E60-BC4A-B5E260A603B3}
[2012/05/20 13:00:04 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{21B57ABA-FE8F-477E-9735-2B9C625771B3}
[2012/05/20 12:59:41 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2A8E396-F8B2-4E22-AB58-D5B8AD3ABC4D}
[2012/05/20 12:51:03 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/05/20 12:51:02 | 000,055,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/05/20 12:51:02 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/05/20 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{017EACDF-0BA0-4B92-AFE4-2AC54FA6B67A}
[2012/05/20 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{CD3DC2FF-4DB8-4B72-8CF0-9529BBF64C4F}
[2012/05/20 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{EB674406-3C7E-4388-A317-5000DD241F64}
[2012/05/20 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F1521E2-4F01-444A-B14F-F8D3F39A8BF4}
[2012/05/20 12:10:27 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2012/05/20 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/05/20 12:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/05/20 12:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/05/20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\GFI Software
[2012/05/20 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9A0BBA22-176A-429E-8230-9B5191A584F0}
[2012/05/20 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D6606C1B-D8FA-48D7-804E-6948309DC612}
[2012/05/20 11:16:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 11:05:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SolarWinds
[2012/05/20 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Engineer's Toolset
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\TFTP-Root
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds SFTP & SCP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\SFTP_Root
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarWinds
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolarWinds
[2012/05/20 10:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SolarWinds
[2012/05/20 10:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2012/05/20 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/20 10:39:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BA7ECEC8-6186-4D2D-A9A4-11FF1F20A19D}
[2012/05/20 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DBFA99B5-3A70-4F33-9C02-4475F7A50969}
[2012/05/20 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{73EFA2FB-D846-4FF1-B845-18ED91D68490}
[2012/05/20 10:38:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{F08E4116-8A00-4A35-AAE2-1B673BA3EE09}
[2012/05/20 04:50:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{489AFB3A-3284-45E4-887D-6EA8E5E92145}
[2012/05/19 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{B7F6A0CF-B30B-4779-9705-085F9FBCFEC5}
[2012/05/19 04:50:26 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5C774870-8A32-4479-AC3A-C48DA33A8D1E}
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\PassMark
[2012/05/18 17:24:28 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\PassMark
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest (64-bit)
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/05/18 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/18 16:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/18 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{C0350EC2-C70A-45A6-B615-5BC86A25D51B}
[2012/05/18 16:49:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{900A64F7-0074-4018-BAFB-8D1EA5E33DE4}
[2012/05/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{958684CF-6128-44CA-922F-517655679F96}
[2012/05/18 07:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3AF404FC-EE87-408F-A1EC-026306BD5533}
[2012/05/17 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{11B5813E-D883-4110-9F34-25CD8F58B810}
[2012/05/17 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7596955E-87DD-431F-A451-8DD242BCD334}
[2012/05/16 19:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{179CAAA8-2345-40B5-9382-CDF7DCA1D2BC}
[2012/05/16 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5DD9E869-7399-422F-BACD-69E6CC4CA6C8}
[2012/05/15 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{79854B3E-AFE3-4606-9CA0-ABF8B4ECA2E9}
[2012/05/15 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\pwest\Desktop\Downloads
[2012/05/15 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/15 09:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Quest Software
[2012/05/15 09:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
[2012/05/15 09:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quest Software
[2012/05/15 07:36:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D8164721-71D3-4818-BDDE-DD9CE69A7039}
[2012/05/15 07:36:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{045B0D45-8B8E-4502-90FD-D13010657C25}
[2012/05/15 07:36:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Network Monitor 3
[2012/05/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012/05/15 07:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012/05/15 07:02:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DE20D033-C368-4B06-9A9C-B8569C431322}
[2012/05/15 07:01:57 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{51553046-B2CA-4D15-9AD5-33DB42211ACE}
[2012/05/15 07:01:47 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{369A94D8-CE7F-4EAB-B485-B26C254EDF5F}
[2012/05/15 07:01:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BD177050-0832-44FA-B4EB-BCCFDC8E58EA}
[2012/05/14 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52CCB422-EC36-4A32-8654-23DF8E11EA2B}
[2012/05/14 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7B97CF99-FDD3-4DF1-BADF-38D3E72A1303}
[2012/05/14 07:39:46 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{567DDEFA-B165-4053-85E8-FF3B905C42C0}
[2012/05/14 07:39:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{E84BB5F2-8853-44B2-B1BB-565742886110}
[2012/05/14 07:39:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2792BD1-A69F-4A6E-8AFA-C65069BF0494}
[2012/05/14 07:38:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{74453914-5AB6-40D4-B8B0-6E60D49C9F1C}
[2012/05/14 07:38:34 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52489DDE-B577-4AB6-9373-D685D44B4CCE}
[2012/05/11 04:06:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9F2B8EB4-6A3D-4B85-8377-EB041DF9E70E}
[2012/05/11 04:06:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1F9DA91E-BFB9-4980-9FE6-5886C95C5434}
[2012/05/11 04:06:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{34652E6F-A053-4022-B542-C0E54A1B87AE}
[2012/05/11 04:06:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{251A0AAE-FC5A-4CDC-89C2-AE2F4311984F}
[2012/05/10 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9B49DD72-03B2-4569-B6C0-4A593BCB139C}
[2012/05/09 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BBC509B2-1B59-42B9-8FA4-2A8CF00C9C97}
[2012/05/09 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{AFEFD075-376F-49A4-BDF4-404155322031}
[2012/05/09 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DAFE321C-4ECB-48AE-9E15-E3ACB1BBA8B6}
[2012/05/09 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{8F931505-BEE8-40E7-B4BE-AE93C77B98C1}
[2012/04/29 07:33:05 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5D8AFC2A-D9BF-48C3-B465-4682417E5371}
[2012/04/29 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F678186-B9A4-4EF6-AD6E-5BAC504B9C36}
[2012/04/26 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2012/04/26 16:47:00 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2012/04/26 16:46:29 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2012/04/26 16:45:59 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2012/04/26 16:45:25 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2012/04/26 16:44:55 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Wondershare Video Converter Ultimate
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/04/26 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Wondershare
[2012/04/26 16:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/04/26 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/04/26 16:43:23 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/04/26 16:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetASFStream
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\GetASFStream
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/24 14:18:03 | 000,012,647 | ---- | M] () -- C:\Windows\SETSCAN.INI
[2012/05/24 13:59:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/24 13:55:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/24 12:55:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/23 17:55:53 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/23 12:10:14 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 12:10:14 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 12:07:31 | 000,949,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 12:07:31 | 000,780,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 12:07:31 | 000,166,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/23 12:03:26 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/23 12:03:02 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/23 12:02:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 12:02:18 | 2131,972,095 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 11:12:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:01 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | M] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | M] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:36:02 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | M] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:04:45 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:04:45 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:04:45 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/18 17:53:17 | 000,000,017 | ---- | M] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/18 17:48:27 | 000,963,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/18 16:47:38 | 000,000,816 | RHS- | M] () -- C:\Users\pwest\ntuser.pol
[2012/05/17 11:43:11 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/05/12 06:56:07 | 000,001,998 | -H-- | M] () -- C:\Users\pwest\Documents\Default.rdp
[2012/05/11 03:27:29 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpwest.job
[2012/05/11 03:27:22 | 000,419,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 11:12:40 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:12 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/23 11:08:11 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/23 11:08:01 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | C] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | C] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:35:05 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:01:31 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:01:31 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:01:31 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/18 17:53:17 | 000,000,017 | ---- | C] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/17 11:43:11 | 000,002,639 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpradsRVAdmin.lnk
[2012/05/17 11:43:11 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/04/26 16:43:23 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/04/26 16:43:23 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/05 13:03:32 | 000,565,248 | ---- | C] () -- C:\Windows\SysWow64\RemoteConfig.dll
[2012/01/05 13:03:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DataLink3.dll
[2012/01/05 12:56:20 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\Ntlcc.dll
[2012/01/05 12:56:20 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\Zmodnt.dll
[2012/01/05 12:56:16 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\SH22W16.DLL
[2012/01/05 12:56:15 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\AL21FVB.DLL
[2012/01/05 12:56:11 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\DataLink2.dll
[2012/01/05 12:56:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\fsplit.dll
[2012/01/05 12:56:10 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[2012/01/05 12:56:01 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\Al21mfc.dll
[2011/09/22 10:47:45 | 000,012,647 | ---- | C] () -- C:\Windows\SETSCAN.INI
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/06 12:28:29 | 000,044,388 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 17:10:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 10:15:43 | 000,963,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2012/05/23 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\.oit
[2011/09/22 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Canon Electronics
[2012/05/22 22:12:02 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Dropbox
[2012/05/22 22:49:05 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\FileZilla
[2012/05/15 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/20 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2011/09/27 19:13:02 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Ilium Software
[2011/09/25 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\IrfanView
[2011/09/22 10:53:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\ISIS Drivers
[2012/01/07 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Key Metric Software
[2011/09/18 07:35:03 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Microsys
[2012/05/22 06:40:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/02/24 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Telerik
[2011/09/14 08:40:30 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\WinBatch
[2011/09/22 14:03:36 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Live Writer
[2011/09/06 11:34:58 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Small Business Server
[2012/04/26 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2009/07/13 22:08:49 | 000,015,398 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/23 12:03:26 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
CompCav
Posted 26 May 2012 - 08:14 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, lwest! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since it has been a few days we need updated and complete scans.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.
  • 0

#3
lwest
Posted 26 May 2012 - 11:41 AM

lwest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Issues have not changed. Thank you very very much for your response. Please find the posts below:


OTL logfile created on: 5/26/2012 9:57:56 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pwest\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.48% Memory free
20.19 Gb Paging File | 17.04 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): c:\pagefile.sys 12500 13000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.71 Gb Total Space | 671.01 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 1018.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 70.00 Gb Total Space | 10.06 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive R: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive U: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive V: | 99.90 Gb Total Space | 41.10 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
Drive Y: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS

Computer Name: PWOFFICEHP | User Name: pwest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 09:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
PRC - [2012/05/01 12:55:50 | 026,646,368 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\pwest\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe
PRC - [2011/10/12 12:31:36 | 001,627,504 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
PRC - [2011/10/12 12:28:54 | 002,804,312 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
PRC - [2011/10/12 12:28:36 | 000,181,616 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
PRC - [2010/11/23 10:02:44 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [1999/12/31 17:00:00 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 11:30:21 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3d86888a0b8d944d0234009495e8ad6f\IAStorUtil.ni.dll
MOD - [2012/05/11 03:29:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:29:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:29:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 03:29:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:29:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:29:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:28:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/05/22 07:16:11 | 008,412,160 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware3rd\mysql\5_0_51-64\bin\mysqld-nt.exe -- (MySQL)
SRV:64bit: - [2012/05/22 07:12:26 | 000,078,336 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\synergy\tomcat-6.0.32\bin\native\windows\x64\tomcat6.exe -- (Synergy)
SRV:64bit: - [2012/05/22 07:10:00 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\bin\owprocman.exe -- (OWProcMan)
SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/07 21:35:02 | 000,057,344 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe -- (Veeam Backup Catalog Data Service)
SRV:64bit: - [2011/04/07 21:33:58 | 000,249,856 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\Veeam.Backup.Service.exe -- (Veeam Backup and Replication Service)
SRV:64bit: - [2011/04/07 20:42:48 | 000,876,544 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\VeeamNFSSvc.exe -- (VeeamNfsSvc)
SRV:64bit: - [2011/01/26 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/20 11:12:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 17:42:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/11 10:41:08 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/11 10:41:02 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/09 22:51:20 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptagentservice.exe -- (QuestNmsAgent)
SRV - [2012/05/09 22:51:18 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptserverservice.exe -- (QuestNmsServer)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/13 09:57:54 | 000,045,704 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe -- (SWBrowserIntegration)
SRV - [2012/02/06 10:34:22 | 000,058,880 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2011/12/27 05:21:02 | 000,031,744 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe -- (SolarWinds SFTP Server)
SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service)
SRV - [2011/10/12 12:28:54 | 002,804,312 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/12 12:28:36 | 000,181,616 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/01 13:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Disabled | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/23 21:48:20 | 000,028,672 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe -- (VeeamBackupService.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1999/12/31 17:00:00 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/25 16:20:36 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Unknown] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/09/09 14:46:30 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/08/30 06:56:24 | 000,071,288 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/08/30 06:56:24 | 000,055,416 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 13:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 10:00:28 | 000,382,024 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/01/26 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/17 22:22:36 | 000,125,552 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/08 20:29:42 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/06/08 20:29:36 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [1999/12/31 17:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [1999/12/31 17:00:00 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/08/30 06:56:24 | 000,101,624 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{5BE16D09-ADA9-4B05-8E1C-55ABFF135617}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sharepoint/ht...lserver/reports [binary data]
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spradsrv.com/
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\SearchScopes,DefaultScope = {DA677D0A-6753-4D18-B7E4-E641EE14E57C}
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\SearchScopes\{DA677D0A-6753-4D18-B7E4-E641EE14E57C}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/05 17:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 17:42:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/19 11:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Extensions
[2012/05/07 09:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Firefox\Profiles\1hupbap2.default\extensions
[2012/05/22 19:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/18 17:42:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/10 15:38:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/10 15:38:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CANON DR3010C SVC] C:\Windows\SysNative\DR301SVC.dll (Canon Electronics)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pwest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..Trusted Domains: sites ([]https in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} http://sqlserver/rep...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spradsreno.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA309A65-07BE-4F2F-ADBB-32858216A714}: NameServer = 192.168.1.25,192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/03/27 11:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 09:43:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
[2012/05/26 09:14:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\pwest\Desktop\aswMBR.exe
[2012/05/25 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn
[2012/05/25 19:23:29 | 000,034,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/05/25 19:23:28 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/25 19:23:28 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/05/25 19:23:26 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/25 16:22:11 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{32E9D1E5-5E50-4323-B7FE-BE9FEFCC7B81}
[2012/05/25 16:21:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{13CB36CE-D3E5-4DEC-A3DB-27F0F8E318FE}
[2012/05/25 16:21:28 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{23739CE0-032F-4D89-8801-4F216F13BCCC}
[2012/05/25 16:21:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2743037A-3346-4BD2-A35D-3ECC7F0F5504}
[2012/05/25 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D581C1E4-5448-4728-9983-C0621891BF10}
[2012/05/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1C138033-3286-48A2-8CF9-14E429462123}
[2012/05/23 11:32:34 | 000,685,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/05/23 11:32:34 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2012/05/23 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2012/05/23 11:29:37 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/23 11:29:36 | 000,558,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/05/23 11:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/23 11:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/05/23 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/23 11:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/23 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/05/23 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/05/23 11:26:27 | 000,000,000 | ---D | C] -- C:\AMD
[2012/05/23 11:12:40 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/05/23 11:08:10 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SlimWare Utilities Inc
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/05/23 11:08:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/23 10:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/23 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Malwarebytes
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/23 10:47:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/22 22:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/22 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 22:18:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/22 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/22 21:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/22 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HELP
[2012/05/22 20:17:21 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Applet
[2012/05/22 19:51:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{27A5929E-A7D7-49FD-8F20-58D051718F42}
[2012/05/22 19:47:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3D34A5B4-A900-489B-A2F4-E50705D1B71B}
[2012/05/22 19:15:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A0B13B96-FCF9-4207-9BB1-08D28A069F51}
[2012/05/22 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A1F6ECFE-734C-4BA6-9670-E301A0E4BC49}
[2012/05/22 18:59:59 | 000,000,000 | ---D | C] -- C:\.jmsn
[2012/05/22 18:31:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\vlc
[2012/05/22 18:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/05/22 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/05/22 07:11:36 | 000,000,000 | ---D | C] -- C:\tmp
[2012/05/22 07:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2012/05/22 06:40:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/05/21 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Netgear
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartControlCenter
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netgear
[2012/05/21 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Downloaded Installations
[2012/05/21 00:59:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{FF059468-5730-4B73-9070-07636A5B45F3}
[2012/05/20 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1D0BF810-B874-438B-8FEA-97D2F41B7D3D}
[2012/05/20 13:00:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{14553E54-DA10-4E60-BC4A-B5E260A603B3}
[2012/05/20 13:00:04 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{21B57ABA-FE8F-477E-9735-2B9C625771B3}
[2012/05/20 12:59:41 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2A8E396-F8B2-4E22-AB58-D5B8AD3ABC4D}
[2012/05/20 12:51:03 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/05/20 12:51:02 | 000,055,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/05/20 12:51:02 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/05/20 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{017EACDF-0BA0-4B92-AFE4-2AC54FA6B67A}
[2012/05/20 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{CD3DC2FF-4DB8-4B72-8CF0-9529BBF64C4F}
[2012/05/20 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{EB674406-3C7E-4388-A317-5000DD241F64}
[2012/05/20 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F1521E2-4F01-444A-B14F-F8D3F39A8BF4}
[2012/05/20 12:10:27 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2012/05/20 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/05/20 12:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/05/20 12:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/05/20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\GFI Software
[2012/05/20 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9A0BBA22-176A-429E-8230-9B5191A584F0}
[2012/05/20 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D6606C1B-D8FA-48D7-804E-6948309DC612}
[2012/05/20 11:16:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 11:05:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SolarWinds
[2012/05/20 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Engineer's Toolset
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\TFTP-Root
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds SFTP & SCP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\SFTP_Root
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarWinds
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolarWinds
[2012/05/20 10:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SolarWinds
[2012/05/20 10:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2012/05/20 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/20 10:44:55 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/20 10:44:55 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/20 10:39:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BA7ECEC8-6186-4D2D-A9A4-11FF1F20A19D}
[2012/05/20 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DBFA99B5-3A70-4F33-9C02-4475F7A50969}
[2012/05/20 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{73EFA2FB-D846-4FF1-B845-18ED91D68490}
[2012/05/20 10:38:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{F08E4116-8A00-4A35-AAE2-1B673BA3EE09}
[2012/05/20 04:50:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{489AFB3A-3284-45E4-887D-6EA8E5E92145}
[2012/05/19 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{B7F6A0CF-B30B-4779-9705-085F9FBCFEC5}
[2012/05/19 04:50:26 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5C774870-8A32-4479-AC3A-C48DA33A8D1E}
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\PassMark
[2012/05/18 17:24:28 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\PassMark
[2012/05/18 17:24:16 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/05/18 17:24:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/05/18 17:24:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/05/18 17:24:15 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest (64-bit)
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/05/18 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/18 16:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/18 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{C0350EC2-C70A-45A6-B615-5BC86A25D51B}
[2012/05/18 16:49:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{900A64F7-0074-4018-BAFB-8D1EA5E33DE4}
[2012/05/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{958684CF-6128-44CA-922F-517655679F96}
[2012/05/18 07:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3AF404FC-EE87-408F-A1EC-026306BD5533}
[2012/05/17 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{11B5813E-D883-4110-9F34-25CD8F58B810}
[2012/05/17 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7596955E-87DD-431F-A451-8DD242BCD334}
[2012/05/16 19:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{179CAAA8-2345-40B5-9382-CDF7DCA1D2BC}
[2012/05/16 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5DD9E869-7399-422F-BACD-69E6CC4CA6C8}
[2012/05/15 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{79854B3E-AFE3-4606-9CA0-ABF8B4ECA2E9}
[2012/05/15 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\pwest\Desktop\Downloads
[2012/05/15 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/15 09:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Quest Software
[2012/05/15 09:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
[2012/05/15 09:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quest Software
[2012/05/15 07:36:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D8164721-71D3-4818-BDDE-DD9CE69A7039}
[2012/05/15 07:36:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{045B0D45-8B8E-4502-90FD-D13010657C25}
[2012/05/15 07:36:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Network Monitor 3
[2012/05/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012/05/15 07:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012/05/15 07:02:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DE20D033-C368-4B06-9A9C-B8569C431322}
[2012/05/15 07:01:57 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{51553046-B2CA-4D15-9AD5-33DB42211ACE}
[2012/05/15 07:01:47 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{369A94D8-CE7F-4EAB-B485-B26C254EDF5F}
[2012/05/15 07:01:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BD177050-0832-44FA-B4EB-BCCFDC8E58EA}
[2012/05/14 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52CCB422-EC36-4A32-8654-23DF8E11EA2B}
[2012/05/14 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7B97CF99-FDD3-4DF1-BADF-38D3E72A1303}
[2012/05/14 07:39:46 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{567DDEFA-B165-4053-85E8-FF3B905C42C0}
[2012/05/14 07:39:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{E84BB5F2-8853-44B2-B1BB-565742886110}
[2012/05/14 07:39:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2792BD1-A69F-4A6E-8AFA-C65069BF0494}
[2012/05/14 07:38:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{74453914-5AB6-40D4-B8B0-6E60D49C9F1C}
[2012/05/14 07:38:34 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52489DDE-B577-4AB6-9373-D685D44B4CCE}
[2012/05/11 04:06:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9F2B8EB4-6A3D-4B85-8377-EB041DF9E70E}
[2012/05/11 04:06:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1F9DA91E-BFB9-4980-9FE6-5886C95C5434}
[2012/05/11 04:06:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{34652E6F-A053-4022-B542-C0E54A1B87AE}
[2012/05/11 04:06:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{251A0AAE-FC5A-4CDC-89C2-AE2F4311984F}
[2012/05/10 23:03:30 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 23:03:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 23:03:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 23:03:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9B49DD72-03B2-4569-B6C0-4A593BCB139C}
[2012/05/09 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BBC509B2-1B59-42B9-8FA4-2A8CF00C9C97}
[2012/05/09 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{AFEFD075-376F-49A4-BDF4-404155322031}
[2012/05/09 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DAFE321C-4ECB-48AE-9E15-E3ACB1BBA8B6}
[2012/05/09 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{8F931505-BEE8-40E7-B4BE-AE93C77B98C1}
[2012/04/29 07:33:05 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5D8AFC2A-D9BF-48C3-B465-4682417E5371}
[2012/04/29 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F678186-B9A4-4EF6-AD6E-5BAC504B9C36}
[2012/04/26 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2012/04/26 16:47:00 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2012/04/26 16:46:29 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2012/04/26 16:45:59 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2012/04/26 16:45:25 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2012/04/26 16:44:55 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Wondershare Video Converter Ultimate
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/04/26 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Wondershare
[2012/04/26 16:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/04/26 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/04/26 16:43:23 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/04/26 16:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetASFStream
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\GetASFStream
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/26 09:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 09:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 09:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
[2012/05/26 09:40:17 | 000,000,512 | ---- | M] () -- C:\Users\pwest\Desktop\MBR.dat
[2012/05/26 09:13:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\pwest\Desktop\aswMBR.exe
[2012/05/25 19:30:35 | 000,012,647 | ---- | M] () -- C:\Windows\SETSCAN.INI
[2012/05/25 19:23:25 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/25 16:27:00 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 16:27:00 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 16:23:48 | 000,949,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/25 16:23:48 | 000,780,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/25 16:23:48 | 000,166,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/25 16:21:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/25 16:20:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 16:20:36 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/25 16:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 16:18:43 | 2131,972,095 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 17:55:53 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/23 11:12:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:01 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | M] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | M] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:36:02 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | M] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:12:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/20 11:12:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/20 11:04:45 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:04:45 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:04:45 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/20 10:44:39 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/20 10:44:39 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/18 17:53:17 | 000,000,017 | ---- | M] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/18 17:48:27 | 000,963,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/18 16:47:38 | 000,000,816 | RHS- | M] () -- C:\Users\pwest\ntuser.pol
[2012/05/17 11:43:11 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/05/12 06:56:07 | 000,001,998 | -H-- | M] () -- C:\Users\pwest\Documents\Default.rdp
[2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/11 10:41:22 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/05/11 10:41:20 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/11 03:27:29 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpwest.job
[2012/05/11 03:27:22 | 000,419,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 04:59:06 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/26 09:40:17 | 000,000,512 | ---- | C] () -- C:\Users\pwest\Desktop\MBR.dat
[2012/05/25 19:23:17 | 000,001,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/05/25 16:11:51 | 000,001,003 | ---- | C] () -- C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/23 11:12:40 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:12 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/23 11:08:11 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/23 11:08:01 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | C] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | C] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:35:05 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:01:31 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:01:31 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:01:31 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/18 17:53:17 | 000,000,017 | ---- | C] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/17 11:43:11 | 000,002,639 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpradsRVAdmin.lnk
[2012/05/17 11:43:11 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/04/26 16:43:23 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/04/26 16:43:23 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/05 13:03:32 | 000,565,248 | ---- | C] () -- C:\Windows\SysWow64\RemoteConfig.dll
[2012/01/05 13:03:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DataLink3.dll
[2012/01/05 12:56:20 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\Ntlcc.dll
[2012/01/05 12:56:20 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\Zmodnt.dll
[2012/01/05 12:56:16 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\SH22W16.DLL
[2012/01/05 12:56:15 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\AL21FVB.DLL
[2012/01/05 12:56:11 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\DataLink2.dll
[2012/01/05 12:56:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\fsplit.dll
[2012/01/05 12:56:10 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[2012/01/05 12:56:01 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\Al21mfc.dll
[2011/09/22 10:47:45 | 000,012,647 | ---- | C] () -- C:\Windows\SETSCAN.INI
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/06 12:28:29 | 000,044,388 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 17:10:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 10:15:43 | 000,963,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2012/05/23 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\.oit
[2011/09/22 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Canon Electronics
[2012/05/26 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Dropbox
[2012/05/22 22:49:05 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\FileZilla
[2012/05/15 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/20 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2011/09/27 19:13:02 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Ilium Software
[2011/09/25 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\IrfanView
[2011/09/22 10:53:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\ISIS Drivers
[2012/01/07 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Key Metric Software
[2011/09/18 07:35:03 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Microsys
[2012/05/22 06:40:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/02/24 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Telerik
[2011/09/14 08:40:30 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\WinBatch
[2011/09/22 14:03:36 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Live Writer
[2011/09/06 11:34:58 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Small Business Server
[2012/04/26 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/05/20 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\spradsadmin\AppData\Roaming\Windows Small Business Server
[2009/07/13 22:08:49 | 000,015,898 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/25 16:21:06 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BA309A65-07BE-4F2F-ADBB-32858216A714}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 05 01 02 01 01 01 04 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: PWOFFICEHP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E NM200 CDFS DVD-ROM 1019 MB Healthy
Volume 1 Partition 100 MB Healthy Offline
Volume 2 C OS NTFS Partition 1385 GB Healthy Boot
Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy
Volume 4 Partition 687 GB Healthy Offline
Volume 5 Partition 11 GB Healthy Offline
Volume 6 F Removable 0 B No Media
Volume 7 G Removable 0 B No Media
Volume 8 H Removable 0 B No Media
Volume 9 I Removable 0 B No Media

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 09:14:36
-----------------------------
09:14:36.909 OS Version: Windows x64 6.1.7601 Service Pack 1
09:14:36.909 Number of processors: 4 586 0x2A07
09:14:36.910 ComputerName: PWOFFICEHP UserName: pwest
09:14:39.838 Initialize success
09:15:27.539 AVAST engine defs: 12052600
09:15:37.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
09:15:37.532 Disk 0 Vendor: Intel___ 1.0. Size: 1430797MB BusType: 8
09:15:37.534 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
09:15:37.538 Disk 1 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
09:15:37.561 Disk 0 MBR read successfully
09:15:37.565 Disk 0 MBR scan
09:15:37.571 Disk 0 unknown MBR code
09:15:37.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:15:37.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418970 MB offset 206848
09:15:37.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11725 MB offset 2906257408
09:15:37.651 Disk 0 scanning C:\Windows\system32\drivers
09:15:51.104 Service scanning
09:16:15.252 Modules scanning
09:16:15.267 Disk 0 trace - called modules:
09:16:15.280 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:16:15.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a060060]
09:16:15.287 3 CLASSPNP.SYS[fffff88001da943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008db5050]
09:16:17.117 AVAST engine scan C:\Windows
09:16:19.591 AVAST engine scan C:\Windows\system32
09:24:34.147 AVAST engine scan C:\Windows\system32\drivers
09:24:51.052 AVAST engine scan C:\Users\pwest
09:37:24.621 AVAST engine scan C:\ProgramData
09:38:53.990 Scan finished successfully
09:40:17.687 Disk 0 MBR has been saved successfully to "C:\Users\pwest\Desktop\MBR.dat"
09:40:17.689 The log file has been saved successfully to "C:\Users\pwest\Desktop\aswMBR.txt"




OTL Extras logfile created on: 5/26/2012 9:57:57 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pwest\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.48% Memory free
20.19 Gb Paging File | 17.04 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): c:\pagefile.sys 12500 13000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.71 Gb Total Space | 671.01 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 1018.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 70.00 Gb Total Space | 10.06 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive R: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive U: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive V: | 99.90 Gb Total Space | 41.10 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
Drive Y: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS

Computer Name: PWOFFICEHP | User Name: pwest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25111|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25252|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|[email protected],-25352|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25111|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25252|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|[email protected],-25352|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B5D85A-6F75-4877-9AB8-F388A9BA8025}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AA9819C-195B-4D19-9046-C86FB1414B5F}" = lport=5053 | protocol=6 | dir=in | name=quest foglight nms https server port |
"{0FA6EA1E-E0A9-4DAB-B01F-83126B2EDD05}" = lport=9392 | protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeam.backup.service.exe |
"{154AD6C9-EB9F-426C-B191-48568880B2F8}" = lport=69 | protocol=17 | dir=in | name=quest foglight nms tftp server |
"{17C6C143-925B-4BCF-86A6-5AC3F4CDFB71}" = lport=5055 | protocol=6 | dir=in | name=quest foglight nms tunnel port |
"{1CDB5930-3D70-43FE-80F9-788D8B958016}" = lport=514 | protocol=17 | dir=in | name=quest foglight nms syslog server |
"{256EDE74-09E9-46F9-B26B-1C2F92278CD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{25D390AA-A550-46BC-8897-855453EAED1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C65A9D7-10EB-443E-902C-287F79826104}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3239C080-F818-4750-832C-6E52E90550A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D747E3E-7F00-4A59-BE9E-6A89711FD9BE}" = lport=9555 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 2 |
"{4FD8DA14-834E-4E73-A354-C88D56D9C934}" = lport=137 | protocol=17 | dir=in | app=system |
"{54480C3A-5A00-4A70-9586-1A37A1A0630C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E4E68F1-A0AE-4230-8A31-E76A224B3A98}" = lport=2055 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 1 |
"{5E8733BA-4EA8-49C8-A0DE-8B1302086618}" = rport=137 | protocol=17 | dir=out | app=system |
"{71903487-3B03-4B13-9B8D-77859CB56239}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A31B69B-6109-4C0C-804B-588368481591}" = lport=9995 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 3 |
"{827CE689-A7F6-40EA-B56C-F6C407028D7F}" = lport=6343 | protocol=17 | dir=in | name=quest foglight nms sflow |
"{84EF5A93-0945-42B4-8777-531FA4E9E183}" = lport=5054 | protocol=6 | dir=in | name=quest foglight nms server port |
"{8A2CF5F9-86F2-46CB-9733-ACF1B92F8048}" = lport=9393 | protocol=6 | dir=in | app=c:\program files\veeam\backup catalog\veeam.backup.catalogdataservice.exe |
"{8D2C3E84-3780-463F-891C-2AFFCF9CD6D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{952BC428-C38E-4BF2-A6BB-C879F18F52D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{953551B4-4EE0-47C8-BEF1-8795B52120A3}" = lport=162 | protocol=17 | dir=in | name=quest foglight nms snmp traps port |
"{9E3D6BB0-4BEE-4856-8412-70F546FC9846}" = lport=139 | protocol=6 | dir=in | app=system |
"{A180B314-BEC2-4A33-9490-22A16BEF45A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2D69D27-CEE5-4B3C-A756-C6CECA5EF45D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A95F9234-733A-4771-B844-6B9208650E01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B30EB9DB-2A1F-4731-9598-E3E8BF547223}" = lport=9392 | protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeam.backup.service.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B60DAB96-3798-46C2-94D7-CC2C81089B86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA35A4D3-72DF-45C7-84DD-33C1F11937B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C084C561-395B-4184-A154-C545C1A77DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C1B7EABF-D799-428E-BE99-C29EFB408932}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2E8DB52-2357-4C91-81DD-1D71E109C293}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D26AA8FD-E4F1-48F2-A236-764909AACAD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D47452D4-1B76-416F-B831-B9EF7F1DF68F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5365C9B-1BB5-4B8C-8222-B574B8867870}" = lport=9393 | protocol=6 | dir=out | app=c:\program files\veeam\backup catalog\veeam.backup.catalogdataservice.exe |
"{D5C01D96-1A4D-4EF4-9367-5C97A35A5B3A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD2665F0-C497-4031-A090-CC4E5DB806AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE5AF1CF-1880-4386-8275-DE7154B13B67}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067214B5-222D-4446-A848-39484CACFD64}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{0CEF947D-1747-4DDB-B2DE-EEA88AC0ADC0}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{101CE925-DEED-4E3E-A25B-C0F3C850AF8D}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{1B757B9E-6088-441E-BB5B-2A9D846080F5}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{1C7C51A3-CD8E-40F1-8C4B-870465EAA15C}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{2008A7C8-9EDF-464C-93F3-6DA5DCAD1B2E}" = protocol=1 | dir=out | [email protected],-28544 |
"{209150F4-7F93-406A-9E66-82DEBB167563}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{21DF171F-DE42-4F51-9268-B30FABBBDDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{22C69243-4A41-4FA8-A8F3-869A657F0ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{24DB361B-8073-4A32-B071-021F6AB4F3B1}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{278BEA2B-7828-4839-879A-1DA111808D2A}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{2EE41BB4-963D-4306-9BB0-334D614287EE}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{321AD5B1-B991-40C2-9B78-B9C613A99044}" = protocol=1 | dir=in | [email protected],-28543 |
"{3946D3EE-DB38-4CA2-A2DF-4C789AB18806}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{3F3503B7-3DCE-4B78-8856-FF8A46BC7181}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{43881A8C-5AB3-4DCA-AF30-3E30DB0E46F1}" = protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeamnfssvc.exe |
"{4715A9B2-36C0-4D58-96E5-A473277416C2}" = protocol=58 | dir=out | [email protected],-28546 |
"{4B501E2E-DAA9-4E39-AEA2-A8A89F014CD7}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{4DFB226E-35BB-4EFB-9F1C-EBC343E7449E}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{4EF9B829-0BB8-4643-98E0-095482545195}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{4F725F7F-8A76-450E-B748-F6A5C2C68671}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{53BE7930-C405-4CAE-9221-888A0FA561BA}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{54DF61EF-7DBF-45DF-96CC-2EAE7905F390}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{56E3537E-8CC0-4970-815B-82DBC9D689C3}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{57716274-B9BF-4CD1-A945-0C7DCADBB460}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{59B46AD2-5638-4754-90DC-29C8AAB0DA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{5A9F8BFD-3DAA-4A5B-976A-143F3E49C4EB}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{5CC3BF7F-573B-4BEA-9738-862EBF9E20C7}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{5D436434-A356-4997-85C1-A41EF2896372}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{5E7D6C7F-3382-45C4-8C8D-8CBAF078B42E}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{5FDA2FB0-8F68-400A-88CA-F00BD4C38AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{601E2CA6-51F6-4612-B840-E5AC11DA2A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{6197A6D7-BFD7-4F39-8C75-C165BDBB2CC3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{625940B6-98A8-4E10-A450-F21281190408}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{654E6482-AA2E-488E-94C3-69ADEED9A86D}" = protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeamagent.exe |
"{6701CA8F-45AC-4E9D-AAB0-3D082C76865B}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{67EBB4D3-1340-46BE-88A6-4F9100385749}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{6BAE6D3B-587E-484B-AD2C-F8E4A0646743}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{6C0FDA7F-E896-4816-876B-7EBA3312CCEF}" = protocol=58 | dir=in | [email protected],-28545 |
"{6ED26F95-1F5C-4FD7-8502-06B90C3ACDF8}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{70C5790B-D412-4C80-A279-23A943C6D7B7}" = protocol=6 | dir=in | app=c:\users\pwest\appdata\roaming\dropbox\bin\dropbox.exe |
"{70CEB015-EC96-4C69-934B-E203AF6433F6}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{73D4F76C-5402-45DF-BEEA-AAA78ACA21A6}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{74F90CC0-1D60-4F66-BEEC-79270B4B6ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{7561EBAB-ABFB-4567-9736-A6EEBC94E3DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7638D6F5-E258-41E2-81C1-51CCD0C6123C}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{7EAFEF41-6505-4B6A-AF06-DA8B9665F93F}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{814DC346-3806-4968-8508-1A18315DB602}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{82FE4FD4-270B-406A-A549-020A32647041}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{840D6E85-B3FD-4A2F-A0D8-31B38617D4A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{89AB7CAB-EFB6-45F3-807B-DF6CFC90614E}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{950D7629-115B-4F52-A2FB-CD7B880D5BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{998F8246-CCDE-4DCE-9518-0386C7BE0121}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{9B4EED84-B56E-4767-A180-F35701F8C3CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{9D1E5E5D-368F-4478-8E8B-00BF07357DAB}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{9E018F0A-30C8-4AA5-B9A4-5F1B94DECDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{9EFEAA93-0E26-49D4-B585-C14A9CD072E0}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{A4BCED2B-25EB-4E33-9C30-D28F1C8485F4}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{A97A2F2F-0442-40CC-A84A-F5F5CC5674B8}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{AD014C6D-1B63-423C-BD23-CEBAD9F17D99}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{AE2E5AA2-F30B-49A8-94BA-D0EBF42C9365}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{AEAD6A5D-B793-4F28-9537-BD2EE1612D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{B1491EE7-4FBD-451B-8EB2-537F8EB7A1CC}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{B47B2A06-21F7-4DE9-8FAA-60AAB581CA80}" = protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeamnfssvc.exe |
"{B4C373F0-1720-4F79-AE1A-89A890F920EF}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{BB6D007F-D977-4333-A9D2-2080EBEFF224}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{BD28C401-C155-4D4A-AECA-8AC8EE7E00B4}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{C35442BC-B758-4AA1-8899-B29878EC3F16}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{C687E1EA-26BA-473A-BFAB-3CD9D5DB362A}" = protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeamagent.exe |
"{C80C775A-3980-4EC6-B9DD-45DAF91E845F}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{CC927389-FB7D-44C8-86A3-9FF6969E68E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CED8BDED-1308-4A07-85AF-AE599DD53EE5}" = protocol=6 | dir=in | app=c:\program files\veeam\backup catalog\veeamagent.exe |
"{D140E342-D28C-41CA-935F-D61190086168}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{DBF98F34-C5FA-4863-9D64-573F48BE6D24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3C431F4-5CE0-4E5B-90DE-D76C7CF6BB3A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E467E1B3-A904-4E62-AADC-A2A26B4E7D11}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{E719E21A-AE82-4254-A02C-B597C8ECB175}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{E94FED9D-25AC-4A1B-9186-7782459E7668}" = protocol=6 | dir=out | app=c:\program files\veeam\backup catalog\veeamagent.exe |
"{E9A61C50-C892-4040-897D-8EA5A5D40914}" = protocol=17 | dir=in | app=c:\users\pwest\appdata\roaming\dropbox\bin\dropbox.exe |
"{EAAE0686-E215-40AA-8B39-4BF48C82C073}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{ED227C13-484D-44DB-B2FD-537BA247CCD1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED924D2E-35E0-4165-9093-2B3E0CFB0AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{F7954C5E-9C03-47B9-A761-E4EB3D7BFA16}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{FA869D27-D279-4BCA-983A-A4B108ECB6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{FEC697D2-34D2-4B7E-A63D-78C961918D28}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"TCP Query User{1276F1C8-2043-45E9-A88D-CBD89F3D7B1B}C:\program files (x86)\smartcontrolcenter\sccd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartcontrolcenter\sccd.exe |
"TCP Query User{12D9F5CF-4E3F-4A55-9F7E-7697CECE41DE}C:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe |
"TCP Query User{1B197C35-1402-41E8-9FFE-D539EC03B60D}C:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe |
"TCP Query User{33919718-D59D-4A6E-B12B-EF49ED50C2DF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5A978307-638B-4609-9C00-9A877C31FE97}C:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe" = protocol=6 | dir=in | app=c:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe |
"TCP Query User{6DCF8301-DEDC-4A6C-8480-1B366AFF36B7}C:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe |
"TCP Query User{92A0DC82-DF4C-4F10-BF0C-1260B7E86D36}C:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe |
"TCP Query User{A2A4A7D4-42F8-4655-92F0-A6586A673D86}C:\program files (x86)\logmein rescue calling card\callingcard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logmein rescue calling card\callingcard.exe |
"UDP Query User{0937389A-26B9-43E8-A8EA-A1777CCB4085}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0E13D5CD-8EF8-4C85-8FA1-D13E48D17C02}C:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe |
"UDP Query User{1111D394-D6F7-46EF-A6A8-D87F11CDEA3E}C:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe" = protocol=17 | dir=in | app=c:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe |
"UDP Query User{39AEA9E1-0923-4224-9BD0-A3B34234EFE6}C:\program files (x86)\smartcontrolcenter\sccd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartcontrolcenter\sccd.exe |
"UDP Query User{563DFB5F-B89C-4964-A338-1183AD72CB2A}C:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe |
"UDP Query User{575A594A-0663-4C21-ACBC-4817A4937318}C:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe |
"UDP Query User{C8007F5F-49E7-4116-8F90-A41AE20B119C}C:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe |
"UDP Query User{E8E5D040-0755-4286-9000-FFB1C6FEFA31}C:\program files (x86)\logmein rescue calling card\callingcard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logmein rescue calling card\callingcard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{08FA11B6-EE24-4BEE-BC82-889E7DC84111}" = Veeam Backup and Replication
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{22BCA430-2A68-4678-9824-184F3839948F}" = SQL Server 2012 Integration Services
"{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}" = SQL Server 2012 Management Studio
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{36BF5D42-BF68-4E0C-A165-A4C6E9841F4A}" = SQL Server 2012 Integration Services
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5DDC2234-4B37-45BC-AD33-41F1469B4D83}" = Microsoft SQL Server 2012 Setup (English)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{656E214E-B73F-458C-AD64-ED316F008207}" = SQL Server 2012 BI Development Studio
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}" = SQL Server 2012 Client Tools
"{7272DF1C-2F88-43AC-A481-84DD67DF9746}" = SQL Server 2012 Documentation Components
"{7842C220-6E9A-4D5A-AE70-0E138271F883}" = SQL Server 2012 Client Tools
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F9F1A27-9A76-4D69-BE6C-728F933AEA0D}" = FolderSizes 5
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}" = SQL Server 2012 Documentation Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B766AE7C-72FB-4FBD-937B-DA7A0766B6C7}" = Veeam Backup Catalog
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}" = Microsoft SQL Server 2012 T-SQL Language Service
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CECA0188-BD7A-43EF-B1F7-DDF719099C46}" = SQL Server 2012 Documentation Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D307B5CF-D1F0-48A4-8DA3-54765F535208}" = SQL Server 2012 SQL Data Quality Common
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4FF4DF1-F99C-49AC-B398-BE0887432846}" = Windows Small Business Server 2008 ClientAgent
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}" = SQL Server 2012 BI Development Studio
"{F14401A9-F0A0-33CC-8444-F60823A60DEB}" = Microsoft Visual Studio Tools for Applications x64 Runtime 3.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5E5D7CA-0F94-41A3-8106-66473C2F3728}" = Windows Small Business Server 2008 Desktop Links Gadget
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012D26C3-E12A-3BDA-8ECE-DF14E721A507}" = Microsoft Visual Studio 2010 Shell (Integrated) - ENU
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0DC88E1B-1CCB-42CE-91F0-7017180E5FE8}" = Veeam Backup and FastSCP
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{14FA267F-0A8B-4de9-A8DD-28899318ABB8}" = SolarWinds Toolset v10.8
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{191A6F65-6878-398D-A272-EF011B80F371}" = Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VEEAM)
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{322D9C84-358B-4ADF-B290-AE1346DABF3E}" = Sprad's Web Admin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D5C133-DBDF-4B44-AE94-DAA20EF4A359}" = Fortis Workstation
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51B45305-3996-490B-BE32-6F9800CD43C5}" = LogMeIn Rescue Calling Card
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}" = Microsoft Visual Studio Tools for Applications Design-Time 3.0
"{5B14FB02-EE91-40FB-A35D-79AC90253C8E}" = Telerik RadControls for ASP.NET AJAX Q2 2011 SP1
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2011-11 for Microsoft Office 2010
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{63CE935C-03E3-4EB4-B194-792CB2F91C87}" = SmartControlCenter
"{63FBED9C-D995-47DC-A12D-843C570377DC}" = SlimDrivers
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B4F7ED-8579-44FC-9E11-3904897F75E5}" = Quest Free Network Tools
"{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884337FC-C49E-4644-A6A1-88DC6DEB5B13}" = SolarWinds SCP Server
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{9D544611-F437-4153-913E-91CE036583CC}" = GFI Business Agent
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0D1A2F2-D43A-4C44-95A9-D108AE68878D}" = Quest Foglight NMS
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8F4ACBD-D2F0-4BB3-BEE7-3FA58DC0B354}" = Canon DR-3010C Driver
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = GFI Business Agent
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DAF51B0D-9AE1-4D7A-B077-4A227AAA257A}" = SpradsRVAdminSetup
"{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}" = Microsoft SQL Server 2012 Policies
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6FC04A-AEE9-4263-9A64-B638277E777D}" = DR-3010C Job Tool
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE13DB71-7643-4DB3-9927-88F4C088382C}" = VIPRE Business
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3BBC56F-2282-4464-952F-A89772181F30}" = Microsoft SQL Server Data Tools – Database Projects – Web installer entry point
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3847AF65E1464F11AFF894E36C0E10D8_is1" = A1 Sitemap Generator
"Adobe AIR" = Adobe AIR
"CSS3 Menu" = CSS3 Menu
"dff7e170e6a4187719f92ab0e9558056" = NMS200 NETGEAR ProSafe Network Management Software
"Easy Media Player" = Easy Media Player 1.1.12
"FileZilla Client" = FileZilla Client 3.5.1
"FolderSizes 5 5.6.52" = FolderSizes 5
"Google Chrome" = Google Chrome
"Ilium Software eWallet_is1" = eWallet 7.2 for Windows PCs
"InstallShield_{14FA267F-0A8B-4de9-A8DD-28899318ABB8}" = SolarWinds Toolset v10.8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Inter_Tel 5000 DB Programming 1.2.5.114" = Inter-Tel 5000 DB Programming 1.2.5.114
"Inter_Tel 5000 DB Programming 3.2.4.59" = Mitel 5000 DB Programming 3.2.4.59
"Inter_Tel 5000 DB Programming AVDAP Monitor" = Mitel 5000 DB Programming AVDAP Monitor
"Inter_Tel 5000 DB Programming DB Test" = Mitel 5000 DB Programming DB Test
"Inter_Tel 5000 DB Programming Diagnostics Monitor" = Mitel 5000 DB Programming Diagnostics Monitor
"Inter_Tel 5000 DB Programming MOH Converter Utility" = Mitel 5000 DB Programming MOH Converter Utility
"Inter_Tel 5000 DB Programming Upload Utility" = Mitel 5000 DB Programming Upload Utility
"Inter_Tel DB Programming DB Test" = Inter-Tel DB Programming DB Test
"Inter_Tel DB Programming Upload Utility" = Inter-Tel DB Programming Upload Utility
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PDF Complete" = PDF Complete Special Edition
"SendToKindle" = Amazon Send to Kindle
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.5.4)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"JoinMe" = join.me

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2012 4:30:20 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/9/2012 4:33:31 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/10/2012 2:21:56 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = MsiInstaller | ID = 11500
Description =

Error - 3/10/2012 2:21:57 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = MsiInstaller | ID = 11500
Description =

Error - 3/10/2012 2:30:33 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = WinMgmt | ID = 10
Description =

Error - 3/11/2012 4:33:07 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/13/2012 3:32:23 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/14/2012 6:29:34 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 2:31:44 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Application Hang | ID = 1002
Description = The program devenv.exe version 10.0.30319.413 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 544 Start
Time: 01cd01f7337600e5 Termination Time: 0 Application Path: c:\Program Files (x86)\Microsoft
Visual Studio 10.0\Common7\IDE\devenv.exe Report Id: e9fc9af8-6e03-11e1-a740-e06995f9c1db


Error - 3/15/2012 3:33:23 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 9/7/2011 11:21:45 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = Hewlett-Packard | ID = 0
Description =

Error - 5/16/2012 4:02:44 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8172 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 2/13/2012 12:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 1:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 2:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 3:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 4:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 5:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 6:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 7:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 8:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 2/13/2012 9:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

[ Veeam Backup Events ]
Error - 9/14/2011 6:12:25 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SBSSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
cb3cc6c7-263b-416b-a9b4-6bf81a13098f

Error - 9/14/2011 6:12:27 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
4718ddea-338c-4660-babd-e5e508f9f062

Error - 9/14/2011 6:12:29 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (ACCTSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
5e88c83f-3c70-46ce-a783-d97186c12875

Error - 9/14/2011 6:12:30 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 0
Description = Session Daily Backup (Full) has been completed.

Error - 9/14/2011 8:28:00 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "VM Copy Job 1" is stopped with failed
ID:
edd4e85b-6613-4b9c-b361-78891fc99ea5

Error - 9/14/2011 8:28:00 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 0
Description = Session VM Copy Job 1 has been completed.

Error - 9/14/2011 8:35:41 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "VM Copy Job 1" is stopped with failed
ID:
a65e1769-2067-4f63-9dc1-872f9805de2b


< End of report >
  • 0

#4
CompCav
Posted 26 May 2012 - 12:29 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

You have several installs that are out of date, corrupted, or unnecessary.

Out of date

Download a current version of Symantec End Point. The current version you have is not playing well with Windows 7.
Then uninstall Symantec End Point completely off your computer. But make sure you have your registration information to reinstall it.
Reboot after completing the uninstall.
Install the new copy you just downloaded.


Corrupt

Adobe Air is corrupted please uninstall, reboot
Then download and install current version.

Unnecessary

You have multiple antispyware programs installed on your computer and too many is often worse than not enough. Currently you have SpyBot S & D, SuperAntiSpyware, and MalwareBytes'.
I recommend you uninstall SpyBot and SuperAntiSpyware. Keep MalwareBytes'


Step 2.

The following fix is based on you completing step 1, if you choose to keep something do not do this step and come back to let me know.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sharepoint/ht...lserver/reports [binary data]
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
[2012/05/23 10:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/22 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/22 21:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware




:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Please post:

OTL fix log
TDSSKiller log


Please update me on any changes in your computer
  • 0

#5
lwest
Posted 26 May 2012 - 02:39 PM

lwest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No changes. When it boots up it is ok for the first minute or so and then boom, boat anchor again.
Really appreciate your help.

13:21:05.0120 3816 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:21:05.0655 3816 ============================================================
13:21:05.0655 3816 Current date / time: 2012/05/26 13:21:05.0655
13:21:05.0655 3816 SystemInfo:
13:21:05.0655 3816
13:21:05.0655 3816 OS Version: 6.1.7601 ServicePack: 1.0
13:21:05.0655 3816 Product type: Workstation
13:21:05.0655 3816 ComputerName: PWOFFICEHP
13:21:05.0655 3816 UserName: pwest
13:21:05.0655 3816 Windows directory: C:\Windows
13:21:05.0655 3816 System windows directory: C:\Windows
13:21:05.0655 3816 Running under WOW64
13:21:05.0655 3816 Processor architecture: Intel x64
13:21:05.0655 3816 Number of processors: 4
13:21:05.0655 3816 Page size: 0x1000
13:21:05.0655 3816 Boot type: Normal boot
13:21:05.0655 3816 ============================================================
13:21:06.0776 3816 Drive \Device\Harddisk0\DR0 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:06.0778 3816 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:06.0794 3816 ============================================================
13:21:06.0794 3816 \Device\Harddisk0\DR0:
13:21:06.0794 3816 MBR partitions:
13:21:06.0794 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:21:06.0794 3816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD36D000
13:21:06.0794 3816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD39F800, BlocksNum 0x16E6800
13:21:06.0794 3816 \Device\Harddisk1\DR1:
13:21:06.0795 3816 MBR partitions:
13:21:06.0795 3816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x55EA433D
13:21:06.0795 3816 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x55EA437C, BlocksNum 0x16A0F85
13:21:06.0795 3816 ============================================================
13:21:06.0852 3816 C: <-> \Device\Harddisk0\DR0\Partition1
13:21:06.0950 3816 D: <-> \Device\Harddisk0\DR0\Partition2
13:21:06.0951 3816 ============================================================
13:21:06.0951 3816 Initialize success
13:21:06.0951 3816 ============================================================
13:21:25.0387 4540 ============================================================
13:21:25.0387 4540 Scan started
13:21:25.0387 4540 Mode: Manual; SigCheck; TDLFS;
13:21:25.0387 4540 ============================================================
13:21:28.0047 4540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:21:28.0163 4540 1394ohci - ok
13:21:28.0236 4540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:21:28.0255 4540 ACPI - ok
13:21:28.0301 4540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:21:28.0345 4540 AcpiPmi - ok
13:21:28.0561 4540 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:28.0601 4540 AdobeFlashPlayerUpdateSvc - ok
13:21:28.0705 4540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:21:28.0724 4540 adp94xx - ok
13:21:28.0783 4540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:21:28.0801 4540 adpahci - ok
13:21:28.0842 4540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:21:28.0866 4540 adpu320 - ok
13:21:28.0896 4540 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:21:28.0947 4540 AeLookupSvc - ok
13:21:29.0030 4540 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:21:29.0073 4540 AESTFilters - ok
13:21:29.0153 4540 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:21:29.0184 4540 AFD - ok
13:21:29.0229 4540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:21:29.0242 4540 agp440 - ok
13:21:29.0282 4540 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:21:29.0312 4540 ALG - ok
13:21:29.0358 4540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:21:29.0366 4540 aliide - ok
13:21:29.0613 4540 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
13:21:29.0655 4540 AMD External Events Utility - ok
13:21:29.0780 4540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:21:29.0803 4540 amdide - ok
13:21:29.0848 4540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:21:29.0871 4540 AmdK8 - ok
13:21:35.0814 4540 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:36.0063 4540 amdkmdag - ok
13:21:36.0164 4540 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:21:36.0191 4540 amdkmdap - ok
13:21:36.0220 4540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:21:36.0247 4540 AmdPPM - ok
13:21:36.0318 4540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:21:36.0351 4540 amdsata - ok
13:21:36.0406 4540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:21:36.0418 4540 amdsbs - ok
13:21:36.0463 4540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:21:36.0474 4540 amdxata - ok
13:21:36.0544 4540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:21:36.0589 4540 AppID - ok
13:21:36.0625 4540 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:21:36.0674 4540 AppIDSvc - ok
13:21:36.0746 4540 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:21:36.0800 4540 Appinfo - ok
13:21:36.0871 4540 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:21:36.0895 4540 AppMgmt - ok
13:21:36.0929 4540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:21:36.0944 4540 arc - ok
13:21:36.0969 4540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:21:36.0978 4540 arcsas - ok
13:21:37.0110 4540 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:37.0155 4540 aspnet_state - ok
13:21:37.0217 4540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:37.0277 4540 AsyncMac - ok
13:21:37.0304 4540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:21:37.0315 4540 atapi - ok
13:21:37.0363 4540 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
13:21:37.0398 4540 AtiHDAudioService - ok
13:21:37.0466 4540 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:21:37.0512 4540 AudioEndpointBuilder - ok
13:21:37.0516 4540 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:21:37.0539 4540 AudioSrv - ok
13:21:37.0568 4540 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:21:37.0604 4540 AxInstSV - ok
13:21:37.0670 4540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:21:37.0700 4540 b06bdrv - ok
13:21:37.0742 4540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:37.0775 4540 b57nd60a - ok
13:21:37.0804 4540 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:21:37.0825 4540 BDESVC - ok
13:21:37.0847 4540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:21:37.0899 4540 Beep - ok
13:21:37.0983 4540 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:21:38.0036 4540 BFE - ok
13:21:38.0150 4540 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:21:38.0198 4540 BITS - ok
13:21:38.0234 4540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:21:38.0248 4540 blbdrive - ok
13:21:38.0300 4540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:21:38.0323 4540 bowser - ok
13:21:38.0366 4540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:21:38.0383 4540 BrFiltLo - ok
13:21:38.0414 4540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:21:38.0431 4540 BrFiltUp - ok
13:21:38.0491 4540 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:21:38.0544 4540 Browser - ok
13:21:38.0566 4540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:21:38.0595 4540 Brserid - ok
13:21:38.0620 4540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:38.0647 4540 BrSerWdm - ok
13:21:38.0670 4540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:38.0687 4540 BrUsbMdm - ok
13:21:38.0711 4540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:38.0724 4540 BrUsbSer - ok
13:21:38.0756 4540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:21:38.0778 4540 BTHMODEM - ok
13:21:38.0818 4540 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:21:38.0867 4540 bthserv - ok
13:21:38.0909 4540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:38.0957 4540 cdfs - ok
13:21:39.0003 4540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:21:39.0034 4540 cdrom - ok
13:21:39.0094 4540 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:21:39.0156 4540 CertPropSvc - ok
13:21:39.0176 4540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:21:39.0185 4540 circlass - ok
13:21:39.0212 4540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:21:39.0222 4540 CLFS - ok
13:21:39.0481 4540 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
13:21:39.0509 4540 CLKMSVC10_38F51D56 - ok
13:21:39.0693 4540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:39.0705 4540 clr_optimization_v2.0.50727_32 - ok
13:21:39.0833 4540 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:39.0845 4540 clr_optimization_v2.0.50727_64 - ok
13:21:40.0131 4540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:40.0404 4540 clr_optimization_v4.0.30319_32 - ok
13:21:40.0458 4540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:40.0486 4540 clr_optimization_v4.0.30319_64 - ok
13:21:40.0725 4540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:21:40.0744 4540 CmBatt - ok
13:21:40.0804 4540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:21:40.0817 4540 cmdide - ok
13:21:40.0970 4540 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:21:41.0004 4540 CNG - ok
13:21:41.0048 4540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:21:41.0075 4540 Compbatt - ok
13:21:41.0138 4540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:21:41.0169 4540 CompositeBus - ok
13:21:41.0179 4540 COMSysApp - ok
13:21:41.0252 4540 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
13:21:41.0263 4540 cpuz135 - ok
13:21:41.0324 4540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:21:41.0335 4540 crcdisk - ok
13:21:41.0402 4540 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:21:41.0453 4540 CryptSvc - ok
13:21:41.0546 4540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:21:41.0610 4540 CSC - ok
13:21:41.0718 4540 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:21:41.0772 4540 CscService - ok
13:21:41.0891 4540 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:21:41.0942 4540 DcomLaunch - ok
13:21:41.0993 4540 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:21:42.0082 4540 defragsvc - ok
13:21:42.0218 4540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:21:42.0264 4540 DfsC - ok
13:21:42.0304 4540 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:21:42.0417 4540 Dhcp - ok
13:21:42.0431 4540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:21:42.0465 4540 discache - ok
13:21:42.0519 4540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:21:42.0525 4540 Disk - ok
13:21:42.0638 4540 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:21:42.0679 4540 Dnscache - ok
13:21:42.0707 4540 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:21:42.0749 4540 dot3svc - ok
13:21:43.0012 4540 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:21:43.0071 4540 Dot4 - ok
13:21:43.0111 4540 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:21:43.0153 4540 Dot4Print - ok
13:21:43.0206 4540 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:21:43.0257 4540 dot4usb - ok
13:21:43.0317 4540 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:21:43.0369 4540 DPS - ok
13:21:43.0415 4540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:21:43.0443 4540 drmkaud - ok
13:21:43.0523 4540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:21:43.0550 4540 DXGKrnl - ok
13:21:43.0606 4540 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:21:43.0673 4540 EapHost - ok
13:21:44.0565 4540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:21:44.0674 4540 ebdrv - ok
13:21:44.0754 4540 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:21:44.0785 4540 EFS - ok
13:21:44.0904 4540 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:21:44.0937 4540 ehRecvr - ok
13:21:44.0964 4540 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:21:44.0979 4540 ehSched - ok
13:21:45.0028 4540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:21:45.0064 4540 elxstor - ok
13:21:45.0090 4540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:21:45.0115 4540 ErrDev - ok
13:21:45.0183 4540 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:21:45.0236 4540 EventSystem - ok
13:21:45.0288 4540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:21:45.0326 4540 exfat - ok
13:21:45.0357 4540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:21:45.0385 4540 fastfat - ok
13:21:45.0458 4540 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:21:45.0494 4540 Fax - ok
13:21:45.0536 4540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:21:45.0556 4540 fdc - ok
13:21:45.0588 4540 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:21:45.0649 4540 fdPHost - ok
13:21:45.0668 4540 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:21:45.0688 4540 FDResPub - ok
13:21:45.0720 4540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:21:45.0726 4540 FileInfo - ok
13:21:45.0732 4540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:21:45.0770 4540 Filetrace - ok
13:21:45.0806 4540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:21:45.0819 4540 flpydisk - ok
13:21:45.0864 4540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:21:45.0880 4540 FltMgr - ok
13:21:45.0979 4540 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:21:46.0020 4540 FontCache - ok
13:21:46.0098 4540 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:46.0107 4540 FontCache3.0.0.0 - ok
13:21:46.0131 4540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:21:46.0144 4540 FsDepends - ok
13:21:46.0205 4540 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:21:46.0216 4540 Fs_Rec - ok
13:21:46.0254 4540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:21:46.0274 4540 fvevol - ok
13:21:46.0315 4540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:21:46.0327 4540 gagp30kx - ok
13:21:46.0465 4540 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:21:46.0489 4540 GamesAppService - ok
13:21:46.0565 4540 getbus - ok
13:21:46.0616 4540 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:21:46.0654 4540 gpsvc - ok
13:21:46.0748 4540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:46.0759 4540 gupdate - ok
13:21:46.0765 4540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:46.0775 4540 gupdatem - ok
13:21:46.0877 4540 hcmon (1d19918788921253843f2b669f4c7f52) C:\Windows\system32\drivers\hcmon.sys
13:21:46.0882 4540 hcmon - ok
13:21:46.0900 4540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:21:46.0916 4540 hcw85cir - ok
13:21:46.0965 4540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:21:46.0984 4540 HdAudAddService - ok
13:21:47.0034 4540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:21:47.0060 4540 HDAudBus - ok
13:21:47.0070 4540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:21:47.0105 4540 HidBatt - ok
13:21:47.0177 4540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:21:47.0196 4540 HidBth - ok
13:21:47.0253 4540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:21:47.0293 4540 HidIr - ok
13:21:47.0323 4540 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:21:47.0372 4540 hidserv - ok
13:21:47.0418 4540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:21:47.0457 4540 HidUsb - ok
13:21:47.0530 4540 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:21:47.0619 4540 hkmsvc - ok
13:21:47.0869 4540 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:21:47.0922 4540 HomeGroupListener - ok
13:21:48.0051 4540 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:21:48.0096 4540 HomeGroupProvider - ok
13:21:48.0186 4540 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:21:48.0197 4540 HP Support Assistant Service - ok
13:21:48.0343 4540 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:21:48.0366 4540 HPClientSvc - ok
13:21:48.0427 4540 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:21:48.0438 4540 HPDrvMntSvc.exe - ok
13:21:48.0608 4540 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:21:48.0632 4540 hpqwmiex - ok
13:21:48.0700 4540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:21:48.0712 4540 HpSAMD - ok
13:21:48.0922 4540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:21:48.0984 4540 HTTP - ok
13:21:49.0023 4540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:21:49.0034 4540 hwpolicy - ok
13:21:49.0067 4540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:21:49.0082 4540 i8042prt - ok
13:21:49.0371 4540 iaStor (f981817d0bd03eac4fa60d0b2551a310) C:\Windows\system32\drivers\iaStor.sys
13:21:49.0392 4540 iaStor - ok
13:21:49.0478 4540 IAStorDataMgrSvc (b1cc71046a714e6a6af0a09eb7e05299) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:21:49.0488 4540 IAStorDataMgrSvc - ok
13:21:49.0692 4540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:21:49.0711 4540 iaStorV - ok
13:21:49.0817 4540 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:49.0843 4540 idsvc - ok
13:21:51.0739 4540 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:21:51.0953 4540 igfx - ok
13:21:51.0992 4540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:21:52.0003 4540 iirsp - ok
13:21:52.0088 4540 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:21:52.0197 4540 IKEEXT - ok
13:21:52.0264 4540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:21:52.0276 4540 intelide - ok
13:21:52.0321 4540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:21:52.0340 4540 intelppm - ok
13:21:52.0375 4540 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:21:52.0431 4540 IPBusEnum - ok
13:21:52.0463 4540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:52.0499 4540 IpFilterDriver - ok
13:21:52.0571 4540 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:21:52.0637 4540 iphlpsvc - ok
13:21:52.0668 4540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:21:52.0687 4540 IPMIDRV - ok
13:21:52.0727 4540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:21:52.0776 4540 IPNAT - ok
13:21:52.0831 4540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:21:52.0851 4540 IRENUM - ok
13:21:52.0891 4540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:21:52.0902 4540 isapnp - ok
13:21:52.0937 4540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:21:52.0954 4540 iScsiPrt - ok
13:21:52.0985 4540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:52.0996 4540 kbdclass - ok
13:21:53.0068 4540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:53.0096 4540 kbdhid - ok
13:21:53.0147 4540 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:21:53.0159 4540 KeyIso - ok
13:21:53.0186 4540 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:21:53.0199 4540 KSecDD - ok
13:21:53.0222 4540 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:21:53.0236 4540 KSecPkg - ok
13:21:53.0263 4540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:21:53.0314 4540 ksthunk - ok
13:21:53.0376 4540 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:21:53.0430 4540 KtmRm - ok
13:21:53.0491 4540 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:21:53.0547 4540 LanmanServer - ok
13:21:53.0579 4540 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:21:53.0636 4540 LanmanWorkstation - ok
13:21:53.0669 4540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:21:53.0699 4540 lltdio - ok
13:21:53.0738 4540 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:21:53.0786 4540 lltdsvc - ok
13:21:53.0824 4540 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:21:53.0858 4540 lmhosts - ok
13:21:54.0036 4540 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
13:21:54.0049 4540 LMIGuardianSvc - ok
13:21:54.0144 4540 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
13:21:54.0154 4540 LMIInfo - ok
13:21:54.0285 4540 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
13:21:54.0296 4540 LMIMaint - ok
13:21:54.0340 4540 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
13:21:54.0350 4540 lmimirr - ok
13:21:54.0367 4540 LMIRfsClientNP - ok
13:21:54.0442 4540 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:21:54.0452 4540 LMIRfsDriver - ok
13:21:54.0571 4540 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:21:54.0613 4540 LMS - ok
13:21:54.0809 4540 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
13:21:54.0824 4540 LogMeIn - ok
13:21:54.0941 4540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:21:54.0962 4540 LSI_FC - ok
13:21:55.0004 4540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:21:55.0018 4540 LSI_SAS - ok
13:21:55.0041 4540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:21:55.0054 4540 LSI_SAS2 - ok
13:21:55.0115 4540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:21:55.0128 4540 LSI_SCSI - ok
13:21:55.0154 4540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:21:55.0203 4540 luafv - ok
13:21:55.0262 4540 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:21:55.0276 4540 Mcx2Svc - ok
13:21:55.0379 4540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:21:55.0392 4540 megasas - ok
13:21:55.0427 4540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:21:55.0445 4540 MegaSR - ok
13:21:55.0509 4540 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
13:21:55.0522 4540 MEIx64 - ok
13:21:55.0555 4540 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:21:55.0598 4540 MMCSS - ok
13:21:55.0616 4540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:21:55.0645 4540 Modem - ok
13:21:55.0688 4540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:21:55.0706 4540 monitor - ok
13:21:55.0735 4540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:21:55.0741 4540 mouclass - ok
13:21:55.0801 4540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:21:55.0826 4540 mouhid - ok
13:21:55.0860 4540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:21:55.0873 4540 mountmgr - ok
13:21:55.0964 4540 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:55.0986 4540 MozillaMaintenance - ok
13:21:56.0043 4540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:21:56.0058 4540 mpio - ok
13:21:56.0079 4540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:21:56.0113 4540 mpsdrv - ok
13:21:56.0186 4540 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:21:56.0252 4540 MpsSvc - ok
13:21:56.0287 4540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:21:56.0318 4540 MRxDAV - ok
13:21:56.0363 4540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:56.0388 4540 mrxsmb - ok
13:21:56.0459 4540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:56.0475 4540 mrxsmb10 - ok
13:21:56.0508 4540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:56.0522 4540 mrxsmb20 - ok
13:21:56.0561 4540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:21:56.0587 4540 msahci - ok
13:21:56.0643 4540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:21:56.0657 4540 msdsm - ok
13:21:56.0718 4540 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:21:56.0730 4540 MSDTC - ok
13:21:57.0026 4540 MsDtsServer110 (40be2c09ace1bed16a343662e6fdf241) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
13:21:57.0046 4540 MsDtsServer110 - ok
13:21:57.0118 4540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:21:57.0156 4540 Msfs - ok
13:21:57.0199 4540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:21:57.0264 4540 mshidkmdf - ok
13:21:57.0315 4540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:21:57.0326 4540 msisadrv - ok
13:21:57.0421 4540 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:21:57.0486 4540 MSiSCSI - ok
13:21:57.0487 4540 msiserver - ok
13:21:57.0538 4540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:21:57.0608 4540 MSKSSRV - ok
13:21:57.0639 4540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:57.0724 4540 MSPCLOCK - ok
13:21:57.0750 4540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:21:57.0815 4540 MSPQM - ok
13:21:57.0878 4540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:21:57.0889 4540 MsRPC - ok
13:21:57.0949 4540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:21:57.0955 4540 mssmbios - ok
13:21:58.0018 4540 MSSQL$SQLEXPRESS - ok
13:21:58.0140 4540 MSSQL$VEEAM - ok
13:21:58.0212 4540 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:21:58.0222 4540 MSSQLServerADHelper - ok
13:21:58.0388 4540 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:21:58.0423 4540 MSSQLServerADHelper100 - ok
13:21:58.0449 4540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:21:58.0501 4540 MSTEE - ok
13:21:58.0531 4540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:21:58.0543 4540 MTConfig - ok
13:21:58.0585 4540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:21:58.0596 4540 Mup - ok
13:21:58.0749 4540 MySQL - ok
13:21:58.0784 4540 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:21:58.0864 4540 napagent - ok
13:21:58.0927 4540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:21:58.0960 4540 NativeWifiP - ok
13:21:59.0033 4540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:21:59.0056 4540 NDIS - ok
13:21:59.0078 4540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:59.0104 4540 NdisCap - ok
13:21:59.0133 4540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:59.0169 4540 NdisTapi - ok
13:21:59.0202 4540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:59.0232 4540 Ndisuio - ok
13:21:59.0264 4540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:59.0294 4540 NdisWan - ok
13:21:59.0319 4540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:21:59.0339 4540 NDProxy - ok
13:21:59.0417 4540 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:21:59.0436 4540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:21:59.0436 4540 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:21:59.0460 4540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:21:59.0506 4540 NetBIOS - ok
13:21:59.0535 4540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:21:59.0561 4540 NetBT - ok
13:21:59.0678 4540 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:21:59.0690 4540 Netlogon - ok
13:21:59.0742 4540 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:21:59.0783 4540 Netman - ok
13:21:59.0972 4540 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:00.0069 4540 NetMsmqActivator - ok
13:22:00.0073 4540 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:00.0084 4540 NetPipeActivator - ok
13:22:00.0157 4540 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:22:00.0217 4540 netprofm - ok
13:22:00.0219 4540 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:00.0225 4540 NetTcpActivator - ok
13:22:00.0226 4540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:00.0236 4540 NetTcpPortSharing - ok
13:22:00.0376 4540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:22:00.0415 4540 nfrd960 - ok
13:22:00.0475 4540 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:22:00.0487 4540 NisDrv - ok
13:22:00.0560 4540 NisSrv - ok
13:22:00.0588 4540 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:22:00.0639 4540 NlaSvc - ok
13:22:00.0778 4540 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
13:22:00.0785 4540 nm3 - ok
13:22:00.0852 4540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:22:00.0886 4540 Npfs - ok
13:22:00.0935 4540 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:22:01.0018 4540 nsi - ok
13:22:01.0023 4540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:22:01.0045 4540 nsiproxy - ok
13:22:01.0281 4540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:22:01.0309 4540 Ntfs - ok
13:22:01.0445 4540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:22:01.0481 4540 Null - ok
13:22:01.0552 4540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:22:01.0579 4540 nvraid - ok
13:22:01.0643 4540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:22:01.0651 4540 nvstor - ok
13:22:01.0702 4540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:22:01.0709 4540 nv_agp - ok
13:22:01.0745 4540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:22:01.0752 4540 ohci1394 - ok
13:22:01.0851 4540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:01.0864 4540 ose - ok
13:22:02.0792 4540 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:22:02.0943 4540 osppsvc - ok
13:22:03.0162 4540 OWProcMan (52e80d7429b4954cb63c36f57925b031) c:\progra~1\netgear\netgea~1\oware\bin\owprocman.exe
13:22:03.0199 4540 OWProcMan ( UnsignedFile.Multi.Generic ) - warning
13:22:03.0199 4540 OWProcMan - detected UnsignedFile.Multi.Generic (1)
13:22:03.0311 4540 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:03.0335 4540 p2pimsvc - ok
13:22:03.0390 4540 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:22:03.0410 4540 p2psvc - ok
13:22:03.0464 4540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:22:03.0478 4540 Parport - ok
13:22:03.0533 4540 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:22:03.0545 4540 partmgr - ok
13:22:03.0579 4540 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:22:03.0611 4540 PcaSvc - ok
13:22:03.0664 4540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:22:03.0679 4540 pci - ok
13:22:03.0704 4540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:22:03.0717 4540 pciide - ok
13:22:03.0761 4540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:22:03.0776 4540 pcmcia - ok
13:22:03.0818 4540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:22:03.0830 4540 pcw - ok
13:22:03.0847 4540 pdfcDispatcher - ok
13:22:03.0914 4540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:22:03.0975 4540 PEAUTH - ok
13:22:04.0106 4540 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:22:04.0149 4540 PeerDistSvc - ok
13:22:04.0255 4540 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:22:04.0281 4540 PerfHost - ok
13:22:04.0503 4540 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:22:04.0571 4540 pla - ok
13:22:04.0626 4540 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:22:04.0659 4540 PlugPlay - ok
13:22:04.0717 4540 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:22:04.0733 4540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:22:04.0734 4540 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:22:04.0754 4540 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:22:04.0779 4540 PNRPAutoReg - ok
13:22:04.0795 4540 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:04.0809 4540 PNRPsvc - ok
13:22:05.0047 4540 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:22:05.0111 4540 PolicyAgent - ok
13:22:05.0159 4540 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:22:05.0198 4540 Power - ok
13:22:05.0234 4540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:22:05.0293 4540 PptpMiniport - ok
13:22:05.0332 4540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:22:05.0365 4540 Processor - ok
13:22:05.0423 4540 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:22:05.0488 4540 ProfSvc - ok
13:22:05.0517 4540 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:05.0525 4540 ProtectedStorage - ok
13:22:05.0576 4540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:22:05.0636 4540 Psched - ok
13:22:05.0830 4540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:22:05.0850 4540 ql2300 - ok
13:22:05.0877 4540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:22:05.0883 4540 ql40xx - ok
13:22:06.0022 4540 QuestNmsAgent (d8ae9f1415d15632a93aabfd904a26d4) C:\Program Files (x86)\Quest Software\Foglight NMS\ptagentservice.exe
13:22:06.0066 4540 QuestNmsAgent - ok
13:22:06.0119 4540 QuestNmsServer (6a073a86a1dd035d63ea88e0d32d4675) C:\Program Files (x86)\Quest Software\Foglight NMS\ptserverservice.exe
13:22:06.0134 4540 QuestNmsServer - ok
13:22:06.0169 4540 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:22:06.0191 4540 QWAVE - ok
13:22:06.0225 4540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:22:06.0278 4540 QWAVEdrv - ok
13:22:06.0323 4540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:22:06.0377 4540 RasAcd - ok
13:22:06.0477 4540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:22:06.0514 4540 RasAgileVpn - ok
13:22:06.0551 4540 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:22:06.0609 4540 RasAuto - ok
13:22:06.0669 4540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:22:06.0731 4540 Rasl2tp - ok
13:22:06.0808 4540 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:22:06.0850 4540 RasMan - ok
13:22:06.0885 4540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:22:06.0939 4540 RasPppoe - ok
13:22:06.0981 4540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:22:07.0025 4540 RasSstp - ok
13:22:07.0078 4540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:22:07.0145 4540 rdbss - ok
13:22:07.0216 4540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:22:07.0254 4540 rdpbus - ok
13:22:07.0286 4540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:22:07.0333 4540 RDPCDD - ok
13:22:07.0378 4540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:22:07.0392 4540 RDPDR - ok
13:22:07.0412 4540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:22:07.0456 4540 RDPENCDD - ok
13:22:07.0491 4540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:22:07.0511 4540 RDPREFMP - ok
13:22:07.0547 4540 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:22:07.0596 4540 RdpVideoMiniport - ok
13:22:07.0654 4540 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:22:07.0679 4540 RDPWD - ok
13:22:07.0732 4540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:22:07.0747 4540 rdyboost - ok
13:22:07.0791 4540 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:22:07.0850 4540 RemoteAccess - ok
13:22:07.0929 4540 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:22:07.0994 4540 RemoteRegistry - ok
13:22:08.0116 4540 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:22:08.0210 4540 RoxioNow Service - ok
13:22:08.0280 4540 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:22:08.0335 4540 RpcEptMapper - ok
13:22:08.0379 4540 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:22:08.0395 4540 RpcLocator - ok
13:22:08.0592 4540 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:22:08.0631 4540 RpcSs - ok
13:22:08.0716 4540 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:22:08.0743 4540 RsFx0103 - ok
13:22:08.0867 4540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:22:08.0901 4540 rspndr - ok
13:22:08.0988 4540 RTL8167 (c5cd940effade1f6246730bca14e9fe6) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:22:09.0012 4540 RTL8167 - ok
13:22:09.0049 4540 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:09.0062 4540 SamSs - ok
13:22:09.0893 4540 SBAMSvc (77dbda1401ff941962bb133125ee22c7) C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
13:22:09.0927 4540 SBAMSvc - ok
13:22:10.0052 4540 sbapifs (36ac5257569aa3db15488c1d32208ddb) C:\Windows\system32\DRIVERS\sbapifs.sys
13:22:10.0063 4540 sbapifs - ok
13:22:10.0176 4540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:22:10.0189 4540 sbp2port - ok
13:22:10.0325 4540 SBPIMSvc (f2d18d2bd968f949c812472afad8c55a) C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
13:22:10.0336 4540 SBPIMSvc - ok
13:22:10.0360 4540 SBRE (17c0970209f59ceca7bebd580b5bad0b) C:\Windows\system32\drivers\SBREdrv.sys
13:22:10.0370 4540 SBRE - ok
13:22:10.0401 4540 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
13:22:10.0412 4540 SbTis - ok
13:22:10.0448 4540 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:22:10.0484 4540 SCardSvr - ok
13:22:10.0515 4540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:22:10.0572 4540 scfilter - ok
13:22:10.0703 4540 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:22:10.0760 4540 Schedule - ok
13:22:10.0804 4540 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:22:10.0823 4540 SCPolicySvc - ok
13:22:10.0843 4540 Script Manager - ok
13:22:10.0875 4540 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:22:10.0894 4540 SDRSVC - ok
13:22:10.0929 4540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:22:10.0971 4540 secdrv - ok
13:22:11.0007 4540 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:22:11.0028 4540 seclogon - ok
13:22:11.0079 4540 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:22:11.0141 4540 SENS - ok
13:22:11.0160 4540 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:22:11.0182 4540 SensrSvc - ok
13:22:11.0252 4540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:22:11.0275 4540 Serenum - ok
13:22:11.0355 4540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:22:11.0386 4540 Serial - ok
13:22:11.0406 4540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:22:11.0431 4540 sermouse - ok
13:22:11.0504 4540 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:22:11.0567 4540 SessionEnv - ok
13:22:11.0585 4540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:22:11.0594 4540 sffdisk - ok
13:22:11.0632 4540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:22:11.0654 4540 sffp_mmc - ok
13:22:11.0700 4540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:22:11.0742 4540 sffp_sd - ok
13:22:11.0867 4540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:22:11.0913 4540 sfloppy - ok
13:22:11.0962 4540 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:22:12.0003 4540 SharedAccess - ok
13:22:12.0027 4540 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:22:12.0068 4540 ShellHWDetection - ok
13:22:12.0095 4540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:22:12.0101 4540 SiSRaid2 - ok
13:22:12.0141 4540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:22:12.0154 4540 SiSRaid4 - ok
13:22:12.0201 4540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:22:12.0236 4540 Smb - ok
13:22:12.0271 4540 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:22:12.0290 4540 SNMPTRAP - ok
13:22:12.0415 4540 SolarWinds SFTP Server (4425d651576c9de9ac136f23abf546df) C:\Program Files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe
13:22:12.0425 4540 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - warning
13:22:12.0425 4540 SolarWinds SFTP Server - detected UnsignedFile.Multi.Generic (1)
13:22:12.0521 4540 SolarWinds TFTP Server (dd37e8e013ebc4bc5c22edd62867dcc4) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
13:22:12.0579 4540 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - warning
13:22:12.0579 4540 SolarWinds TFTP Server - detected UnsignedFile.Multi.Generic (1)
13:22:12.0611 4540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:22:12.0623 4540 spldr - ok
13:22:12.0668 4540 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:22:12.0711 4540 Spooler - ok
13:22:13.0077 4540 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:22:13.0193 4540 sppsvc - ok
13:22:13.0202 4540 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:22:13.0223 4540 sppuinotify - ok
13:22:13.0410 4540 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:22:13.0449 4540 SQLAgent$SQLEXPRESS - ok
13:22:13.0498 4540 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:22:13.0514 4540 SQLBrowser - ok
13:22:13.0549 4540 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:22:13.0561 4540 SQLWriter - ok
13:22:13.0611 4540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:22:13.0647 4540 srv - ok
13:22:13.0679 4540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:22:13.0741 4540 srv2 - ok
13:22:13.0776 4540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:22:13.0791 4540 srvnet - ok
13:22:13.0827 4540 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:22:13.0867 4540 SSDPSRV - ok
13:22:13.0942 4540 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:22:13.0963 4540 SstpSvc - ok
13:22:14.0105 4540 STacSV (0cdea5acbb69c45f642e96d81e906ccd) C:\Program Files\IDT\WDM\STacSV64.exe
13:22:14.0152 4540 STacSV - ok
13:22:14.0186 4540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:22:14.0198 4540 stexstor - ok
13:22:14.0254 4540 STHDA (5c8d6072d1d09f11789c6a014688048a) C:\Windows\system32\DRIVERS\stwrt64.sys
13:22:14.0317 4540 STHDA - ok
13:22:14.0391 4540 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:22:14.0438 4540 stisvc - ok
13:22:14.0718 4540 SWBrowserIntegration (06e24cc9a1966fb6095f6ea1529cee9b) C:\Program Files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe
13:22:14.0780 4540 SWBrowserIntegration - ok
13:22:14.0842 4540 SWDUMon (04cf20310145dec63d5387beaff77d9a) C:\Windows\system32\DRIVERS\SWDUMon.sys
13:22:14.0852 4540 SWDUMon - ok
13:22:14.0877 4540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:22:14.0888 4540 swenum - ok
13:22:14.0961 4540 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:22:15.0012 4540 swprv - ok
13:22:15.0070 4540 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:22:15.0084 4540 SymEvent - ok
13:22:15.0224 4540 Synergy - ok
13:22:15.0228 4540 Synth3dVsc - ok
13:22:15.0307 4540 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:22:15.0361 4540 SysMain - ok
13:22:15.0384 4540 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:22:15.0412 4540 TabletInputService - ok
13:22:15.0455 4540 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:22:15.0549 4540 TapiSrv - ok
13:22:15.0573 4540 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:22:15.0617 4540 TBS - ok
13:22:15.0794 4540 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:22:15.0835 4540 Tcpip - ok
13:22:15.0918 4540 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:22:15.0945 4540 TCPIP6 - ok
13:22:16.0008 4540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:22:16.0048 4540 tcpipreg - ok
13:22:16.0081 4540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:22:16.0087 4540 TDPIPE - ok
13:22:16.0122 4540 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:22:16.0142 4540 TDTCP - ok
13:22:16.0159 4540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:22:16.0201 4540 tdx - ok
13:22:16.0216 4540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:22:16.0223 4540 TermDD - ok
13:22:16.0274 4540 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:22:16.0311 4540 TermService - ok
13:22:16.0332 4540 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:22:16.0342 4540 Themes - ok
13:22:16.0364 4540 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:22:16.0384 4540 THREADORDER - ok
13:22:16.0435 4540 tihub3 (72a25cae92f5a57d1f3d278a94dc3ceb) C:\Windows\system32\DRIVERS\tihub3.sys
13:22:16.0447 4540 tihub3 - ok
13:22:16.0569 4540 tixhci (e0f9e190b41f190bcf2e2b865d061fd6) C:\Windows\system32\drivers\tixhci.sys
13:22:16.0582 4540 tixhci - ok
13:22:16.0628 4540 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:22:16.0672 4540 TrkWks - ok
13:22:16.0732 4540 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:22:16.0772 4540 TrustedInstaller - ok
13:22:16.0782 4540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:22:16.0813 4540 tssecsrv - ok
13:22:16.0849 4540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:22:16.0863 4540 TsUsbFlt - ok
13:22:16.0901 4540 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:22:16.0919 4540 TsUsbGD - ok
13:22:16.0922 4540 tsusbhub - ok
13:22:16.0970 4540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:22:16.0997 4540 tunnel - ok
13:22:17.0023 4540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:22:17.0029 4540 uagp35 - ok
13:22:17.0055 4540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:22:17.0082 4540 udfs - ok
13:22:17.0133 4540 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:22:17.0148 4540 UI0Detect - ok
13:22:17.0181 4540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:22:17.0193 4540 uliagpkx - ok
13:22:17.0236 4540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:22:17.0253 4540 umbus - ok
13:22:17.0283 4540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:22:17.0301 4540 UmPass - ok
13:22:17.0335 4540 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:22:17.0363 4540 UmRdpService - ok
13:22:17.0930 4540 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:22:17.0976 4540 UNS - ok
13:22:18.0012 4540 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:22:18.0049 4540 upnphost - ok
13:22:18.0099 4540 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:22:18.0129 4540 usbaudio - ok
13:22:18.0167 4540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:22:18.0180 4540 usbccgp - ok
13:22:18.0224 4540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:22:18.0242 4540 usbcir - ok
13:22:18.0290 4540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:22:18.0311 4540 usbehci - ok
13:22:18.0414 4540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:22:18.0454 4540 usbhub - ok
13:22:18.0534 4540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:22:18.0547 4540 usbohci - ok
13:22:18.0576 4540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:22:18.0606 4540 usbprint - ok
13:22:18.0690 4540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:22:18.0736 4540 usbscan - ok
13:22:18.0794 4540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:22:18.0820 4540 USBSTOR - ok
13:22:18.0841 4540 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:22:18.0854 4540 usbuhci - ok
13:22:18.0901 4540 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:22:18.0940 4540 usbvideo - ok
13:22:18.0975 4540 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:22:19.0018 4540 UxSms - ok
13:22:19.0106 4540 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:19.0118 4540 VaultSvc - ok
13:22:19.0169 4540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:22:19.0180 4540 vdrvroot - ok
13:22:19.0235 4540 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:22:19.0291 4540 vds - ok
13:22:19.0399 4540 Veeam Backup and Replication Service (d3b2b473684a30162037fd5f738176fd) C:\Program Files\Veeam\Backup and Replication\Veeam.Backup.Service.exe
13:22:19.0432 4540 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - warning
13:22:19.0432 4540 Veeam Backup and Replication Service - detected UnsignedFile.Multi.Generic (1)
13:22:19.0474 4540 Veeam Backup Catalog Data Service (ccbbc5334849899380a5454c73cd9bd0) C:\Program Files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe
13:22:19.0478 4540 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - warning
13:22:19.0478 4540 Veeam Backup Catalog Data Service - detected UnsignedFile.Multi.Generic (1)
13:22:19.0560 4540 VeeamBackupService.exe (b3d63c710d50421207f7abed32c09d4f) C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe
13:22:19.0566 4540 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - warning
13:22:19.0566 4540 VeeamBackupService.exe - detected UnsignedFile.Multi.Generic (1)
13:22:19.0661 4540 VeeamNfsSvc (fa0df73f21cffacf07e304375ada3b00) C:\Program Files\Veeam\Backup and Replication\VeeamNFSSvc.exe
13:22:19.0677 4540 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - warning
13:22:19.0677 4540 VeeamNfsSvc - detected UnsignedFile.Multi.Generic (1)
13:22:19.0730 4540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:22:19.0741 4540 vga - ok
13:22:19.0761 4540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:22:19.0796 4540 VgaSave - ok
13:22:19.0797 4540 VGPU - ok
13:22:19.0819 4540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:22:19.0827 4540 vhdmp - ok
13:22:19.0853 4540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:22:19.0873 4540 viaide - ok
13:22:19.0946 4540 VIPRE Business Service (067be09aa3cdeb38766829d2399be91e) C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe
13:22:19.0962 4540 VIPRE Business Service - ok
13:22:20.0118 4540 VMUSBArbService (6c551c8b0672c926b80fa8199c8682e7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:22:20.0141 4540 VMUSBArbService - ok
13:22:20.0179 4540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:22:20.0191 4540 volmgr - ok
13:22:20.0235 4540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:22:20.0253 4540 volmgrx - ok
13:22:20.0287 4540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:22:20.0303 4540 volsnap - ok
13:22:20.0337 4540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:22:20.0351 4540 vsmraid - ok
13:22:20.0494 4540 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:22:20.0542 4540 VSS - ok
13:22:20.0588 4540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:22:20.0610 4540 vwifibus - ok
13:22:20.0697 4540 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:22:20.0721 4540 W32Time - ok
13:22:20.0747 4540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:22:20.0773 4540 WacomPen - ok
13:22:20.0810 4540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:20.0864 4540 WANARP - ok
13:22:20.0867 4540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:20.0890 4540 Wanarpv6 - ok
13:22:21.0239 4540 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:22:21.0270 4540 WatAdminSvc - ok
13:22:21.0384 4540 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:22:21.0432 4540 wbengine - ok
13:22:21.0479 4540 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:22:21.0536 4540 WbioSrvc - ok
13:22:21.0585 4540 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:22:21.0642 4540 wcncsvc - ok
13:22:21.0668 4540 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:22:21.0718 4540 WcsPlugInService - ok
13:22:21.0770 4540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:22:21.0782 4540 Wd - ok
13:22:21.0838 4540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:22:21.0862 4540 Wdf01000 - ok
13:22:21.0896 4540 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:22:21.0923 4540 WdiServiceHost - ok
13:22:21.0925 4540 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:22:21.0937 4540 WdiSystemHost - ok
13:22:21.0964 4540 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:22:21.0978 4540 WebClient - ok
13:22:22.0001 4540 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:22:22.0038 4540 Wecsvc - ok
13:22:22.0061 4540 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:22:22.0110 4540 wercplsupport - ok
13:22:22.0149 4540 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:22:22.0180 4540 WerSvc - ok
13:22:22.0200 4540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:22:22.0221 4540 WfpLwf - ok
13:22:22.0245 4540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:22:22.0251 4540 WIMMount - ok
13:22:22.0264 4540 WinDefend - ok
13:22:22.0268 4540 WinHttpAutoProxySvc - ok
13:22:22.0314 4540 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:22:22.0351 4540 Winmgmt - ok
13:22:22.0551 4540 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:22:22.0618 4540 WinRM - ok
13:22:22.0710 4540 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:22:22.0725 4540 WinUsb - ok
13:22:22.0768 4540 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:22:22.0812 4540 Wlansvc - ok
13:22:22.0885 4540 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:22:22.0895 4540 wlcrasvc - ok
13:22:23.0360 4540 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:22:23.0404 4540 wlidsvc - ok
13:22:23.0446 4540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:22:23.0483 4540 WmiAcpi - ok
13:22:23.0528 4540 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:22:23.0563 4540 wmiApSrv - ok
13:22:23.0586 4540 WMPNetworkSvc - ok
13:22:23.0611 4540 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:22:23.0624 4540 WPCSvc - ok
13:22:23.0686 4540 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:22:23.0703 4540 WPDBusEnum - ok
13:22:23.0741 4540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:22:23.0796 4540 ws2ifsl - ok
13:22:23.0888 4540 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
13:22:23.0897 4540 WsAudio_DeviceS(1) - ok
13:22:23.0964 4540 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
13:22:23.0973 4540 WsAudio_DeviceS(2) - ok
13:22:24.0004 4540 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
13:22:24.0014 4540 WsAudio_DeviceS(3) - ok
13:22:24.0034 4540 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
13:22:24.0043 4540 WsAudio_DeviceS(4) - ok
13:22:24.0066 4540 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
13:22:24.0072 4540 WsAudio_DeviceS(5) - ok
13:22:24.0103 4540 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:22:24.0145 4540 wscsvc - ok
13:22:24.0148 4540 WSearch - ok
13:22:24.0507 4540 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:22:24.0577 4540 wuauserv - ok
13:22:24.0622 4540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:22:24.0664 4540 WudfPf - ok
13:22:24.0731 4540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:22:24.0786 4540 WUDFRd - ok
13:22:24.0811 4540 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:22:24.0835 4540 wudfsvc - ok
13:22:24.0866 4540 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:22:24.0895 4540 WwanSvc - ok
13:22:24.0905 4540 MBR (0x1B8) (1d8e2c4fd95045778a74a5e211771138) \Device\Harddisk0\DR0
13:22:25.0145 4540 \Device\Harddisk0\DR0 - ok
13:22:25.0168 4540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:22:25.0409 4540 \Device\Harddisk1\DR1 - ok
13:22:25.0412 4540 Boot (0x1200) (1dc32f3431c691faa0c3f772553f7bab) \Device\Harddisk0\DR0\Partition0
13:22:25.0413 4540 \Device\Harddisk0\DR0\Partition0 - ok
13:22:25.0432 4540 Boot (0x1200) (9f8d9225a01213d7788a30a1849058ce) \Device\Harddisk0\DR0\Partition1
13:22:25.0434 4540 \Device\Harddisk0\DR0\Partition1 - ok
13:22:25.0470 4540 Boot (0x1200) (d02f5e2d20d52545cdded8dcd260fb6e) \Device\Harddisk0\DR0\Partition2
13:22:25.0488 4540 \Device\Harddisk0\DR0\Partition2 - ok
13:22:25.0491 4540 Boot (0x1200) (7adb6f7c98658fe907339b925e200ff0) \Device\Harddisk1\DR1\Partition0
13:22:25.0493 4540 \Device\Harddisk1\DR1\Partition0 - ok
13:22:25.0496 4540 Boot (0x1200) (5e8a6344e68f207a86acbc2c9ce0f152) \Device\Harddisk1\DR1\Partition1
13:22:25.0498 4540 \Device\Harddisk1\DR1\Partition1 - ok
13:22:25.0498 4540 ============================================================
13:22:25.0498 4540 Scan finished
13:22:25.0498 4540 ============================================================
13:22:25.0513 1836 Detected object count: 9
13:22:25.0513 1836 Actual detected object count: 9
13:23:00.0299 1836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0299 1836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0300 1836 OWProcMan ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0300 1836 OWProcMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0301 1836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0301 1836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0302 1836 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0302 1836 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0304 1836 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0304 1836 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0305 1836 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0305 1836 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0306 1836 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0306 1836 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0311 1836 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0311 1836 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:00.0312 1836 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:00.0312 1836 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:50.0753 3312 ============================================================
13:23:50.0753 3312 Scan started
13:23:50.0753 3312 Mode: Manual; SigCheck; TDLFS;
13:23:50.0753 3312 ============================================================
13:23:51.0019 3312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:23:51.0044 3312 1394ohci - ok
13:23:51.0084 3312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:23:51.0101 3312 ACPI - ok
13:23:51.0129 3312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:23:51.0138 3312 AcpiPmi - ok
13:23:51.0296 3312 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:51.0308 3312 AdobeFlashPlayerUpdateSvc - ok
13:23:51.0403 3312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:23:51.0423 3312 adp94xx - ok
13:23:51.0509 3312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:23:51.0526 3312 adpahci - ok
13:23:51.0544 3312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:23:51.0551 3312 adpu320 - ok
13:23:51.0617 3312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:23:51.0654 3312 AeLookupSvc - ok
13:23:51.0734 3312 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:23:51.0746 3312 AESTFilters - ok
13:23:51.0856 3312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:23:51.0875 3312 AFD - ok
13:23:51.0917 3312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:23:51.0929 3312 agp440 - ok
13:23:51.0987 3312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:23:52.0000 3312 ALG - ok
13:23:52.0035 3312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:23:52.0046 3312 aliide - ok
13:23:52.0137 3312 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
13:23:52.0157 3312 AMD External Events Utility - ok
13:23:52.0193 3312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:23:52.0204 3312 amdide - ok
13:23:52.0237 3312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:23:52.0250 3312 AmdK8 - ok
13:23:53.0373 3312 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
13:23:53.0453 3312 amdkmdag - ok
13:23:53.0769 3312 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:23:53.0788 3312 amdkmdap - ok
13:23:53.0843 3312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:23:53.0857 3312 AmdPPM - ok
13:23:53.0894 3312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:23:53.0906 3312 amdsata - ok
13:23:53.0993 3312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:23:54.0007 3312 amdsbs - ok
13:23:54.0052 3312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:23:54.0063 3312 amdxata - ok
13:23:54.0114 3312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:23:54.0148 3312 AppID - ok
13:23:54.0187 3312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:23:54.0209 3312 AppIDSvc - ok
13:23:54.0232 3312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:23:54.0251 3312 Appinfo - ok
13:23:54.0276 3312 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:23:54.0283 3312 AppMgmt - ok
13:23:54.0289 3312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:23:54.0295 3312 arc - ok
13:23:54.0327 3312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:23:54.0333 3312 arcsas - ok
13:23:54.0414 3312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:23:54.0423 3312 aspnet_state - ok
13:23:54.0445 3312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:54.0478 3312 AsyncMac - ok
13:23:54.0498 3312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:23:54.0504 3312 atapi - ok
13:23:54.0533 3312 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
13:23:54.0545 3312 AtiHDAudioService - ok
13:23:54.0614 3312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:54.0654 3312 AudioEndpointBuilder - ok
13:23:54.0658 3312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:54.0681 3312 AudioSrv - ok
13:23:54.0715 3312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:23:54.0735 3312 AxInstSV - ok
13:23:54.0822 3312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:23:54.0840 3312 b06bdrv - ok
13:23:54.0895 3312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:23:54.0911 3312 b57nd60a - ok
13:23:54.0951 3312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:23:54.0963 3312 BDESVC - ok
13:23:54.0992 3312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:23:55.0033 3312 Beep - ok
13:23:55.0069 3312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:23:55.0104 3312 BFE - ok
13:23:55.0201 3312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:23:55.0237 3312 BITS - ok
13:23:55.0305 3312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:23:55.0318 3312 blbdrive - ok
13:23:55.0354 3312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:23:55.0366 3312 bowser - ok
13:23:55.0404 3312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:23:55.0419 3312 BrFiltLo - ok
13:23:55.0462 3312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:23:55.0478 3312 BrFiltUp - ok
13:23:55.0540 3312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:23:55.0581 3312 Browser - ok
13:23:55.0627 3312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:23:55.0643 3312 Brserid - ok
13:23:55.0662 3312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:55.0677 3312 BrSerWdm - ok
13:23:55.0708 3312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:55.0723 3312 BrUsbMdm - ok
13:23:55.0742 3312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:55.0753 3312 BrUsbSer - ok
13:23:55.0771 3312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:23:55.0787 3312 BTHMODEM - ok
13:23:55.0848 3312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:23:55.0887 3312 bthserv - ok
13:23:55.0911 3312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:55.0931 3312 cdfs - ok
13:23:55.0947 3312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:55.0953 3312 cdrom - ok
13:23:55.0971 3312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:23:55.0990 3312 CertPropSvc - ok
13:23:56.0023 3312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:23:56.0030 3312 circlass - ok
13:23:56.0056 3312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:23:56.0065 3312 CLFS - ok
13:23:56.0247 3312 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
13:23:56.0260 3312 CLKMSVC10_38F51D56 - ok
13:23:56.0335 3312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:56.0342 3312 clr_optimization_v2.0.50727_32 - ok
13:23:56.0447 3312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:56.0457 3312 clr_optimization_v2.0.50727_64 - ok
13:23:56.0526 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:56.0537 3312 clr_optimization_v4.0.30319_32 - ok
13:23:56.0581 3312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:56.0592 3312 clr_optimization_v4.0.30319_64 - ok
13:23:56.0652 3312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:23:56.0664 3312 CmBatt - ok
13:23:56.0697 3312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:23:56.0708 3312 cmdide - ok
13:23:56.0777 3312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:23:56.0805 3312 CNG - ok
13:23:56.0840 3312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:23:56.0848 3312 Compbatt - ok
13:23:56.0887 3312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:23:56.0904 3312 CompositeBus - ok
13:23:56.0906 3312 COMSysApp - ok
13:23:56.0942 3312 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
13:23:56.0953 3312 cpuz135 - ok
13:23:56.0976 3312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:23:56.0987 3312 crcdisk - ok
13:23:57.0036 3312 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:23:57.0070 3312 CryptSvc - ok
13:23:57.0141 3312 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:23:57.0157 3312 CSC - ok
13:23:57.0229 3312 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:23:57.0249 3312 CscService - ok
13:23:57.0307 3312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:23:57.0342 3312 DcomLaunch - ok
13:23:57.0396 3312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:23:57.0418 3312 defragsvc - ok
13:23:57.0504 3312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:23:57.0540 3312 DfsC - ok
13:23:57.0568 3312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:23:57.0589 3312 Dhcp - ok
13:23:57.0601 3312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:23:57.0620 3312 discache - ok
13:23:57.0667 3312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:23:57.0679 3312 Disk - ok
13:23:57.0719 3312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:23:57.0732 3312 Dnscache - ok
13:23:57.0767 3312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:23:57.0808 3312 dot3svc - ok
13:23:57.0862 3312 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:23:57.0880 3312 Dot4 - ok
13:23:57.0895 3312 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:23:57.0911 3312 Dot4Print - ok
13:23:57.0960 3312 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:23:57.0976 3312 dot4usb - ok
13:23:58.0017 3312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:23:58.0052 3312 DPS - ok
13:23:58.0079 3312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:23:58.0087 3312 drmkaud - ok
13:23:58.0155 3312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:58.0178 3312 DXGKrnl - ok
13:23:58.0241 3312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:23:58.0284 3312 EapHost - ok
13:24:00.0168 3312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:24:00.0200 3312 ebdrv - ok
13:24:00.0388 3312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:24:00.0401 3312 EFS - ok
13:24:00.0511 3312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:24:00.0533 3312 ehRecvr - ok
13:24:00.0566 3312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:24:00.0579 3312 ehSched - ok
13:24:00.0705 3312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:24:00.0726 3312 elxstor - ok
13:24:00.0757 3312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:24:00.0770 3312 ErrDev - ok
13:24:00.0812 3312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:24:00.0848 3312 EventSystem - ok
13:24:00.0883 3312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:24:00.0904 3312 exfat - ok
13:24:00.0931 3312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:24:00.0953 3312 fastfat - ok
13:24:01.0027 3312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:24:01.0048 3312 Fax - ok
13:24:01.0079 3312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:24:01.0091 3312 fdc - ok
13:24:01.0112 3312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:24:01.0145 3312 fdPHost - ok
13:24:01.0176 3312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:24:01.0197 3312 FDResPub - ok
13:24:01.0232 3312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:24:01.0244 3312 FileInfo - ok
13:24:01.0268 3312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:24:01.0293 3312 Filetrace - ok
13:24:01.0347 3312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:24:01.0360 3312 flpydisk - ok
13:24:01.0421 3312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:24:01.0434 3312 FltMgr - ok
13:24:01.0613 3312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:24:01.0639 3312 FontCache - ok
13:24:01.0758 3312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:24:01.0774 3312 FontCache3.0.0.0 - ok
13:24:01.0818 3312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:24:01.0830 3312 FsDepends - ok
13:24:01.0864 3312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:24:01.0875 3312 Fs_Rec - ok
13:24:01.0898 3312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:24:01.0917 3312 fvevol - ok
13:24:01.0946 3312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:24:01.0955 3312 gagp30kx - ok
13:24:02.0084 3312 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:24:02.0096 3312 GamesAppService - ok
13:24:02.0190 3312 getbus - ok
13:24:02.0340 3312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:24:02.0380 3312 gpsvc - ok
13:24:02.0482 3312 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:02.0488 3312 gupdate - ok
13:24:02.0490 3312 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:02.0496 3312 gupdatem - ok
13:24:02.0565 3312 hcmon (1d19918788921253843f2b669f4c7f52) C:\Windows\system32\drivers\hcmon.sys
13:24:02.0574 3312 hcmon - ok
13:24:02.0587 3312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:24:02.0598 3312 hcw85cir - ok
13:24:02.0656 3312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:24:02.0676 3312 HdAudAddService - ok
13:24:02.0762 3312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:24:02.0779 3312 HDAudBus - ok
13:24:02.0830 3312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:24:02.0843 3312 HidBatt - ok
13:24:02.0870 3312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:24:02.0887 3312 HidBth - ok
13:24:02.0947 3312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:24:02.0963 3312 HidIr - ok
13:24:03.0020 3312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:24:03.0061 3312 hidserv - ok
13:24:03.0077 3312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:24:03.0083 3312 HidUsb - ok
13:24:03.0132 3312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:24:03.0166 3312 hkmsvc - ok
13:24:03.0249 3312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:24:03.0263 3312 HomeGroupListener - ok
13:24:03.0332 3312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:24:03.0347 3312 HomeGroupProvider - ok
13:24:03.0438 3312 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:24:03.0447 3312 HP Support Assistant Service - ok
13:24:03.0550 3312 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:24:03.0564 3312 HPClientSvc - ok
13:24:03.0631 3312 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:24:03.0640 3312 HPDrvMntSvc.exe - ok
13:24:03.0751 3312 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:24:03.0774 3312 hpqwmiex - ok
13:24:03.0867 3312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:24:03.0874 3312 HpSAMD - ok
13:24:03.0957 3312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:24:03.0992 3312 HTTP - ok
13:24:04.0010 3312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:24:04.0015 3312 hwpolicy - ok
13:24:04.0058 3312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:24:04.0072 3312 i8042prt - ok
13:24:04.0160 3312 iaStor (f981817d0bd03eac4fa60d0b2551a310) C:\Windows\system32\drivers\iaStor.sys
13:24:04.0181 3312 iaStor - ok
13:24:04.0233 3312 IAStorDataMgrSvc (b1cc71046a714e6a6af0a09eb7e05299) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:24:04.0242 3312 IAStorDataMgrSvc - ok
13:24:04.0328 3312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:24:04.0343 3312 iaStorV - ok
13:24:04.0492 3312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:24:04.0505 3312 idsvc - ok
13:24:05.0247 3312 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:24:05.0295 3312 igfx - ok
13:24:05.0368 3312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:24:05.0379 3312 iirsp - ok
13:24:05.0504 3312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:24:05.0539 3312 IKEEXT - ok
13:24:05.0600 3312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:24:05.0612 3312 intelide - ok
13:24:05.0637 3312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:24:05.0647 3312 intelppm - ok
13:24:05.0709 3312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:24:05.0742 3312 IPBusEnum - ok
13:24:05.0775 3312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:05.0796 3312 IpFilterDriver - ok
13:24:05.0863 3312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:24:05.0892 3312 iphlpsvc - ok
13:24:05.0969 3312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:24:05.0980 3312 IPMIDRV - ok
13:24:06.0024 3312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:24:06.0054 3312 IPNAT - ok
13:24:06.0093 3312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:24:06.0102 3312 IRENUM - ok
13:24:06.0133 3312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:24:06.0138 3312 isapnp - ok
13:24:06.0227 3312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:24:06.0243 3312 iScsiPrt - ok
13:24:06.0264 3312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:06.0272 3312 kbdclass - ok
13:24:06.0313 3312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:06.0325 3312 kbdhid - ok
13:24:06.0382 3312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:06.0394 3312 KeyIso - ok
13:24:06.0452 3312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:24:06.0464 3312 KSecDD - ok
13:24:06.0490 3312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:24:06.0496 3312 KSecPkg - ok
13:24:06.0512 3312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:24:06.0539 3312 ksthunk - ok
13:24:06.0605 3312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:24:06.0644 3312 KtmRm - ok
13:24:06.0687 3312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:24:06.0720 3312 LanmanServer - ok
13:24:06.0795 3312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:24:06.0828 3312 LanmanWorkstation - ok
13:24:06.0887 3312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:06.0929 3312 lltdio - ok
13:24:07.0022 3312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:24:07.0060 3312 lltdsvc - ok
13:24:07.0125 3312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:24:07.0160 3312 lmhosts - ok
13:24:07.0347 3312 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
13:24:07.0359 3312 LMIGuardianSvc - ok
13:24:07.0393 3312 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
13:24:07.0400 3312 LMIInfo - ok
13:24:07.0475 3312 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
13:24:07.0484 3312 LMIMaint - ok
13:24:07.0516 3312 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
13:24:07.0524 3312 lmimirr - ok
13:24:07.0526 3312 LMIRfsClientNP - ok
13:24:07.0567 3312 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:24:07.0576 3312 LMIRfsDriver - ok
13:24:07.0728 3312 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:24:07.0743 3312 LMS - ok
13:24:07.0789 3312 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
13:24:07.0797 3312 LogMeIn - ok
13:24:07.0846 3312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:24:07.0852 3312 LSI_FC - ok
13:24:07.0925 3312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:24:07.0938 3312 LSI_SAS - ok
13:24:08.0008 3312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:24:08.0020 3312 LSI_SAS2 - ok
13:24:08.0088 3312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:24:08.0101 3312 LSI_SCSI - ok
13:24:08.0178 3312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:24:08.0222 3312 luafv - ok
13:24:08.0279 3312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:24:08.0291 3312 Mcx2Svc - ok
13:24:08.0313 3312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:24:08.0320 3312 megasas - ok
13:24:08.0344 3312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:24:08.0353 3312 MegaSR - ok
13:24:08.0378 3312 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
13:24:08.0384 3312 MEIx64 - ok
13:24:08.0423 3312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:24:08.0446 3312 MMCSS - ok
13:24:08.0484 3312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:24:08.0506 3312 Modem - ok
13:24:08.0574 3312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:24:08.0608 3312 monitor - ok
13:24:08.0678 3312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:24:08.0689 3312 mouclass - ok
13:24:08.0709 3312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:08.0721 3312 mouhid - ok
13:24:08.0792 3312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:24:08.0805 3312 mountmgr - ok
13:24:08.0878 3312 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:24:08.0889 3312 MozillaMaintenance - ok
13:24:08.0960 3312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:24:08.0973 3312 mpio - ok
13:24:09.0013 3312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:24:09.0052 3312 mpsdrv - ok
13:24:09.0114 3312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:24:09.0149 3312 MpsSvc - ok
13:24:09.0199 3312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:24:09.0219 3312 MRxDAV - ok
13:24:09.0279 3312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:09.0293 3312 mrxsmb - ok
13:24:09.0357 3312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:09.0371 3312 mrxsmb10 - ok
13:24:09.0420 3312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:09.0431 3312 mrxsmb20 - ok
13:24:09.0536 3312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:24:09.0547 3312 msahci - ok
13:24:09.0593 3312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:24:09.0606 3312 msdsm - ok
13:24:09.0685 3312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:24:09.0707 3312 MSDTC - ok
13:24:09.0855 3312 MsDtsServer110 (40be2c09ace1bed16a343662e6fdf241) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
13:24:09.0872 3312 MsDtsServer110 - ok
13:24:09.0917 3312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:24:09.0958 3312 Msfs - ok
13:24:09.0985 3312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:24:10.0005 3312 mshidkmdf - ok
13:24:10.0074 3312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:24:10.0084 3312 msisadrv - ok
13:24:10.0144 3312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:24:10.0165 3312 MSiSCSI - ok
13:24:10.0166 3312 msiserver - ok
13:24:10.0207 3312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:10.0242 3312 MSKSSRV - ok
13:24:10.0282 3312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:10.0303 3312 MSPCLOCK - ok
13:24:10.0343 3312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:24:10.0363 3312 MSPQM - ok
13:24:10.0430 3312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:24:10.0447 3312 MsRPC - ok
13:24:10.0533 3312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:24:10.0541 3312 mssmbios - ok
13:24:10.0635 3312 MSSQL$SQLEXPRESS - ok
13:24:10.0726 3312 MSSQL$VEEAM - ok
13:24:10.0818 3312 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:24:10.0827 3312 MSSQLServerADHelper - ok
13:24:11.0015 3312 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:24:11.0026 3312 MSSQLServerADHelper100 - ok
13:24:11.0053 3312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:24:11.0095 3312 MSTEE - ok
13:24:11.0167 3312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:24:11.0179 3312 MTConfig - ok
13:24:11.0229 3312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:24:11.0240 3312 Mup - ok
13:24:11.0352 3312 MySQL - ok
13:24:11.0460 3312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:24:11.0502 3312 napagent - ok
13:24:11.0577 3312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:11.0588 3312 NativeWifiP - ok
13:24:11.0706 3312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:24:11.0730 3312 NDIS - ok
13:24:11.0770 3312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:11.0805 3312 NdisCap - ok
13:24:11.0834 3312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:11.0853 3312 NdisTapi - ok
13:24:11.0858 3312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:11.0877 3312 Ndisuio - ok
13:24:11.0973 3312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:12.0011 3312 NdisWan - ok
13:24:12.0053 3312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:24:12.0087 3312 NDProxy - ok
13:24:12.0134 3312 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:24:12.0139 3312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:12.0139 3312 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:12.0170 3312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:24:12.0209 3312 NetBIOS - ok
13:24:12.0282 3312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:24:12.0316 3312 NetBT - ok
13:24:12.0360 3312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:12.0365 3312 Netlogon - ok
13:24:12.0392 3312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:24:12.0415 3312 Netman - ok
13:24:12.0666 3312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:12.0677 3312 NetMsmqActivator - ok
13:24:12.0680 3312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:12.0691 3312 NetPipeActivator - ok
13:24:12.0754 3312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:24:12.0795 3312 netprofm - ok
13:24:12.0796 3312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:12.0802 3312 NetTcpActivator - ok
13:24:12.0803 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:12.0808 3312 NetTcpPortSharing - ok
13:24:12.0852 3312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:24:12.0864 3312 nfrd960 - ok
13:24:12.0919 3312 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:12.0929 3312 NisDrv - ok
13:24:12.0954 3312 NisSrv - ok
13:24:12.0978 3312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:24:13.0011 3312 NlaSvc - ok
13:24:13.0088 3312 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
13:24:13.0100 3312 nm3 - ok
13:24:13.0128 3312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:24:13.0161 3312 Npfs - ok
13:24:13.0188 3312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:24:13.0212 3312 nsi - ok
13:24:13.0215 3312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:24:13.0235 3312 nsiproxy - ok
13:24:13.0347 3312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:24:13.0374 3312 Ntfs - ok
13:24:13.0488 3312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:24:13.0521 3312 Null - ok
13:24:13.0569 3312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:24:13.0578 3312 nvraid - ok
13:24:13.0635 3312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:24:13.0648 3312 nvstor - ok
13:24:13.0683 3312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:24:13.0696 3312 nv_agp - ok
13:24:13.0750 3312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:24:13.0770 3312 ohci1394 - ok
13:24:13.0891 3312 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:13.0897 3312 ose - ok
13:24:15.0880 3312 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:24:15.0933 3312 osppsvc - ok
13:24:16.0077 3312 OWProcMan (52e80d7429b4954cb63c36f57925b031) c:\progra~1\netgear\netgea~1\oware\bin\owprocman.exe
13:24:16.0081 3312 OWProcMan ( UnsignedFile.Multi.Generic ) - warning
13:24:16.0082 3312 OWProcMan - detected UnsignedFile.Multi.Generic (1)
13:24:16.0243 3312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:24:16.0260 3312 p2pimsvc - ok
13:24:16.0344 3312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:24:16.0362 3312 p2psvc - ok
13:24:16.0410 3312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:24:16.0424 3312 Parport - ok
13:24:16.0717 3312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:24:16.0730 3312 partmgr - ok
13:24:16.0764 3312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:24:16.0786 3312 PcaSvc - ok
13:24:16.0853 3312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:24:16.0866 3312 pci - ok
13:24:16.0954 3312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:24:16.0965 3312 pciide - ok
13:24:17.0101 3312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:24:17.0116 3312 pcmcia - ok
13:24:17.0154 3312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:24:17.0166 3312 pcw - ok
13:24:17.0208 3312 pdfcDispatcher - ok
13:24:17.0348 3312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:24:17.0391 3312 PEAUTH - ok
13:24:17.0548 3312 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:24:17.0571 3312 PeerDistSvc - ok
13:24:17.0681 3312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:24:17.0696 3312 PerfHost - ok
13:24:17.0877 3312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:24:17.0914 3312 pla - ok
13:24:17.0948 3312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:24:17.0957 3312 PlugPlay - ok
13:24:18.0006 3312 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:24:18.0011 3312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:18.0011 3312 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:18.0071 3312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:24:18.0084 3312 PNRPAutoReg - ok
13:24:18.0135 3312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:24:18.0151 3312 PNRPsvc - ok
13:24:18.0324 3312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:24:18.0367 3312 PolicyAgent - ok
13:24:18.0417 3312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:24:18.0451 3312 Power - ok
13:24:18.0511 3312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:18.0551 3312 PptpMiniport - ok
13:24:18.0608 3312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:24:18.0621 3312 Processor - ok
13:24:18.0668 3312 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:24:18.0705 3312 ProfSvc - ok
13:24:18.0768 3312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:18.0781 3312 ProtectedStorage - ok
13:24:18.0832 3312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:24:18.0852 3312 Psched - ok
13:24:18.0935 3312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:24:18.0960 3312 ql2300 - ok
13:24:19.0037 3312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:24:19.0050 3312 ql40xx - ok
13:24:19.0200 3312 QuestNmsAgent (d8ae9f1415d15632a93aabfd904a26d4) C:\Program Files (x86)\Quest Software\Foglight NMS\ptagentservice.exe
13:24:19.0215 3312 QuestNmsAgent - ok
13:24:19.0243 3312 QuestNmsServer (6a073a86a1dd035d63ea88e0d32d4675) C:\Program Files (x86)\Quest Software\Foglight NMS\ptserverservice.exe
13:24:19.0251 3312 QuestNmsServer - ok
13:24:19.0280 3312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:24:19.0294 3312 QWAVE - ok
13:24:19.0312 3312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:24:19.0323 3312 QWAVEdrv - ok
13:24:19.0341 3312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:19.0366 3312 RasAcd - ok
13:24:19.0412 3312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:19.0449 3312 RasAgileVpn - ok
13:24:19.0460 3312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:24:19.0480 3312 RasAuto - ok
13:24:19.0558 3312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:19.0594 3312 Rasl2tp - ok
13:24:19.0668 3312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:24:19.0704 3312 RasMan - ok
13:24:19.0752 3312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:19.0789 3312 RasPppoe - ok
13:24:19.0832 3312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:19.0867 3312 RasSstp - ok
13:24:19.0952 3312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:19.0996 3312 rdbss - ok
13:24:20.0034 3312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:20.0050 3312 rdpbus - ok
13:24:20.0087 3312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:20.0122 3312 RDPCDD - ok
13:24:20.0157 3312 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:24:20.0163 3312 RDPDR - ok
13:24:20.0182 3312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:24:20.0203 3312 RDPENCDD - ok
13:24:20.0223 3312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:24:20.0244 3312 RDPREFMP - ok
13:24:20.0269 3312 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:24:20.0275 3312 RdpVideoMiniport - ok
13:24:20.0374 3312 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:24:20.0387 3312 RDPWD - ok
13:24:20.0524 3312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:24:20.0539 3312 rdyboost - ok
13:24:20.0577 3312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:24:20.0611 3312 RemoteAccess - ok
13:24:20.0702 3312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:24:20.0722 3312 RemoteRegistry - ok
13:24:20.0836 3312 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:24:20.0853 3312 RoxioNow Service - ok
13:24:20.0921 3312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:24:20.0960 3312 RpcEptMapper - ok
13:24:20.0981 3312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:24:20.0987 3312 RpcLocator - ok
13:24:21.0037 3312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:24:21.0076 3312 RpcSs - ok
13:24:21.0219 3312 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:24:21.0233 3312 RsFx0103 - ok
13:24:21.0293 3312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:21.0326 3312 rspndr - ok
13:24:21.0381 3312 RTL8167 (c5cd940effade1f6246730bca14e9fe6) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:24:21.0404 3312 RTL8167 - ok
13:24:21.0438 3312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:21.0450 3312 SamSs - ok
13:24:21.0981 3312 SBAMSvc (77dbda1401ff941962bb133125ee22c7) C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
13:24:22.0026 3312 SBAMSvc - ok
13:24:22.0162 3312 sbapifs (36ac5257569aa3db15488c1d32208ddb) C:\Windows\system32\DRIVERS\sbapifs.sys
13:24:22.0172 3312 sbapifs - ok
13:24:22.0292 3312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:24:22.0305 3312 sbp2port - ok
13:24:22.0385 3312 SBPIMSvc (f2d18d2bd968f949c812472afad8c55a) C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
13:24:22.0396 3312 SBPIMSvc - ok
13:24:22.0419 3312 SBRE (17c0970209f59ceca7bebd580b5bad0b) C:\Windows\system32\drivers\SBREdrv.sys
13:24:22.0429 3312 SBRE - ok
13:24:22.0461 3312 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
13:24:22.0472 3312 SbTis - ok
13:24:22.0508 3312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:24:22.0550 3312 SCardSvr - ok
13:24:22.0562 3312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:24:22.0581 3312 scfilter - ok
13:24:22.0622 3312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:24:22.0648 3312 Schedule - ok
13:24:22.0671 3312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:24:22.0691 3312 SCPolicySvc - ok
13:24:22.0692 3312 Script Manager - ok
13:24:22.0718 3312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:24:22.0725 3312 SDRSVC - ok
13:24:22.0743 3312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:24:22.0764 3312 secdrv - ok
13:24:22.0789 3312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:24:22.0808 3312 seclogon - ok
13:24:22.0827 3312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:24:22.0847 3312 SENS - ok
13:24:22.0871 3312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:24:22.0877 3312 SensrSvc - ok
13:24:22.0916 3312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:24:22.0929 3312 Serenum - ok
13:24:22.0991 3312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:24:23.0003 3312 Serial - ok
13:24:23.0031 3312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:24:23.0043 3312 sermouse - ok
13:24:23.0111 3312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:24:23.0150 3312 SessionEnv - ok
13:24:23.0181 3312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:24:23.0197 3312 sffdisk - ok
13:24:23.0233 3312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:23.0249 3312 sffp_mmc - ok
13:24:23.0268 3312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:24:23.0284 3312 sffp_sd - ok
13:24:23.0294 3312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:24:23.0306 3312 sfloppy - ok
13:24:23.0372 3312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:24:23.0406 3312 SharedAccess - ok
13:24:23.0468 3312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:24:23.0510 3312 ShellHWDetection - ok
13:24:23.0531 3312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:24:23.0536 3312 SiSRaid2 - ok
13:24:23.0570 3312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:24:23.0582 3312 SiSRaid4 - ok
13:24:23.0618 3312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:24:23.0658 3312 Smb - ok
13:24:23.0688 3312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:24:23.0700 3312 SNMPTRAP - ok
13:24:23.0839 3312 SolarWinds SFTP Server (4425d651576c9de9ac136f23abf546df) C:\Program Files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe
13:24:23.0843 3312 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - warning
13:24:23.0843 3312 SolarWinds SFTP Server - detected UnsignedFile.Multi.Generic (1)
13:24:23.0894 3312 SolarWinds TFTP Server (dd37e8e013ebc4bc5c22edd62867dcc4) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
13:24:23.0898 3312 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - warning
13:24:23.0898 3312 SolarWinds TFTP Server - detected UnsignedFile.Multi.Generic (1)
13:24:23.0927 3312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:24:23.0937 3312 spldr - ok
13:24:24.0029 3312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:24:24.0078 3312 Spooler - ok
13:24:26.0134 3312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:24:26.0183 3312 sppsvc - ok
13:24:26.0299 3312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:24:26.0333 3312 sppuinotify - ok
13:24:26.0532 3312 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:24:26.0548 3312 SQLAgent$SQLEXPRESS - ok
13:24:26.0642 3312 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:24:26.0655 3312 SQLBrowser - ok
13:24:26.0735 3312 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:24:26.0747 3312 SQLWriter - ok
13:24:26.0825 3312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:24:26.0834 3312 srv - ok
13:24:26.0959 3312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:24:26.0975 3312 srv2 - ok
13:24:27.0004 3312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:24:27.0017 3312 srvnet - ok
13:24:27.0053 3312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:24:27.0090 3312 SSDPSRV - ok
13:24:27.0116 3312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:24:27.0137 3312 SstpSvc - ok
13:24:27.0219 3312 STacSV (0cdea5acbb69c45f642e96d81e906ccd) C:\Program Files\IDT\WDM\STacSV64.exe
13:24:27.0234 3312 STacSV - ok
13:24:27.0259 3312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:24:27.0269 3312 stexstor - ok
13:24:27.0314 3312 STHDA (5c8d6072d1d09f11789c6a014688048a) C:\Windows\system32\DRIVERS\stwrt64.sys
13:24:27.0331 3312 STHDA - ok
13:24:27.0419 3312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:24:27.0445 3312 stisvc - ok
13:24:27.0589 3312 SWBrowserIntegration (06e24cc9a1966fb6095f6ea1529cee9b) C:\Program Files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe
13:24:27.0598 3312 SWBrowserIntegration - ok
13:24:27.0635 3312 SWDUMon (04cf20310145dec63d5387beaff77d9a) C:\Windows\system32\DRIVERS\SWDUMon.sys
13:24:27.0644 3312 SWDUMon - ok
13:24:27.0669 3312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:24:27.0680 3312 swenum - ok
13:24:27.0749 3312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:24:27.0785 3312 swprv - ok
13:24:27.0839 3312 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:24:27.0852 3312 SymEvent - ok
13:24:28.0049 3312 Synergy - ok
13:24:28.0052 3312 Synth3dVsc - ok
13:24:28.0215 3312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:24:28.0245 3312 SysMain - ok
13:24:28.0290 3312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:24:28.0311 3312 TabletInputService - ok
13:24:28.0347 3312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:24:28.0384 3312 TapiSrv - ok
13:24:28.0403 3312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:24:28.0427 3312 TBS - ok
13:24:29.0103 3312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:24:29.0136 3312 Tcpip - ok
13:24:29.0391 3312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:24:29.0417 3312 TCPIP6 - ok
13:24:29.0469 3312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:24:29.0501 3312 tcpipreg - ok
13:24:29.0576 3312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:24:29.0588 3312 TDPIPE - ok
13:24:29.0639 3312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:24:29.0651 3312 TDTCP - ok
13:24:29.0688 3312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:24:29.0727 3312 tdx - ok
13:24:29.0786 3312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:24:29.0798 3312 TermDD - ok
13:24:29.0857 3312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:24:29.0892 3312 TermService - ok
13:24:29.0907 3312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:24:29.0917 3312 Themes - ok
13:24:29.0960 3312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:24:29.0996 3312 THREADORDER - ok
13:24:30.0026 3312 tihub3 (72a25cae92f5a57d1f3d278a94dc3ceb) C:\Windows\system32\DRIVERS\tihub3.sys
13:24:30.0038 3312 tihub3 - ok
13:24:30.0076 3312 tixhci (e0f9e190b41f190bcf2e2b865d061fd6) C:\Windows\system32\drivers\tixhci.sys
13:24:30.0092 3312 tixhci - ok
13:24:30.0142 3312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:24:30.0180 3312 TrkWks - ok
13:24:30.0229 3312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:24:30.0259 3312 TrustedInstaller - ok
13:24:30.0283 3312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:30.0302 3312 tssecsrv - ok
13:24:30.0314 3312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:24:30.0320 3312 TsUsbFlt - ok
13:24:30.0342 3312 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:24:30.0348 3312 TsUsbGD - ok
13:24:30.0349 3312 tsusbhub - ok
13:24:30.0382 3312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:24:30.0403 3312 tunnel - ok
13:24:30.0421 3312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:24:30.0427 3312 uagp35 - ok
13:24:30.0502 3312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:24:30.0537 3312 udfs - ok
13:24:30.0568 3312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:24:30.0575 3312 UI0Detect - ok
13:24:30.0632 3312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:24:30.0644 3312 uliagpkx - ok
13:24:30.0662 3312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:24:30.0675 3312 umbus - ok
13:24:30.0687 3312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:24:30.0699 3312 UmPass - ok
13:24:30.0798 3312 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:24:30.0812 3312 UmRdpService - ok
13:24:32.0759 3312 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:24:32.0802 3312 UNS - ok
13:24:32.0911 3312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:24:32.0947 3312 upnphost - ok
13:24:33.0086 3312 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:24:33.0103 3312 usbaudio - ok
13:24:33.0135 3312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:24:33.0148 3312 usbccgp - ok
13:24:33.0197 3312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:24:33.0215 3312 usbcir - ok
13:24:33.0277 3312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:24:33.0288 3312 usbehci - ok
13:24:33.0395 3312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:24:33.0412 3312 usbhub - ok
13:24:33.0471 3312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:24:33.0483 3312 usbohci - ok
13:24:33.0512 3312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:24:33.0528 3312 usbprint - ok
13:24:33.0578 3312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:24:33.0594 3312 usbscan - ok
13:24:33.0690 3312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:33.0703 3312 USBSTOR - ok
13:24:33.0735 3312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:24:33.0747 3312 usbuhci - ok
13:24:33.0786 3312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:24:33.0804 3312 usbvideo - ok
13:24:33.0826 3312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:24:33.0850 3312 UxSms - ok
13:24:33.0900 3312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:33.0912 3312 VaultSvc - ok
13:24:33.0937 3312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:24:33.0949 3312 vdrvroot - ok
13:24:34.0053 3312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:24:34.0089 3312 vds - ok
13:24:34.0350 3312 Veeam Backup and Replication Service (d3b2b473684a30162037fd5f738176fd) C:\Program Files\Veeam\Backup and Replication\Veeam.Backup.Service.exe
13:24:34.0357 3312 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - warning
13:24:34.0357 3312 Veeam Backup and Replication Service - detected UnsignedFile.Multi.Generic (1)
13:24:34.0465 3312 Veeam Backup Catalog Data Service (ccbbc5334849899380a5454c73cd9bd0) C:\Program Files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe
13:24:34.0470 3312 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - warning
13:24:34.0470 3312 Veeam Backup Catalog Data Service - detected UnsignedFile.Multi.Generic (1)
13:24:34.0596 3312 VeeamBackupService.exe (b3d63c710d50421207f7abed32c09d4f) C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe
13:24:34.0601 3312 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - warning
13:24:34.0601 3312 VeeamBackupService.exe - detected UnsignedFile.Multi.Generic (1)
13:24:34.0667 3312 VeeamNfsSvc (fa0df73f21cffacf07e304375ada3b00) C:\Program Files\Veeam\Backup and Replication\VeeamNFSSvc.exe
13:24:34.0683 3312 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - warning
13:24:34.0683 3312 VeeamNfsSvc - detected UnsignedFile.Multi.Generic (1)
13:24:34.0732 3312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:34.0746 3312 vga - ok
13:24:34.0787 3312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:24:34.0820 3312 VgaSave - ok
13:24:34.0822 3312 VGPU - ok
13:24:34.0949 3312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:24:34.0964 3312 vhdmp - ok
13:24:35.0005 3312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:24:35.0016 3312 viaide - ok
13:24:35.0147 3312 VIPRE Business Service (067be09aa3cdeb38766829d2399be91e) C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe
13:24:35.0163 3312 VIPRE Business Service - ok
13:24:35.0301 3312 VMUSBArbService (6c551c8b0672c926b80fa8199c8682e7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:24:35.0320 3312 VMUSBArbService - ok
13:24:35.0339 3312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:24:35.0349 3312 volmgr - ok
13:24:35.0391 3312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:24:35.0406 3312 volmgrx - ok
13:24:35.0443 3312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:24:35.0457 3312 volsnap - ok
13:24:35.0547 3312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:24:35.0560 3312 vsmraid - ok
13:24:35.0843 3312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:24:35.0883 3312 VSS - ok
13:24:35.0940 3312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:24:35.0956 3312 vwifibus - ok
13:24:36.0036 3312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:24:36.0085 3312 W32Time - ok
13:24:36.0140 3312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:24:36.0153 3312 WacomPen - ok
13:24:36.0196 3312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:36.0238 3312 WANARP - ok
13:24:36.0241 3312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:36.0261 3312 Wanarpv6 - ok
13:24:36.0542 3312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:24:36.0573 3312 WatAdminSvc - ok
13:24:36.0818 3312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:24:36.0846 3312 wbengine - ok
13:24:36.0980 3312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:24:37.0000 3312 WbioSrvc - ok
13:24:37.0041 3312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:24:37.0058 3312 wcncsvc - ok
13:24:37.0078 3312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:24:37.0087 3312 WcsPlugInService - ok
13:24:37.0183 3312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:24:37.0194 3312 Wd - ok
13:24:37.0346 3312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:24:37.0367 3312 Wdf01000 - ok
13:24:37.0385 3312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:24:37.0395 3312 WdiServiceHost - ok
13:24:37.0397 3312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:24:37.0407 3312 WdiSystemHost - ok
13:24:37.0456 3312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:24:37.0467 3312 WebClient - ok
13:24:37.0497 3312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:24:37.0520 3312 Wecsvc - ok
13:24:37.0541 3312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:24:37.0562 3312 wercplsupport - ok
13:24:37.0593 3312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:24:37.0629 3312 WerSvc - ok
13:24:37.0650 3312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:24:37.0669 3312 WfpLwf - ok
13:24:37.0696 3312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:24:37.0701 3312 WIMMount - ok
13:24:37.0740 3312 WinDefend - ok
13:24:37.0745 3312 WinHttpAutoProxySvc - ok
13:24:37.0836 3312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:24:37.0871 3312 Winmgmt - ok
13:24:38.0170 3312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:24:38.0214 3312 WinRM - ok
13:24:38.0268 3312 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:24:38.0284 3312 WinUsb - ok
13:24:38.0392 3312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:24:38.0424 3312 Wlansvc - ok
13:24:38.0516 3312 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:24:38.0525 3312 wlcrasvc - ok
13:24:38.0856 3312 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:24:38.0886 3312 wlidsvc - ok
13:24:38.0939 3312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:24:38.0948 3312 WmiAcpi - ok
13:24:39.0015 3312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:24:39.0031 3312 wmiApSrv - ok
13:24:39.0046 3312 WMPNetworkSvc - ok
13:24:39.0080 3312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:24:39.0090 3312 WPCSvc - ok
13:24:39.0102 3312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:24:39.0115 3312 WPDBusEnum - ok
13:24:39.0151 3312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:24:39.0188 3312 ws2ifsl - ok
13:24:39.0232 3312 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
13:24:39.0242 3312 WsAudio_DeviceS(1) - ok
13:24:39.0308 3312 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
13:24:39.0317 3312 WsAudio_DeviceS(2) - ok
13:24:39.0334 3312 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
13:24:39.0344 3312 WsAudio_DeviceS(3) - ok
13:24:39.0370 3312 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
13:24:39.0379 3312 WsAudio_DeviceS(4) - ok
13:24:39.0402 3312 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
13:24:39.0411 3312 WsAudio_DeviceS(5) - ok
13:24:39.0445 3312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:24:39.0466 3312 wscsvc - ok
13:24:39.0468 3312 WSearch - ok
13:24:39.0875 3312 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:24:39.0925 3312 wuauserv - ok
13:24:39.0974 3312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:24:39.0995 3312 WudfPf - ok
13:24:40.0065 3312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:40.0108 3312 WUDFRd - ok
13:24:40.0143 3312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:24:40.0179 3312 wudfsvc - ok
13:24:40.0226 3312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:24:40.0237 3312 WwanSvc - ok
13:24:40.0258 3312 MBR (0x1B8) (1d8e2c4fd95045778a74a5e211771138) \Device\Harddisk0\DR0
13:24:40.0485 3312 \Device\Harddisk0\DR0 - ok
13:24:40.0488 3312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:24:40.0651 3312 \Device\Harddisk1\DR1 - ok
13:24:40.0653 3312 Boot (0x1200) (1dc32f3431c691faa0c3f772553f7bab) \Device\Harddisk0\DR0\Partition0
13:24:40.0654 3312 \Device\Harddisk0\DR0\Partition0 - ok
13:24:40.0666 3312 Boot (0x1200) (9f8d9225a01213d7788a30a1849058ce) \Device\Harddisk0\DR0\Partition1
13:24:40.0684 3312 \Device\Harddisk0\DR0\Partition1 - ok
13:24:40.0721 3312 Boot (0x1200) (d02f5e2d20d52545cdded8dcd260fb6e) \Device\Harddisk0\DR0\Partition2
13:24:40.0756 3312 \Device\Harddisk0\DR0\Partition2 - ok
13:24:40.0759 3312 Boot (0x1200) (7adb6f7c98658fe907339b925e200ff0) \Device\Harddisk1\DR1\Partition0
13:24:40.0761 3312 \Device\Harddisk1\DR1\Partition0 - ok
13:24:40.0764 3312 Boot (0x1200) (5e8a6344e68f207a86acbc2c9ce0f152) \Device\Harddisk1\DR1\Partition1
13:24:40.0766 3312 \Device\Harddisk1\DR1\Partition1 - ok
13:24:40.0766 3312 ============================================================
13:24:40.0766 3312 Scan finished
13:24:40.0766 3312 ============================================================
13:24:40.0775 2888 Detected object count: 9
13:24:40.0775 2888 Actual detected object count: 9
13:25:37.0838 2888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0838 2888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0839 2888 OWProcMan ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0839 2888 OWProcMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0840 2888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0841 2888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0842 2888 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0842 2888 SolarWinds SFTP Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0843 2888 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0843 2888 SolarWinds TFTP Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0844 2888 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0844 2888 Veeam Backup and Replication Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0845 2888 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0845 2888 Veeam Backup Catalog Data Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0846 2888 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0846 2888 VeeamBackupService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:25:37.0847 2888 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:25:37.0847 2888 VeeamNfsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip



��A
  • 0

#6
CompCav
Posted 26 May 2012 - 03:03 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please post the OTL fix log it can be located here:

If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • 0

#7
lwest
Posted 26 May 2012 - 03:30 PM

lwest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Apologies, I thought I posted it:
��All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.

File C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3bc044b-d373-11e0-a866-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3bc044b-d373-11e0-a866-806e6f6e6963}\ not found.

File move failed. E:\Autorun.exe scheduled to be moved on reboot.

Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.

C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.

Folder C:\Users\pwest\AppData\Roaming\SUPERAntiSpyware.com\ not found.

Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\ not found.

Folder C:\ProgramData\SUPERAntiSpyware.com\ not found.

Folder C:\Program Files\SUPERAntiSpyware\ not found.

========== FILES ==========

[color=#A23BEC]< ipconfig /flushdns /c >[/color]

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\pwest\Desktop\cmd.bat deleted successfully.

C:\Users\pwest\Desktop\cmd.txt deleted successfully.

========== REGISTRY ==========

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully



[EMPTYTEMP]



User: All Users



User: cadmin

->Temp folder emptied: 253034 bytes

->Temporary Internet Files folder emptied: 7976719 bytes

->Flash cache emptied: 42076 bytes



User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes



User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes



User: MsDtsServer110

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes



User: patrick

->Temp folder emptied: 32799 bytes

->Temporary Internet Files folder emptied: 36876 bytes

->Flash cache emptied: 41620 bytes



User: Public



User: pwest

->Temp folder emptied: 111347318 bytes

->Temporary Internet Files folder emptied: 133706759 bytes

->Java cache emptied: 1659224 bytes

->FireFox cache emptied: 132573381 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1419 bytes



User: spradsadmin

->Temp folder emptied: 214852 bytes

->Temporary Internet Files folder emptied: 40736 bytes

->Flash cache emptied: 41620 bytes



%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119055407 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1060098 bytes

RecycleBin emptied: 387072 bytes



Total Files Cleaned = 485.00 mb



Restore point Set: OTL Restore Point



OTL by OldTimer - Version 3.2.43.1 log created on 05262012_131228



Files\Folders moved on Reboot...

File move failed. E:\Autorun.exe scheduled to be moved on reboot.

C:\Users\pwest\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\pwest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DAEM2DV\default[1].htm moved successfully.

C:\Users\pwest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DAEM2DV\spradsrv_com[1].htm moved successfully.

C:\Users\pwest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ETTK2B0\Folder[3].htm moved successfully.



Registry entries deleted on Reboot...

Edited by lwest, 26 May 2012 - 03:32 PM.

  • 0

#8
lwest
Posted 26 May 2012 - 03:31 PM

lwest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Apologies, I thought I posted it:

��A
  • 0

#9
CompCav
Posted 26 May 2012 - 03:35 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.
  • 0

#10
lwest
Posted 26 May 2012 - 04:38 PM

lwest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Still experiencing problems. For example - typing cmd from the "search program and files" prompt will take 15 seconds plus. If I click a shortcut to the cmd prompt it opens immediately. Same thing when I open other applications. Once open it works normally until I go to another resource and then there is a pause again. Thank you again for your help.


ComboFix 12-05-26.02 - pwest 05/26/2012 14:44:35.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6183 [GMT -7:00]
Running from: c:\users\pwest\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pwest\AppData\Roaming\Microsoft\Office\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 21:49 . 2012-05-26 21:49 -------- d-----w- c:\users\spradsadmin\AppData\Local\temp
2012-05-26 21:49 . 2012-05-26 21:49 -------- d-----w- c:\users\patrick\AppData\Local\temp
2012-05-26 20:12 . 2012-05-26 20:12 -------- d-----w- C:\_OTL
2012-05-26 19:07 . 2012-05-26 19:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-26 02:23 . 2012-05-26 02:23 -------- d-----w- c:\users\pwest\AppData\Local\LogMeIn
2012-05-26 02:23 . 2012-05-11 17:41 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-05-26 02:23 . 2012-05-11 17:41 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-26 02:23 . 2012-05-11 17:41 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-26 02:23 . 2012-04-02 19:17 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-05-26 02:23 . 2012-05-11 17:41 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-23 18:32 . 2000-01-01 00:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-23 18:32 . 2000-01-01 00:00 685160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-23 18:32 . 2012-05-23 18:32 -------- d-----w- c:\program files (x86)\Realtek
2012-05-23 18:31 . 2012-05-23 18:31 -------- d-----w- c:\programdata\AmUStor
2012-05-23 18:31 . 2012-05-23 18:31 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- C:\Intel
2012-05-23 18:29 . 2000-01-01 00:00 558360 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\programdata\ATI
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\programdata\AMD
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-23 18:29 . 2012-05-23 18:29 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-23 18:27 . 2012-05-23 18:28 -------- d-----w- c:\program files\ATI Technologies
2012-05-23 18:26 . 2012-05-23 18:26 -------- d-----w- C:\AMD
2012-05-23 18:12 . 2012-05-23 18:12 -------- d-----w- c:\program files\CPUID
2012-05-23 18:12 . 2012-03-09 17:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-05-23 18:08 . 2012-05-26 21:50 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-05-23 18:08 . 2012-05-23 18:08 -------- d-----w- c:\users\pwest\AppData\Local\SlimWare Utilities Inc
2012-05-23 18:08 . 2012-05-23 18:08 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-05-23 17:48 . 2012-05-23 17:48 -------- d-----w- c:\users\pwest\AppData\Roaming\Malwarebytes
2012-05-23 17:47 . 2012-05-23 17:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 05:38 . 2012-05-26 19:14 -------- d-----w- c:\program files\Google
2012-05-23 05:37 . 2012-05-23 05:37 -------- d-----w- c:\program files\CCleaner
2012-05-23 04:35 . 2012-05-23 06:15 -------- d-----w- c:\users\pwest\AppData\Local\LogMeIn Rescue Calling Card
2012-05-23 04:35 . 2012-05-23 05:52 -------- d-----w- c:\program files (x86)\LogMeIn Rescue Calling Card
2012-05-23 03:17 . 2012-05-23 19:03 -------- d-----w- c:\users\pwest\AppData\Local\LogMeIn Rescue Applet
2012-05-23 01:59 . 2012-05-23 01:59 -------- d-----w- C:\.jmsn
2012-05-23 01:31 . 2012-05-23 01:31 -------- d-----w- c:\users\pwest\AppData\Roaming\vlc
2012-05-23 01:31 . 2012-05-23 01:31 -------- d-----w- c:\program files (x86)\Easy Media Player
2012-05-22 14:11 . 2012-05-22 14:11 -------- d-----w- C:\tmp
2012-05-22 14:06 . 2012-05-22 14:06 -------- d-----w- c:\program files\NETGEAR
2012-05-22 13:40 . 2012-05-22 13:40 -------- d-----w- c:\users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
2012-05-22 01:16 . 2012-05-22 01:16 -------- d-----w- c:\programdata\Netgear
2012-05-21 19:57 . 2012-05-21 19:57 -------- d-----w- c:\program files (x86)\SmartControlCenter
2012-05-21 19:56 . 2012-05-21 19:56 -------- d-----w- c:\users\pwest\AppData\Local\Downloaded Installations
2012-05-20 19:51 . 2011-09-09 21:46 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-20 19:51 . 2011-10-12 19:29 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-05-20 19:51 . 2011-08-30 13:56 55416 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-05-20 19:10 . 2012-05-20 19:51 -------- d-----w- c:\users\pwest\AppData\Roaming\GFI Software
2012-05-20 19:10 . 2012-05-20 19:40 -------- d-----w- c:\programdata\GFI Software
2012-05-20 19:10 . 2012-05-20 19:51 -------- d-----w- c:\program files (x86)\GFI Software
2012-05-20 19:09 . 2012-05-20 19:09 -------- d-----w- c:\users\pwest\AppData\Local\GFI Software
2012-05-20 18:16 . 2012-05-20 18:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 18:05 . 2012-05-20 18:09 -------- d-----w- c:\users\pwest\AppData\Local\SolarWinds
2012-05-20 18:04 . 2012-05-20 18:04 -------- d-----w- C:\TFTP-Root
2012-05-20 18:04 . 2012-05-20 18:04 -------- d-----w- C:\SFTP_Root
2012-05-20 17:59 . 2012-05-26 01:27 -------- d-----w- c:\program files (x86)\SolarWinds
2012-05-20 17:59 . 2012-05-20 18:01 -------- d-----w- c:\program files (x86)\Common Files\SolarWinds
2012-05-20 17:56 . 2012-05-26 01:30 -------- d-----w- c:\programdata\SolarWinds
2012-05-20 17:55 . 2012-05-20 17:55 -------- d-----w- c:\program files (x86)\Microsoft Corporation
2012-05-20 17:44 . 2012-05-20 17:44 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-20 17:44 . 2012-05-20 17:44 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-20 17:36 . 2012-05-20 17:36 -------- d-----w- c:\users\spradsadmin\AppData\Roaming\ATI
2012-05-20 17:36 . 2012-05-20 17:36 -------- d-----w- c:\users\spradsadmin\AppData\Local\ATI
2012-05-20 17:35 . 2012-05-20 17:35 -------- d-----w- c:\users\spradsadmin\AppData\Local\Adobe
2012-05-20 17:35 . 2012-05-20 17:35 -------- d-----w- c:\users\spradsadmin\AppData\Local\Wondershare
2012-05-20 17:35 . 2012-05-20 17:35 -------- d-----w- c:\users\spradsadmin\AppData\Roaming\Intel Corporation
2012-05-20 17:35 . 2012-05-20 17:35 -------- d-----w- c:\users\spradsadmin\AppData\Local\PDFC
2012-05-20 17:34 . 2012-05-20 17:34 -------- d-----w- c:\users\spradsadmin\AppData\Local\Symantec
2012-05-20 17:34 . 2012-05-20 17:34 -------- d-----w- c:\users\spradsadmin\AppData\Roaming\Windows Small Business Server
2012-05-20 08:32 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E46A54CA-7B7C-40C6-8BAD-83C034E43A1A}\mpengine.dll
2012-05-20 01:00 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-19 14:53 . 2012-05-19 14:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{077031AA-F07A-4A9A-9275-D9640531E8EE}\gapaengine.dll
2012-05-19 00:42 . 2012-05-19 00:42 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-19 00:42 . 2012-05-19 00:42 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-19 00:42 . 2012-05-19 00:42 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-19 00:24 . 2012-05-19 00:24 -------- d-----w- c:\users\pwest\AppData\Local\PassMark
2012-05-19 00:24 . 2008-07-12 15:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-05-19 00:24 . 2008-07-12 15:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-05-19 00:24 . 2008-07-12 15:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-05-19 00:24 . 2006-09-28 23:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-05-19 00:24 . 2012-05-19 00:24 -------- d-----w- c:\programdata\Passmark
2012-05-19 00:24 . 2012-05-19 00:24 -------- d-----w- c:\program files\PerformanceTest
2012-05-18 23:51 . 2012-05-18 23:51 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-18 23:51 . 2012-05-18 23:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 23:48 . 2012-05-15 23:48 -------- d-----w- c:\users\pwest\AppData\Roaming\GetRightToGo
2012-05-15 16:59 . 2012-05-15 17:47 -------- d-----w- c:\programdata\Quest Software
2012-05-15 16:57 . 2012-05-15 17:24 -------- d-----w- c:\program files (x86)\Quest Software
2012-05-15 14:35 . 2012-05-15 14:35 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2012-05-14 14:40 . 2012-05-14 14:40 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aaab46c1cd31df01\DSETUP.dll
2012-05-14 14:40 . 2012-05-14 14:40 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aaab46c1cd31df01\DXSETUP.exe
2012-05-14 14:40 . 2012-05-14 14:40 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aaab46c1cd31df01\dsetup32.dll
2012-05-11 06:03 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 06:03 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 06:03 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 06:03 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 06:03 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 06:03 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 06:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 06:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:02 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:02 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:02 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:02 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:02 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-04-27 00:20 . 2012-04-27 00:20 -------- d-----w- c:\programdata\xml_param
2012-04-26 23:47 . 2011-12-14 20:43 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-04-26 23:46 . 2011-12-14 20:43 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-04-26 23:45 . 2011-12-14 20:43 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-04-26 23:45 . 2011-12-14 20:43 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-04-26 23:44 . 2011-12-14 20:43 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-04-26 23:43 . 2012-04-26 23:43 -------- d-----w- c:\users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-26 23:43 . 2012-04-26 23:43 -------- d-----w- c:\users\pwest\AppData\Local\Wondershare
2012-04-26 23:43 . 2012-04-26 23:43 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-04-26 23:43 . 2011-08-31 21:39 892928 ----a-w- c:\windows\SysWow64\iconv.dll
2012-04-26 23:43 . 2011-08-31 21:39 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
2012-04-26 23:43 . 2011-08-31 21:39 496640 ----a-w- c:\windows\SysWow64\xvid.ax
2012-04-26 23:43 . 2012-04-26 23:43 -------- d-----w- c:\program files (x86)\Wondershare
2012-04-26 22:08 . 2012-04-26 23:43 -------- d-----w- c:\program files\GetASFStream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 19:13 . 2011-09-06 20:12 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-20 18:12 . 2012-04-02 22:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 18:12 . 2012-01-04 22:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 11:59 . 2012-04-19 14:59 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-08-31 00:06 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-08-31 00:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-08-31 00:07 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-08-31 00:06 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-08-31 00:07 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-08-31 00:07 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-08-31 00:07 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-02 19:17 . 2012-04-02 19:17 35616 ----a-w- c:\windows\system32\lmimirr.dll
2012-04-02 19:17 . 2012-04-02 19:17 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2012-04-02 19:17 . 2012-04-02 19:17 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2012-03-22 11:37 . 2011-09-17 21:44 1464928 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-21 10:21 . 2012-03-21 10:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-21 10:21 . 2012-03-21 10:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-21 10:21 . 2012-03-21 10:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-21 10:21 . 2012-03-21 10:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-21 10:21 . 2012-03-21 10:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-21 10:21 . 2012-03-21 10:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-21 10:21 . 2012-03-21 10:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-21 10:21 . 2012-03-21 10:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-21 10:21 . 2012-03-21 10:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-21 10:21 . 2012-03-21 10:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-21 10:21 . 2012-03-21 10:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-21 10:21 . 2012-03-21 10:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-21 10:21 . 2012-03-21 10:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-21 10:21 . 2012-03-21 10:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-21 10:21 . 2012-03-21 10:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-21 10:21 . 2012-03-21 10:21 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-21 10:21 . 2012-03-21 10:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-21 10:21 . 2012-03-21 10:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-21 10:21 . 2012-03-21 10:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-21 10:21 . 2012-03-21 10:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-21 10:21 . 2012-03-21 10:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-21 10:21 . 2012-03-21 10:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-21 10:21 . 2012-03-21 10:21 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-21 10:21 . 2012-03-21 10:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-21 10:21 . 2012-03-21 10:21 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-21 10:21 . 2012-03-21 10:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-21 10:21 . 2012-03-21 10:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-21 10:21 . 2012-03-21 10:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-21 10:21 . 2012-03-21 10:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-21 10:21 . 2012-03-21 10:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-21 10:21 . 2012-03-21 10:21 448512 ----a-w- c:\windows\system32\html.iec
2012-03-21 10:21 . 2012-03-21 10:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-21 10:21 . 2012-03-21 10:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-21 10:21 . 2012-03-21 10:21 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2010-09-23 1448800]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2000-01-01 284440]
"SBAMTray"="c:\program files (x86)\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504]
.
c:\users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\pwest\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Script Manager;Fortis Script Manager;\documentserver\MainVol\FortisDT\ScrptSrv.exe [x]
R3 getbus;getbus;c:\users\pwest\AppData\Local\Temp\getbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 257696]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/30 17:31;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 136176]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2000-01-01 13592]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 129976]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 OWProcMan;NETGEAR ProSafe NMS200;c:\progra~1\netgear\netgea~1\oware\bin\owprocman.exe [2012-05-22 45056]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R4 QuestNmsAgent;Quest Foglight NMS Agent;c:\program files (x86)\Quest Software\Foglight NMS\ptagentservice.exe [2012-05-10 381784]
R4 QuestNmsServer;Quest Foglight NMS Server;c:\program files (x86)\Quest Software\Foglight NMS\ptserverservice.exe [2012-05-10 381784]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SolarWinds SFTP Server;SolarWinds SFTP/SCP Server;c:\program files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe [2011-12-27 31744]
R4 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe [2012-02-06 58880]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 SWBrowserIntegration;SolarWinds Orion Toolset Integration Service;c:\program files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe [2012-02-13 45704]
R4 Synergy;Synergy Network Management;c:\progra~1\NETGEAR\NETGEA~1\oware\synergy\tomcat-6.0.32\bin\native\windows\x64\tomcat6.exe [2012-05-22 78336]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R4 Veeam Backup and Replication Service;Veeam Backup Service;c:\program files\Veeam\Backup and Replication\Veeam.Backup.Service.exe [2011-04-08 249856]
R4 Veeam Backup Catalog Data Service;Veeam Indexing Service;c:\program files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe [2011-04-08 57344]
R4 VeeamBackupService.exe;Veeam Backup and FastSCP Service;c:\program files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe [2010-07-24 28672]
R4 VeeamNfsSvc;Veeam vPower NFS Service;c:\program files\Veeam\Backup and Replication\VeeamNFSSvc.exe [2011-04-08 876544]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55416]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-11 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2012-02-11 218200]
S2 MSSQL$VEEAM;SQL Server (VEEAM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SBAMSvc;VIPRE Business;c:\program files (x86)\GFI Software\GFIAgent\SBAMSvc.exe [2011-10-12 2804312]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe [2011-10-12 181616]
S2 VIPRE Business Service;VIPRE Business Site Service;c:\program files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe [2011-11-19 456048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:12]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 17:45]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 17:45]
.
2012-05-11 c:\windows\Tasks\HPCeeScheduleForpwest.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-26 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-05-01 19:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\pwest\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CANON DR3010C SVC"="DR301SVC.dll" [2010-01-13 159744]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2000-01-01 324096]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.spradsrv.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{BA309A65-07BE-4F2F-ADBB-32858216A714}: NameServer = 192.168.1.25,192.168.1.2
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://sqlserver/reports/Reserved.ReportViewerWebControl.axd?ReportSession=ulnxk5455l2uec45coqvat55&ControlID=73441323d5f340fe8eef72cdb4228d6d&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab&Arch=X86
FF - ProfilePath - c:\users\pwest\AppData\Roaming\Mozilla\Firefox\Profiles\1hupbap2.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-70897812.sys
SafeBoot-MsMpSvc
AddRemove-{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1 - c:\users\pwest\AppData\Roaming\Microsoft\Office\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="c:\progra~1\netgear\netgea~1\oware3rd\mysql\5_0_51-64\bin\mysqld-nt MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 14:55:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 21:55
.
Pre-Run: 720,992,382,976 bytes free
Post-Run: 720,220,700,672 bytes free
.
- - End Of File - - 79B93A2ED0CBC999011668B695A6E31D
  • 0

#11
CompCav
Posted 26 May 2012 - 06:55 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so

Posted Image

Once completed

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

Posted Image

After all this is completed could you update me on the problems being experienced
  • 0

#12
CompCav
Posted 29 May 2012 - 08:21 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Have you completed the check disk and sfc scan?

Are you still needing help?
  • 0

#13
CompCav
Posted 03 June 2012 - 07:52 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP