Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware with hijack/redirect to fake sites: nginx, isearch.avg, partne

Started by jorgeanchovy , Jul 22 2012 10:42 AM

This topic is locked

#16
Render

Posted 29 July 2012 - 09:54 AM

Trusted Helper

Malware Removal
4,195 posts

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Windows 7

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.

#17
jorgeanchovy

Posted 30 July 2012 - 08:12 AM

Member

Topic Starter
Member
20 posts

Hello Render,

Thank you, that's good news. I have a couple of questions:

1) on your recommendation (and PCMag review) I removed Anvi antivirus. Reading a PCMag summary of antivirus reviews, they gave a rating of 4 to three different free programs: AVG, Avira, and Avast. A couple of paid programs had 4.5 stars so it seems like the free ones are reasonable options. My question: do you agree with this assessment and do you have any recommendations for which I should install.

2) I am still getting the HP Connection Manager error every time I turn on the computer, as mentioned earlier. Should I just ignore it? (I can't see an impact on function). Should I uninstall it and re-download the HP Software Framework? I checked, it is the most recent version installed already.

3) I have been getting a Catalyst Control Center error periodically (not yet today). I know this has something to do with AMD and video driver stuff . . . but am unsure what to do about it, if anything.

OK, I will take the cleanup steps you recommend. Also I have already implemented some of the recommendations in the materials you sent.

Thanks,

Peter

#18
Render

Posted 30 July 2012 - 08:26 AM

Trusted Helper

Malware Removal
4,195 posts

1) If you're not satisfied with a BullGuard's AV solution I would recommend you one of these free antiviruses:

2) Please try to uninstall it and if you need it then download and install it once again.

3) Please try to update your graphic card drivers from here.

Please let me know the results.

#19
jorgeanchovy

Posted 30 July 2012 - 06:48 PM

Member

Topic Starter
Member
20 posts

Hi Render,

Bad news here. After the cleanup steps you gave (plus loading avira and uninstalling bullguard, and uninstalling "SuperAntiSpyware" which was another thing I had lingering on here), I now am having internet service interruptions again - windows says it may be a dns host problem.

No sign of redirects yet though.

I know this is probably a hard thing for you to diagnose because internet connectivity could be due to so many things (ISP, hardware, etc.) -- but do you have any ideas.

I redownloaded and was going to run the OTL fix again you gave me in email #8 to flush dns and reset hosts and see if that helps again. But then I decided, that's dumb of me, it would be better to ask you first, maybe there are some steps you can give me to try to detect why this is happening.

Malwarebytes and now Avira (full scan) are still finding nothing.

Any thoughts?

Thanks,

Peter

#20
Render

Posted 30 July 2012 - 07:23 PM

Trusted Helper

Malware Removal
4,195 posts

Please reboot your system.

Then download following file to your desktop:

winsock.bat 114bytes 185 downloads
Right click on it and select Run as Administrator to run it.
Test internet connection.

#21
jorgeanchovy

Posted 31 July 2012 - 04:42 PM

Member

Topic Starter
Member
20 posts

Hi Render,

After first day of use all OK. I will report after one more day of use.

What does Winsock do and what does this mean (why does it happen and why does that fix it?)

Thank you,

Peter

#22
Render

Posted 31 July 2012 - 05:20 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

I'm not 100% sure but I think that during BullGuard uninstallation some of LSP files were broken. One major common issue with LSPs is that if they were to be removed or unregistered improperly or if the LSP was buggy, it would result in corruption of the Winsock catalog in the registry, and the entire TCP/IP stack would break and the computer could no longer access the network.

Below is one of commands we've used to repair winsock stack:

netsh winsock reset catalog

Now run your PC as normal and let me know if the problem is gone or not.

And please give me a fresh OTL log as described below:

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
%systemroot%\*. /mp /s
%Temp%\smtmp\*.* /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#23
jorgeanchovy

Posted 01 August 2012 - 11:18 AM

Member

Topic Starter
Member
20 posts

Hi Render,

I have more recent information I would like to provide before I run OTL, in case that information changes our course of action.

I have had more losses of internet connection today, after winsock.

Also today I had the "Partner37" page load one time, which is one of the things I thought was a hijack but now I am not sure whether this is the same kind of issue I was seeing with "Welcome to nginx". I have attached a screenshot of today's occurrence so that you can see what the URL looked like at the time. It contains the word "Blekko" and I definitely did see an installation of an unwanted blekko toolbar early on in this problem. Since then, as you know from my logs, there have been no traces of blekko though, until this URL appeared.

Other clues:
The situation in which this loaded was me entering a URL of a site that was down.
The site was www.mercyships.org. It is now back up.
I went to isup.me and entered www.mercyships.org to get an external view on whether this site is down for everyone or whether I was being tricked, and they indicated it was down for everyone.
I went to the mercyships site on Chrome (had been using firefox) and the same partner37 page loaded, as in the screenshot.
I went to the mercyships site on my phone's browser and a generic site not found page came up.
I cleared the cache and history on my firefox browser and again went to mercyships, and again the same partner37 page loaded.

I looked at my Hosts file and this is what it contained/contains:
127.0.0.1 localhost
::1 localhost

I then ran MBAM full scan and Avira scan and both found no threats.

Today both since and before the partner37 event, I have had several 1-3 minute losses of internet connectivity. I am using a westell 2200 modem with a date of 2005 and am wondering if I should replace that to eliminate the possibility that this is actually a hardware weakness?

If you'd like I can continue the plan laid out in your last message, but I wanted to provide you this information first.

Thanks,

Peter

Attached Thumbnails

#24
Render

Posted 01 August 2012 - 11:36 AM

Trusted Helper

Malware Removal
4,195 posts

OK. Thank you. Please proceed with OTL scan as described above.

Then download following script:

test.bat 551bytes 188 downloads
Right click on it and select Run as Administrator to run it.
It will produce log file. Include content of that file in your next reply.

#25
jorgeanchovy

Posted 01 August 2012 - 12:27 PM

Member

Topic Starter
Member
20 posts

Render,

Thank you. In the logs I see "Antiphishing domain advisor" in my programs which may be related to the partner37 thing as those words appear on that redirect page. It says in my windows uninstall programs list it comes from visicom - pandasecurity and that it was installed on 7/30, which is the day I uninstalled bullguard and superanitspy and put in Avira. (not trying to do your job for you but just thought if I see something funny, I should say).

Last log first, followed by the OTL logs:

Local Area Connection:
Node IpAddress: [10.0.0.3] Scope Id: []

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
CYPRESSHP <20> UNIQUE Registered
CYPRESSHP <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

No names in cache

Wireless Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

No names in cache

Windows IP Configuration

Host Name . . . . . . . . . . . . : CypressHP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
Physical Address. . . . . . . . . : 20-10-7A-45-13-A2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 40-2C-F4-29-77-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-9C-02-93-27-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::61ab:60f0:508b:4be1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 10:02:00 PM
Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 8:11:24 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 238832274
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FA-DE-B2-00-9C-02-93-27-4E
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E96F5685-C65F-4776-A433-E6FD5A090BE9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{672FB6AB-8FCA-454A-961A-108F7F9DB738}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12D84F0F-F828-4D8C-B372-E0859B917957}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2848:310d:f5ff:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::2848:310d:f5ff:fffc%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging Yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=218ms TTL=45
Reply from 72.30.38.140: bytes=32 time=148ms TTL=45
Reply from 72.30.38.140: bytes=32 time=146ms TTL=45
Reply from 72.30.38.140: bytes=32 time=242ms TTL=45

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 242ms, Average = 188ms

Pinging Google.com [74.125.130.113] with 32 bytes of data:
Reply from 74.125.130.113: bytes=32 time=74ms TTL=42
Reply from 74.125.130.113: bytes=32 time=77ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42

Ping statistics for 74.125.130.113:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 77ms, Average = 75ms
These Windows services are started:

Adobe Acrobat Update Service
AMD External Events Utility
Andrea ST Filters Service
Application Information
Application Management
ArcCapture
Audio Service
Authentication Service
Avira Realtime Protection
Avira Scheduler
Background Intelligent Transfer Service
Base Filtering Engine
Bluetooth Service
Broadcom Wireless LAN Tray Service
Certificate Propagation
CNG Key Isolation
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
DNS Client
Encrypting File System (EFS)
EPSON V3 Service4(04)
EPSON V5 Service4(04)
Extensible Authentication Protocol
File Sanitizer for HP ProtectTools
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Listener
HomeGroup Provider
HP DayStarter Service
HP Power Assistant Service
HP ProtectTools Service
HP Quick Synchronization Service
HP Service
HP Software Framework Service
HP Support Assistant Service
IKE and AuthIP IPsec Keying Modules
Intel® Identity Protection Technology Host Interface Service
Intel® Management and Security Application Local Management Service
Intel® Management and Security Application User Notification Service
Intel® Rapid Storage Technology
IP Helper
LightScribeService Direct Disc Labeling Service
McAfee Endpoint Encryption Agent
McciCMService
McciCMService64
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Office Software Protection Platform
Offline Files
OnlineStorageService
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Personal Secure Drive Service
Plug and Play
PnP-X IP Bus Enumerator
Portrait Displays SDK Service
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secondary Logon
Secunia PSI Agent
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Security Platform Management Service
Server
Shell Hardware Detection
Skype C2C Service
Smart Card
SSDP Discovery
Superfetch
System Event Notification Service
Tablet PC Input Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Themes
TPM Base Services
Trusted Platform Core Service
UPnP Device Host
User Profile Service
Validity VCS Fingerprint Service
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation

The command completed successfully.

.
Afd
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancillary Function Driver for Winsock
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
dhcp
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 524
FLAGS :
Dnscache
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx
: nsi
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1568
FLAGS :
gpsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: gpsvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k GPSvcGroup
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Group Policy Client
DEPENDENCIES : RPCSS
: Mup
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: gpsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1284
FLAGS :
iphlpsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: iphlpsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k NetSvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IP Helper
DEPENDENCIES : RpcSS
: Tdx
: winmgmt
: tcpip
: nsi
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: iphlpsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
lanmanserver
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES : SamSS
: Srv
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
Lmhosts
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 524
FLAGS :
NetBIOS
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
NetBT
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 87
DISPLAY_NAME : NetBT
DEPENDENCIES : Tdx
: tcpip
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
Netman
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
: nsi
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 596
FLAGS :
netprofm
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network List Service
DEPENDENCIES : RpcSs
: nlasvc
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
NlaSvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness
DEPENDENCIES : NSI
: RpcSs
: TcpIp
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1568
FLAGS :
nsi
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Store Interface Service
DEPENDENCIES : nsiproxy
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
PolicyAgent
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPsec Policy Agent
DEPENDENCIES : Tcpip
: bfe
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
RasMan
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
: SstpSvc
SERVICE_START_NAME : localSystem

SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
RPCSS
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : RpcEptMapper
: DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 948
FLAGS :
SstpSvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secure Socket Tunneling Protocol Service
DEPENDENCIES :
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
TCPIP
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
WebClient
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

start OTL here

OTL logfile created on: 8/1/2012 1:56:39 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Peter\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.11% Memory free
7.90 Gb Paging File | 5.27 Gb Available in Paging File | 66.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.52 Gb Total Space | 368.81 Gb Free Space | 82.78% Space Free | Partition Type: NTFS
Drive E: | 14.95 Gb Total Space | 2.23 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32
Drive H: | 731.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CYPRESSHP | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 20:40:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL(2).exe
PRC - [2012/07/25 04:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012/07/25 04:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 14:04:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/03 14:04:55 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/11 03:33:54 | 000,410,942 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/08 21:16:38 | 001,760,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/02/08 12:44:04 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2012/02/08 12:10:00 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/03/16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/10 20:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/07 15:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/02/07 15:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/01/28 12:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 13:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/20 01:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2011/01/20 01:50:16 | 000,329,056 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2011/01/20 01:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2011/01/20 00:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2011/01/12 15:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/11/29 15:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
PRC - [2010/11/17 13:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/11 03:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/30 12:27:38 | 000,877,952 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/07/19 16:58:03 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/11 03:33:54 | 000,410,942 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
MOD - [2012/04/23 18:35:09 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 18:32:36 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 19:31:42 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/08 12:44:04 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/01/03 22:51:03 | 003,190,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/03 22:50:59 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
MOD - [2011/03/28 23:32:26 | 001,316,878 | ---- | M] () -- C:\Program Files\Trend Micro SafeSync\avcodec-52.dll
MOD - [2011/03/28 23:32:26 | 000,165,902 | ---- | M] () -- C:\Program Files\Trend Micro SafeSync\avformat-52.dll
MOD - [2011/03/28 23:32:26 | 000,098,830 | ---- | M] () -- C:\Program Files\Trend Micro SafeSync\avutil-50.dll
MOD - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 21:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 14:05:57 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/13 14:03:52 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2012/05/13 14:03:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012/04/08 21:16:30 | 007,612,176 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV:64bit: - [2012/03/20 21:01:59 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/02/08 12:10:00 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/08/23 04:37:04 | 003,175,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/07/15 14:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/12 00:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/01/28 12:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/07/29 22:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/14 01:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 15:05:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/25 04:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/07/19 16:58:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 14:04:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/03 14:04:55 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/09/05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/08/23 04:23:48 | 002,774,320 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\windows\SysWow64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/03/16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/02/07 15:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/20 01:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2011/01/20 01:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011/01/20 00:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2011/01/12 15:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/11/29 15:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 03:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/11 11:15:09 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/07/11 11:15:09 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2012/07/03 14:06:08 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/03 14:05:57 | 010,497,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/03 14:05:57 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/13 14:03:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/05/12 06:48:17 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/20 21:01:58 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/03/20 21:01:53 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 13:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/02/28 13:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/02/22 13:54:08 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/08 12:55:20 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/02/08 12:54:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/09/16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 11:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/01/13 06:14:04 | 000,040,448 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SzCCID.sys -- (SzCCID)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/12 14:11:20 | 002,611,704 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 21:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 03:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/20 17:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 17:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 17:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 10:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/19 07:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 18:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/26 01:31:08 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2887097447-186780515-742582406-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-2887097447-186780515-742582406-1002\..\SearchScopes,DefaultScope = {9A3E76CB-CFD2-4B3F-A89E-9E715EA4DAC0}
IE - HKU\S-1-5-21-2887097447-186780515-742582406-1002\..\SearchScopes\{9A3E76CB-CFD2-4B3F-A89E-9E715EA4DAC0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2887097447-186780515-742582406-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/03/06 18:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/06 20:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 16:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/20 08:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2012/07/20 12:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xt8mvko7.default\extensions
[2012/07/20 12:07:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xt8mvko7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/07/19 10:04:36 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xt8mvko7.default\extensions\[email protected]
[2012/06/20 08:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 10:00:59 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XT8MVKO7.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 16:58:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/17 16:18:49 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 07:56:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2887097447-186780515-742582406-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe ()
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2887097447-186780515-742582406-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Peter\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sfax Printer Driver - Auto Update.lnk = C:\Sfax\SfaxDriverUpdate.exe (SecureCare Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2887097447-186780515-742582406-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2887097447-186780515-742582406-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{672FB6AB-8FCA-454A-961A-108F7F9DB738}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E96F5685-C65F-4776-A433-E6FD5A090BE9}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 00:24:09 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 20:40:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL(2).exe
[2012/07/30 17:32:17 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Avira
[2012/07/30 17:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/07/30 17:28:11 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/07/30 17:28:11 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/07/30 17:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/07/30 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/07/30 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/30 11:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/30 11:21:36 | 000,000,000 | ---D | C] -- C:\AMD
[2012/07/30 09:58:09 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Secunia PSI
[2012/07/30 09:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/07/27 14:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/25 19:53:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/25 19:39:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/24 10:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/07/24 10:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/07/21 11:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/07/21 11:44:53 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\capicom.dll
[2012/07/21 11:34:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\QuickScan
[2012/07/21 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/07/21 11:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/07/21 10:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/07/21 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Roxio Log Files
[2012/07/20 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\blekkotb_031
[2012/07/20 10:52:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
[2012/07/20 10:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/20 10:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/07/20 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/20 10:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/20 10:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/19 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
[2012/07/19 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
[2012/07/19 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
[2012/07/19 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
[2012/07/19 17:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/19 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/07/19 17:03:21 | 000,000,000 | ---D | C] -- C:\My Documents
[2012/07/17 16:18:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\SlimWare Utilities Inc
[2012/07/17 16:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimCleaner
[2012/07/17 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/17 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Anvisoft
[2012/07/17 14:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/07/17 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/11 14:50:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 14:50:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 14:50:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 14:50:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 14:50:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 14:50:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 14:50:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 14:50:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 14:50:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 14:50:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 14:50:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 14:50:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 14:50:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/11 11:15:14 | 000,173,656 | ---- | C] (JMicron Technology Corporation) -- C:\windows\SysNative\drivers\jmcr.sys
[2012/07/11 11:15:13 | 000,026,200 | ---- | C] (JMicron Technology Corp.) -- C:\windows\SysNative\drivers\johci.sys
[2012/07/11 11:14:08 | 000,360,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\e1c62x64.sys
[2012/07/11 11:13:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2012/07/11 11:13:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2012/07/11 11:12:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2012/07/11 08:07:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 08:07:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 08:07:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 08:07:33 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/11 08:07:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/10 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\sitebackup
[2012/07/10 07:40:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Peter
[2012/07/09 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012/07/09 09:45:26 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/09 09:44:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/06 07:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/06 07:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/07/06 07:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/07/06 07:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design and Web Premium CS6
[2012/07/06 07:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/06 07:24:56 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Adobe CS6 Design and Web Premium
[2012/07/05 21:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/03 14:23:28 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Hewlett-Packard Company
[2012/07/03 14:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/03 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/03 14:06:42 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdmv.dll
[2012/07/03 14:06:42 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6v.dll
[2012/07/03 14:06:42 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atipdl64.dll
[2012/07/03 14:06:42 | 000,120,320 | ---- | C] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2012/07/03 14:06:42 | 000,095,248 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012/07/03 14:06:42 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiuxpag.dll
[2012/07/03 14:06:41 | 024,866,816 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atio6axx.dll
[2012/07/03 14:06:41 | 018,757,120 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atioglxx.dll
[2012/07/03 14:06:41 | 010,497,536 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\atikmdag.sys
[2012/07/03 14:06:41 | 009,978,880 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticaldd64.dll
[2012/07/03 14:06:41 | 008,449,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticaldd.dll
[2012/07/03 14:06:41 | 004,292,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atidxx32.dll
[2012/07/03 14:06:41 | 000,517,120 | ---- | C] (AMD) -- C:\windows\SysNative\atieclxx.exe
[2012/07/03 14:06:41 | 000,486,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiadlxx.dll
[2012/07/03 14:06:41 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012/07/03 14:06:41 | 000,326,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\drivers\atikmpag.sys
[2012/07/03 14:06:41 | 000,204,288 | ---- | C] (AMD) -- C:\windows\SysNative\atiesrxx.exe
[2012/07/03 14:06:41 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiapfxx.exe
[2012/07/03 14:06:41 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atiedu64.dll
[2012/07/03 14:06:41 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atimpc64.dll
[2012/07/03 14:06:41 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\amdpcom64.dll
[2012/07/03 14:06:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atimpc32.dll
[2012/07/03 14:06:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\amdpcom32.dll
[2012/07/03 14:06:41 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\ati2erec.dll
[2012/07/03 14:06:41 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalrt64.dll
[2012/07/03 14:06:41 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalrt.dll
[2012/07/03 14:06:41 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalcl64.dll
[2012/07/03 14:06:41 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalcl.dll
[2012/07/03 14:06:41 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\ati2edxx.dll
[2012/07/03 14:06:41 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6txx.dll
[2012/07/03 14:06:41 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atigktxx.dll
[2012/07/03 14:06:41 | 000,021,504 | ---- | C] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2012/07/03 14:06:41 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6pxx.dll
[2012/07/03 14:06:41 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiglpxx.dll
[2012/07/03 14:06:41 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiglpxx.dll

========== Files - Modified Within 30 Days ==========

[2012/08/01 14:02:01 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 13:05:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 11:02:16 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 08:59:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 08:59:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 08:11:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/30 22:01:15 | 4242,911,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 21:57:50 | 000,000,114 | ---- | M] () -- C:\Users\Peter\Desktop\winsock.bat
[2012/07/30 20:40:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL(2).exe
[2012/07/30 17:28:22 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/30 16:24:02 | 000,039,338 | ---- | M] () -- C:\Users\Peter\Desktop\Koala.jpg
[2012/07/30 12:16:05 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/07/30 09:58:04 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/27 15:05:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 15:05:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/27 14:22:23 | 141,399,160 | ---- | M] () -- C:\Users\Peter\Desktop\setup_11.0.0.1245.x01_2012_07_27_21_02.exe
[2012/07/26 07:56:22 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/24 10:41:39 | 000,782,922 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/24 10:41:39 | 000,664,872 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/24 10:41:39 | 000,122,698 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/22 07:53:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012/07/21 17:33:51 | 000,000,359 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml
[2012/07/21 14:48:03 | 005,037,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/21 11:45:43 | 000,000,385 | ---- | M] () -- C:\windows\SysNative\user_gensett.xml
[2012/07/21 11:45:20 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/07/20 10:46:32 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/20 10:46:32 | 000,002,239 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/20 09:52:03 | 000,001,280 | ---- | M] () -- C:\Users\Peter\Documents\SPI - Shortcut.lnk
[2012/07/19 18:00:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 09:43:22 | 000,002,052 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/07/18 08:14:36 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForPeter.job
[2012/07/17 14:14:36 | 000,105,808 | ---- | M] () -- C:\Users\Peter\Documents\cc_20120717_141427.reg
[2012/07/11 11:15:09 | 000,173,656 | ---- | M] (JMicron Technology Corporation) -- C:\windows\SysNative\drivers\jmcr.sys
[2012/07/11 11:15:09 | 000,026,200 | ---- | M] (JMicron Technology Corp.) -- C:\windows\SysNative\drivers\johci.sys
[2012/07/11 11:09:30 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_EliteBook 8560p_Y5336AN_0U_Q5CB2113YCX_E629175-001_4A_I1618_SHP_V97.4A_B68SCF F.22_T111222_W748-1_L409_M4047_J500_7Intel_86A7_92.50_#110306_N80861502;14E44353_(LJ548UT#ABA)_XMOBILE_CN10_Z_2A0001D02.MRK
[2012/07/09 14:55:23 | 000,001,131 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/06 20:20:54 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/07/03 14:23:49 | 000,000,178 | ---- | M] () -- C:\windows\SysNative\HPPA.ini
[2012/07/03 14:10:58 | 000,000,473 | ---- | M] () -- C:\windows\SysNative\MAPISVC.INF
[2012/07/03 14:10:57 | 000,000,976 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2012/07/03 14:06:08 | 000,095,248 | ---- | M] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012/07/03 14:06:00 | 000,204,952 | ---- | M] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/07/03 14:06:00 | 000,204,952 | ---- | M] () -- C:\windows\SysNative\ativvsvl.dat
[2012/07/03 14:06:00 | 000,157,144 | ---- | M] () -- C:\windows\SysWow64\ativvsva.dat
[2012/07/03 14:06:00 | 000,157,144 | ---- | M] () -- C:\windows\SysNative\ativvsva.dat
[2012/07/03 14:06:00 | 000,058,880 | ---- | M] (AMD) -- C:\windows\SysNative\coinst.dll
[2012/07/03 14:06:00 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiuxp64.dll
[2012/07/03 14:06:00 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiuxpag.dll
[2012/07/03 14:05:59 | 004,353,536 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdag.dll
[2012/07/03 14:05:59 | 004,189,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdva.dll
[2012/07/03 14:05:59 | 001,988,768 | ---- | M] () -- C:\windows\SysWow64\atiumdva.cap
[2012/07/03 14:05:59 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdmv.dll
[2012/07/03 14:05:57 | 024,866,816 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atio6axx.dll
[2012/07/03 14:05:57 | 018,757,120 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atioglxx.dll
[2012/07/03 14:05:57 | 010,497,536 | ---- | M] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\atikmdag.sys
[2012/07/03 14:05:57 | 005,510,144 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd64.dll
[2012/07/03 14:05:57 | 005,041,664 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atidxx64.dll
[2012/07/03 14:05:57 | 004,292,096 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atidxx32.dll
[2012/07/03 14:05:57 | 004,044,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6a.dll
[2012/07/03 14:05:57 | 001,987,040 | ---- | M] () -- C:\windows\SysNative\atiumd6a.cap
[2012/07/03 14:05:57 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6v.dll
[2012/07/03 14:05:57 | 000,892,416 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\aticfx64.dll
[2012/07/03 14:05:57 | 000,517,120 | ---- | M] (AMD) -- C:\windows\SysNative\atieclxx.exe
[2012/07/03 14:05:57 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012/07/03 14:05:57 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysNative\atipdl64.dll
[2012/07/03 14:05:57 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysWow64\atipdlxx.dll
[2012/07/03 14:05:57 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\drivers\atikmpag.sys
[2012/07/03 14:05:57 | 000,239,869 | ---- | M] () -- C:\windows\SysNative\atiicdxx.dat
[2012/07/03 14:05:57 | 000,204,288 | ---- | M] (AMD) -- C:\windows\SysNative\atiesrxx.exe
[2012/07/03 14:05:57 | 000,120,320 | ---- | M] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2012/07/03 14:05:57 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysNative\atiedu64.dll
[2012/07/03 14:05:57 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atimpc64.dll
[2012/07/03 14:05:57 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\amdpcom64.dll
[2012/07/03 14:05:57 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atimpc32.dll
[2012/07/03 14:05:57 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\amdpcom32.dll
[2012/07/03 14:05:57 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6txx.dll
[2012/07/03 14:05:57 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiu9p64.dll
[2012/07/03 14:05:57 | 000,036,194 | ---- | M] () -- C:\windows\atiogl.xml
[2012/07/03 14:05:57 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atigktxx.dll
[2012/07/03 14:05:57 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiu9pag.dll
[2012/07/03 14:05:57 | 000,021,504 | ---- | M] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2012/07/03 14:05:57 | 000,017,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6pxx.dll
[2012/07/03 14:05:57 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiglpxx.dll
[2012/07/03 14:05:57 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiglpxx.dll
[2012/07/03 14:05:57 | 000,003,917 | ---- | M] () -- C:\windows\SysWow64\atipblag.dat
[2012/07/03 14:05:57 | 000,003,917 | ---- | M] () -- C:\windows\SysNative\atipblag.dat
[2012/07/03 14:05:56 | 009,978,880 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticaldd64.dll
[2012/07/03 14:05:56 | 008,449,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticaldd.dll
[2012/07/03 14:05:56 | 000,748,544 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\aticfx32.dll
[2012/07/03 14:05:56 | 000,486,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiadlxx.dll
[2012/07/03 14:05:56 | 000,339,968 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atiadlxy.dll
[2012/07/03 14:05:56 | 000,205,720 | ---- | M] () -- C:\windows\SysWow64\atiapfxx.blb
[2012/07/03 14:05:56 | 000,205,720 | ---- | M] () -- C:\windows\SysNative\atiapfxx.blb
[2012/07/03 14:05:56 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiapfxx.exe
[2012/07/03 14:05:56 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\ati2erec.dll
[2012/07/03 14:05:56 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalrt64.dll
[2012/07/03 14:05:56 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalrt.dll
[2012/07/03 14:05:56 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalcl64.dll
[2012/07/03 14:05:56 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalcl.dll
[2012/07/03 14:05:56 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysWow64\ati2edxx.dll
[2012/07/03 14:04:55 | 000,008,192 | ---- | M] () -- C:\windows\SysNative\drivers\IntelMEFWVer.dll
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 21:58:07 | 000,000,114 | ---- | C] () -- C:\Users\Peter\Desktop\winsock.bat
[2012/07/30 17:28:22 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/30 16:24:02 | 000,039,338 | ---- | C] () -- C:\Users\Peter\Desktop\Koala.jpg
[2012/07/30 12:16:05 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/07/30 09:58:04 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/30 09:58:04 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/07/27 14:20:20 | 141,399,160 | ---- | C] () -- C:\Users\Peter\Desktop\setup_11.0.0.1245.x01_2012_07_27_21_02.exe
[2012/07/22 07:53:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/07/21 12:07:15 | 000,000,359 | ---- | C] () -- C:\windows\SysNative\checkdnsid.xml
[2012/07/21 11:45:43 | 000,000,385 | ---- | C] () -- C:\windows\SysNative\user_gensett.xml
[2012/07/21 11:45:20 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/07/20 10:46:32 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/20 10:46:32 | 000,002,239 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/20 10:44:02 | 000,000,896 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 10:44:01 | 000,000,892 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 09:52:03 | 000,001,280 | ---- | C] () -- C:\Users\Peter\Documents\SPI - Shortcut.lnk
[2012/07/19 09:43:22 | 000,002,052 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/07/17 14:14:29 | 000,105,808 | ---- | C] () -- C:\Users\Peter\Documents\cc_20120717_141427.reg
[2012/07/10 07:36:52 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/07/09 14:55:23 | 000,001,131 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/06 07:47:55 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/07/06 07:47:51 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/07/06 07:47:51 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/07/06 07:45:18 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/07/06 07:42:41 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/07/03 14:10:58 | 000,000,473 | ---- | C] () -- C:\windows\SysNative\MAPISVC.INF
[2012/07/03 14:06:42 | 001,988,768 | ---- | C] () -- C:\windows\SysWow64\atiumdva.cap
[2012/07/03 14:06:42 | 001,987,040 | ---- | C] () -- C:\windows\SysNative\atiumd6a.cap
[2012/07/03 14:06:42 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/07/03 14:06:42 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012/07/03 14:06:42 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/07/03 14:06:42 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012/07/03 14:06:41 | 000,239,869 | ---- | C] () -- C:\windows\SysNative\atiicdxx.dat
[2012/07/03 14:06:41 | 000,205,720 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012/07/03 14:06:41 | 000,205,720 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012/07/03 14:06:41 | 000,036,194 | ---- | C] () -- C:\windows\atiogl.xml
[2012/07/03 14:06:41 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/07/03 14:06:41 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012/06/21 10:53:46 | 000,012,355 | ---- | C] () -- C:\Users\Peter\.recently-used.xbel
[2012/05/21 10:55:19 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/21 10:55:19 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/21 10:55:19 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/21 10:55:19 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/21 10:55:19 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/21 10:55:19 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/21 10:55:19 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/21 10:55:19 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/21 10:55:19 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/21 10:55:19 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/21 10:55:19 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/21 10:55:19 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/21 10:55:19 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/21 10:55:19 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/21 10:55:19 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/21 10:55:19 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/05/21 10:53:39 | 000,000,060 | ---- | C] () -- C:\windows\EWF630.ini
[2012/05/12 13:27:23 | 000,000,059 | ---- | C] () -- C:\windows\settings.INI
[2012/03/20 21:35:49 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wddchdg.sys
[2012/03/20 21:13:36 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2012/03/20 21:13:36 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012/03/20 21:13:36 | 000,014,409 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2012/03/20 21:13:36 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini
[2012/03/20 21:13:36 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini
[2012/03/20 21:13:36 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini
[2012/03/20 21:13:36 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini
[2012/03/20 21:13:36 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini
[2012/03/20 21:13:36 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini
[2012/03/20 21:13:36 | 000,002,153 | ---- | C] () -- C:\windows\remove.ini
[2012/03/20 21:13:35 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini
[2012/03/20 21:13:35 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini
[2012/03/20 21:13:35 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini
[2012/03/20 21:13:35 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini
[2012/03/20 21:13:35 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini
[2012/03/20 21:13:35 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini
[2012/03/20 21:13:35 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini
[2012/03/20 21:13:35 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini
[2012/03/20 21:13:35 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini
[2012/03/20 21:13:35 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini
[2012/03/20 21:13:35 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini
[2012/03/20 21:13:35 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini
[2012/03/20 21:13:35 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini
[2012/03/20 21:13:35 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini
[2012/03/20 21:13:35 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini
[2012/03/20 21:13:35 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini
[2012/03/20 21:13:35 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini
[2012/03/20 21:13:35 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini
[2012/03/20 21:13:35 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini
[2012/03/20 21:13:35 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini
[2012/03/20 21:13:35 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini
[2012/03/20 21:13:35 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini
[2012/03/20 21:13:35 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012/01/21 23:25:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012/01/21 23:25:14 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll
[2011/09/05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/08/23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/05/30 21:58:34 | 000,185,168 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011/05/30 21:58:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011/03/06 18:31:06 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wddbidc.sys
[2011/03/06 18:16:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wddbiai.sys
[2011/03/06 17:49:18 | 000,798,674 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/25 18:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/12 00:07:16 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/02/12 00:07:16 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/02/12 00:07:16 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/02/12 00:04:36 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/02/03 00:49:02 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/02/03 00:47:42 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/02/03 00:47:42 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/01/29 19:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/10 23:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat

========== LOP Check ==========

[2012/07/26 06:36:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Anvisoft
[2012/05/24 12:57:08 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\CBS Interactive
[2012/07/09 09:45:26 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/01 11:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2012/05/12 12:20:08 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ContinuousClient
[2012/07/17 14:13:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
[2012/05/05 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DigitalPersona
[2012/07/10 07:38:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Epson
[2012/07/17 14:13:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2012/05/05 15:42:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Infineon
[2012/07/21 10:45:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\inkscape
[2012/05/09 09:38:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IrfanView
[2012/07/21 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\QuickScan
[2012/06/26 09:57:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Scribus
[2012/05/25 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SecondLife
[2012/07/09 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/05 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Synaptics
[2012/07/18 08:13:33 | 000,022,406 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/28 23:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/28 23:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/28 23:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/28 23:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/28 23:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/28 23:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/28 23:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/28 23:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012/03/29 20:35:50 | 000,375,952 | ---- | M] (Adobe Systems Incorporated) MD5=5965DFD83E10938A579952EB58C10298 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip
[2012/03/29 20:35:50 | 000,297,104 | ---- | M] (Adobe Systems Incorporated) MD5=8311BFD3FD21EB8089259C491406A7B0 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2012/04/04 01:54:04 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2012/04/04 01:54:04 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/04/04 01:54:06 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Users\Peter\AppData\SpybotPortable\App\Spybot\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/28 23:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/28 23:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/05/16 03:10:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/05/16 03:10:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/05/16 03:10:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/19 16:58:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/19 16:58:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/16 03:10:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/16 03:10:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/16 03:10:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 7/22/2012 10:53:25 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Peter\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 32.82% Memory free
7.90 Gb Paging File | 4.63 Gb Available in Paging File | 58.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.52 Gb Total Space | 362.11 Gb Free Space | 81.28% Space Free | Partition Type: NTFS
Drive E: | 14.95 Gb Total Space | 2.23 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.68% Space Free | Partition Type: FAT32
Drive H: | 731.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CYPRESSHP | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01297ADA-BF71-4690-976A-AB38756B45C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{01E8E0BE-9E91-41B8-BC42-C21248682CAB}" = rport=138 | protocol=17 | dir=out | app=system |
"{08142414-B10D-40DB-9642-6AB98D7BFA70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118AE81B-0527-4C86-AF0B-D74A97BA8F0A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C177D50-64EA-48B3-9A0C-86586782B2B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E3BD507-D3E5-4915-A2EB-883F52D61E04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4173B48C-BB26-4745-A454-1A2DEE3D968C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D3BEB81-DB23-4A9A-8951-1B23810FB5C1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5EF376AA-A5FF-409B-A237-34D5A3BA3CCA}" = rport=139 | protocol=6 | dir=out | app=system |
"{66007390-31C2-46AC-99F3-29C21CCD479D}" = rport=445 | protocol=6 | dir=out | app=system |
"{85D52CC1-44E7-4332-8C73-D4D44291E5A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{949CB058-28DE-443B-8F52-6538359B14C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{998E087F-E79C-444C-AAA9-DEA555FC1256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D72324D-E2C2-4C28-A5CB-EDAB0BBE1877}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0A6893A-4A40-4E61-9113-DE8C393C0225}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD3618FC-DB95-4512-9D8D-66C2D8EDF80E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C1815ADB-7062-4797-8BC9-2183E6BFD1BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{C472DDC3-4FC3-430B-B387-3B2EA0711D41}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B471B6-9B0B-4D71-94B7-5806F994CB5A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CF1BC53B-B462-4C4F-B0F4-8479DD92769B}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF575B01-EB4A-49D7-B8D4-C0F9860DD0F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DCA81571-CDD8-4533-8F01-40101D157A39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E0998163-D809-42CB-B5A5-54AC08293EED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBB3FB6B-54EF-4023-AC41-80582482EB93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F077CEDB-1798-44C6-9A59-A2688D2C13E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2044A18-7DC7-44E5-9D51-0801AD7E5038}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F88ED8A4-7AA6-4C7A-A8E4-E6574E4BA340}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D0C35BC-833E-4407-9C6A-226E4DD4327D}" = protocol=1 | dir=in | [email protected],-28543 |
"{1F44A052-46CA-459F-B28F-E27524868922}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2001BF6B-70B9-43EB-A07E-38A51BBC2400}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B7E71AF-5E2F-4BBE-9282-D59EC53EBD8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2E364FFB-E101-4444-A495-2E1134A942E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3E4BC1BF-0E48-4923-9833-01BFDD50A9CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41E3FBD5-89DD-45F3-B9B7-9C8E7EC94DF0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56B9B125-7284-4138-8B50-5024C27B4F78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57025D2A-773E-42B8-8B13-2E8099C71E29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A994521-E02D-4DEE-BAB6-73A67E8F7DCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C21E0AD-3D40-4ACB-A1D9-B32393E83AC8}" = protocol=1 | dir=out | [email protected],-28544 |
"{755356E6-2277-41D3-B028-FDE9C70CA839}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{88D11B8C-70EE-435F-B807-CECD9D829FFF}" = protocol=58 | dir=in | [email protected],-28545 |
"{8B0320ED-3A45-4E63-A9B0-62C83EA4F7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8F02AF08-1DBA-4C5C-9CBC-C6C188A23740}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ADA883EE-ABD9-4039-BD63-726BAA4B20EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B109024C-FA98-4D06-B7C6-825E1AEB8532}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B61C576E-E278-4481-8484-03B721F03CD3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7D279B6-D65B-458B-A966-341A0C484BE1}" = protocol=6 | dir=out | app=system |
"{B92D48D4-7C53-4A3D-9885-D628348788CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF57B37D-C606-41B3-A359-3E687CC70D93}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C4B59F70-36FE-4C90-9759-98023C322355}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6A809E0-8D77-4B8A-9B12-88C68CC17295}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C971D05B-F0FE-4A8F-AFA7-5E79DA685228}" = protocol=58 | dir=out | [email protected],-28546 |
"{D6D240F2-07E9-4D75-A167-BD29F6DFEA01}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E66CF36D-DCD1-411E-A3E0-3B06E0286ED8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDCE432B-62E8-41B3-BC97-B82F827F5A51}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{06A0B1F5-C79C-4726-8B4E-B8DCBF841875}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{EB45A15B-346D-4DB6-91E7-0716427A54CD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{20AC0A95-8A1E-430E-BE92-68D5C9C75B7E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B9E7D5FC-C75D-4C96-B2BE-A8F33760D5DD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5476AB75-E584-4497-80AF-7F205D8F6F54}" = Privacy Manager for HP ProtectTools
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87821717-5688-4AE6-887A-6B11571D0CD7}" = Embedded Security for HP ProtectTools
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFA2D2A7-4FAC-4862-B7A3-960B329C2177}" = Validity Fingerprint Sensor Driver
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8E7F1B9-A304-D655-A7BD-669020C47536}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0A76081-22E4-5B3F-5394-1229DDF73585}" = AMD Catalyst Install Manager
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBFC2FD4-DF47-4FBF-8D6D-275B488D87D5}" = HP Power Assistant
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"BullGuard" = BullGuard Antivirus
"CCleaner" = CCleaner
"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall
"HFRS_is1" = Trend Micro SafeSync
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003E5796-EF64-E4F4-E2EE-1E9F0D10E491}" = CCC Help Danish
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{226F6E94-8E57-29D5-FD6D-7C89A3AD2F90}" = CCC Help German
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{26FE0551-FBE8-72A0-7584-D5BCDE41FE33}" = CCC Help Swedish
"{28D9389B-FB3E-B1D4-2EFD-EEAAFCD31523}" = CCC Help Italian
"{2B045220-B747-3DB3-AD03-A494DF676BA7}" = CCC Help Chinese Traditional
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0
"{2CAE55F0-5CD4-FCDE-5AF8-935622308F8D}" = EasyRotator Wizard
"{2E830895-851C-30C2-F3D2-3995E57896E7}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37F52BBE-2D75-55D4-8933-29D9C49A7197}" = CCC Help French
"{3E084D68-4C18-5565-9C14-E1C9218F8059}" = CCC Help Turkish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{46C954CF-5417-04EE-409A-F473BC7AE6E6}" = CCC Help Norwegian
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE1D9D9-45B6-48D1-1CAE-F44E7936CD3B}" = Catalyst Control Center
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6807E675-7798-4566-AFEB-767DE67AF6B2}" = Office Timeline 2010
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6DE35E38-F7EE-4747-569A-0DBA92C51D66}" = Catalyst Control Center Localization All
"{6E9B0E05-5557-9148-0E22-C73F3343DBBE}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76093D95-0E4A-D8A7-80AD-4B57B27FD417}" = CCC Help Greek
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A424C13D-E878-FCC9-6129-D4FC425142ED}" = Catalyst Control Center Profiles Mobile
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A787E44A-57D1-CFEC-9551-502499996E23}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98F7C8E-72FE-E619-C3CC-AF4AF659801F}" = CCC Help Finnish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCF5BFD6-BA3F-3970-6715-44147EBABAC1}" = CCC Help Portuguese
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C837152A-3F26-DD7F-D144-4EAB6C619240}" = CCC Help Spanish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67CAEE-90A0-A12C-00D4-378F22190106}" = CCC Help Chinese Standard
"{D2738E50-4C79-40FC-B4E1-54FE984BE914}" = Catalyst Control Center - Branding
"{D2A2E5CD-801A-4B8D-8119-F79449A09B67}" = HP System Default Settings
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C9EB0B-CD13-4BB7-E884-39C436DCCD60}" = Catalyst Control Center Graphics Previews Common
"{D7782BD1-CD9A-0A73-083F-CB9779A17825}" = Adobe® Content Viewer
"{DD76BE0B-92AA-ADE0-513A-0B8A05C51FBA}" = CCC Help Thai
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E860BF84-1B83-0EA1-CDFD-399F137CFD68}" = Catalyst Control Center InstallProxy
"{EBD1C6DF-9F2D-4B5B-DBCF-9F3AC71490F6}" = CCC Help English
"{ED507148-8CD2-DC5F-11D9-83C7C6E60F04}" = CCC Help Dutch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F15D678A-D703-6D1E-9C30-AE88BDE85414}" = CCC Help Czech
"{F1742903-373B-F0BF-47D9-C80FAA1F8965}" = CCC Help Hungarian
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F4EDA228-A919-0E9E-BBB0-1E4ADD332DCB}" = CCC Help Japanese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE465061-894A-4023-8580-56FCDD4F23F9}" = HP SoftPaq Download Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Anvi Smart Defender" = Anvi Smart Defender 1.02
"ATT-PRT22" = ATT-PRT22
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"com.dwuser.erwizard.EasyRotatorWizard" = EasyRotator Wizard
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Scribus 1.4.1" = Scribus 1.4.1
"Sfax Printer Driver" = Sfax Printer Driver
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2012 11:33:11 AM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: The server name or address
could not be resolved

Error - 6/4/2012 11:33:13 AM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = result: Scan Failed - General scan failure computer: CypressHP scanned
on: 6/1/2012 11:24 AM

Error - 6/11/2012 3:05:19 PM | Computer Name = CypressHP | Source = MsiInstaller | ID = 11500
Description =

Error - 6/14/2012 3:12:44 PM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: A connection with the server
could not be established

Error - 6/14/2012 3:12:44 PM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: The server was busy and could
not check for updates.

Error - 6/14/2012 3:12:46 PM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = result: Scan Failed - General scan failure computer: CypressHP scanned
on: 6/14/2012 7:34 AM

Error - 6/21/2012 4:16:50 PM | Computer Name = CypressHP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: MSHTML.dll, version: 9.0.8112.16446,
time stamp: 0x4fb58407 Exception code: 0xc0000005 Fault offset: 0x0016d318 Faulting
process id: 0x850 Faulting application start time: 0x01cd4fea5c6f438d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\windows\system32\MSHTML.dll Report Id: 08157c63-bbde-11e1-881a-402cf429770b

Error - 6/22/2012 3:54:34 PM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: The server name or address
could not be resolved

Error - 6/22/2012 3:54:36 PM | Computer Name = CypressHP | Source = CNET TechTracker | ID = 131074
Description = result: Scan Failed - Error submitting scan results to server computer:
CypressHP scanned on: 6/21/2012 3:16 PM

Error - 6/25/2012 8:06:14 AM | Computer Name = CypressHP | Source = Validity USDK | ID = 262184
Description = SSL alert by host: Description is: 47.

[ Broadcom Wireless LAN Events ]
Error - 5/5/2012 3:55:10 PM | Computer Name = CypressHP | Source = WLAN-Tray | ID = 0
Description = 15:55:10, Sat, May 05, 12 Error - Unable to get current user admin
status

Error - 5/5/2012 3:56:26 PM | Computer Name = CypressHP | Source = WLAN-Tray | ID = 0
Description = 15:56:26, Sat, May 05, 12 Error - Unable to get current user admin
status

Error - 5/5/2012 3:58:03 PM | Computer Name = CypressHP | Source = WLAN-Tray | ID = 0
Description = 12:58:03, Sat, May 05, 12 Error - Unable to switch user context, authentication
information not set correctly

Error - 5/5/2012 5:50:10 PM | Computer Name = CypressHP | Source = WLAN-Tray | ID = 0
Description = 17:50:09, Sat, May 05, 12 Error - Unable to switch user context, authentication
information not set correctly

[ Hewlett-Packard Events ]
Error - 5/13/2012 2:11:12 PM | Computer Name = CypressHP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4046 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/13/2012 2:11:32 PM | Computer Name = CypressHP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/13/2012 2:11:50 PM | Computer Name = CypressHP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/13/2012 2:14:49 PM | Computer Name = CypressHP | Source = HPSF.exe | ID = 4000
Description =

[ HP Connection Manager Events ]
Error - 5/28/2012 5:55:47 AM | Computer Name = CypressHP | Source = hpMobile | ID = 5
Description = 2012/05/28 05:55:47.941|00001FDC|Error |[HP.Mobile]Wlan::.ctor{}|Retrieving
the COM class factory for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234}
failed due to the following error: 80080005.

Error - 5/28/2012 5:56:47 AM | Computer Name = CypressHP | Source = hpMobile | ID = 5
Description = 2012/05/28 05:56:47.995|00001FDC|Error |[HP.Mobile]Bluetooth::.ctor{}|Retrieving
the COM class factory for component with CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850}
failed due to the following error: 80080005.

Error - 6/14/2012 5:05:24 PM | Computer Name = CypressHP | Source = hpCMSrv | ID = 5
Description = 2012/06/14 17:05:24.057|00000784|Error |CWLAN::StateChanged|Fire_StateChanged
failed [hr:0x800706BA]

Error - 6/30/2012 1:28:44 PM | Computer Name = CypressHP | Source = hpCMSrv | ID = 5
Description = 2012/06/30 13:28:44.148|00001D78|Error |CWLAN::StateChanged|Fire_StateChanged
failed [hr:0x800706BA]

Error - 7/6/2012 11:54:49 AM | Computer Name = CypressHP | Source = hpCMSrv | ID = 5
Description = 2012/07/06 11:54:49.973|00001EB8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/19/2012 5:34:37 PM | Computer Name = CypressHP | Source = HPConnectionManager | ID = 5
Description = 2012/07/19 17:34:37.327|00001B48|Error |App::CurrentDomain_AssemblyResolve{System.Reflection.Assembly(object,System.ResolveEventArgs)}|Application
is exiting because it cannot load the assembly: CaslShared, Version=3.5.1.1, Culture=neutral,
PublicKeyToken=9c6f83d5b7f3d097

Error - 7/20/2012 10:42:11 AM | Computer Name = CypressHP | Source = HPConnectionManager | ID = 5
Description = 2012/07/20 10:42:11.454|00001980|Error |App::CurrentDomain_AssemblyResolve{System.Reflection.Assembly(object,System.ResolveEventArgs)}|Application
is exiting because it cannot load the assembly: CaslShared, Version=3.5.1.1, Culture=neutral,
PublicKeyToken=9c6f83d5b7f3d097

Error - 7/20/2012 1:28:16 PM | Computer Name = CypressHP | Source = HPConnectionManager | ID = 5
Description = 2012/07/20 13:28:16.996|00001460|Error |App::CurrentDomain_AssemblyResolve{System.Reflection.Assembly(object,System.ResolveEventArgs)}|Application
is exiting because it cannot load the assembly: CaslShared, Version=3.5.1.1, Culture=neutral,
PublicKeyToken=9c6f83d5b7f3d097

Error - 7/21/2012 10:11:31 AM | Computer Name = CypressHP | Source = HPConnectionManager | ID = 5
Description = 2012/07/21 10:11:31.694|000007D0|Error |App::CurrentDomain_AssemblyResolve{System.Reflection.Assembly(object,System.ResolveEventArgs)}|Application
is exiting because it cannot load the assembly: CaslShared, Version=3.5.1.1, Culture=neutral,
PublicKeyToken=9c6f83d5b7f3d097

Error - 7/21/2012 2:53:15 PM | Computer Name = CypressHP | Source = HPConnectionManager | ID = 5
Description = 2012/07/21 14:53:15.610|00001578|Error |App::CurrentDomain_AssemblyResolve{System.Reflection.Assembly(object,System.ResolveEventArgs)}|Application
is exiting because it cannot load the assembly: CaslShared, Version=3.5.1.1, Culture=neutral,
PublicKeyToken=9c6f83d5b7f3d097

[ HP Power Assistant Events ]
Error - 7/20/2012 12:11:15 PM | Computer Name = CypressHP | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 7/21/2012 10:10:52 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/21/2012 10:10:52 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/21/2012 10:10:53 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 7/21/2012 2:51:03 PM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/21/2012 2:51:03 PM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/21/2012 2:51:03 PM | Computer Name = CypressHP | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 7/22/2012 7:55:51 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/22/2012 7:55:51 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Could not load file or assembly 'CaslShared, Version=3.5.1.1,
Culture=neutral, PublicKeyToken=9c6f83d5b7f3d097' or one of its dependencies. The
system cannot find the file specified.

Error - 7/22/2012 7:55:51 AM | Computer Name = CypressHP | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

[ HP Software Framework Events ]
Error - 7/11/2012 11:14:40 AM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 11:14:40.433|00000858|Error |[CaslWmi]A::A{bool(object,object)}|Error
invoking subscriber delegate. Exception: No handler registered for event, Wireless.GlobalChanged.2.0

Error - 7/11/2012 11:14:40 AM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 11:14:40.576|00001298|Error |[CaslWmi]A::A{bool(object,object)}|Error
invoking subscriber delegate. Exception: No handler registered for event, Wireless.GlobalChanged.2.0

Error - 7/11/2012 11:14:40 AM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 11:14:40.765|00000858|Error |[CaslWmi]A::A{bool(object,object)}|Error
invoking subscriber delegate. Exception: No handler registered for event, Wireless.GlobalChanged.2.0

Error - 7/11/2012 11:14:40 AM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 11:14:40.890|00000858|Error |[CaslWmi]A::A{bool(object,object)}|Error
invoking subscriber delegate. Exception: No handler registered for event, Wireless.GlobalChanged.2.0

Error - 7/11/2012 2:54:55 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 14:54:54.398|00000FB4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 7/11/2012 2:54:55 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 14:54:55.661|00000FB4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the QuickSynch.Bitlocker.Changed event. Exception: Object reference
not set to an instance of an object.

Error - 7/11/2012 4:47:44 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 16:47:44.526|00000A80|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 7/11/2012 4:47:44 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 16:47:44.697|00000A80|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the QuickSynch.Bitlocker.Changed event. Exception: Object reference
not set to an instance of an object.

Error - 7/11/2012 8:42:33 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 20:42:33.747|0000185C|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 7/11/2012 8:42:33 PM | Computer Name = CypressHP | Source = CaslSmBios | ID = 5
Description = 2012/07/11 20:42:33.888|0000185C|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the QuickSynch.Bitlocker.Changed event. Exception: Object reference
not set to an instance of an object.

[ Media Center Events ]
Error - 5/23/2012 2:33:06 PM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 2:33:06 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 3:33:38 PM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 3:33:38 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 4:33:48 PM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 4:33:48 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 6/14/2012 6:38:27 AM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 6:38:27 AM - Error connecting to the internet. 6:38:27 AM - Unable
to contact server..

Error - 6/28/2012 8:11:09 AM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 8:11:09 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 7/3/2012 7:32:38 AM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 7:32:38 AM - Error connecting to the internet. 7:32:38 AM - Unable
to contact server..

Error - 7/18/2012 8:14:37 AM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 8:14:36 AM - Error connecting to the internet. 8:14:37 AM - Unable
to contact server..

Error - 7/18/2012 8:15:42 AM | Computer Name = CypressHP | Source = MCUpdate | ID = 0
Description = 8:15:14 AM - Error connecting to the internet. 8:15:14 AM - Unable
to contact server..

[ System Events ]
Error - 6/14/2012 3:11:09 PM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The hpHotkeyMonitor service failed to start due to the following error:
%%2

Error - 6/14/2012 3:11:12 PM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The Online Backup Service service failed to start due to the following
error: %%2

Error - 6/14/2012 3:12:02 PM | Computer Name = CypressHP | Source = Microsoft-Windows-TBS | ID = 16385
Description = An internal TBS error was detected. The error code was 0x800703e3.
This is usually caused by unexpected TPM or driver behavior and may be transient.

Error - 6/14/2012 4:28:07 PM | Computer Name = CypressHP | Source = Microsoft-Windows-TBS | ID = 16385
Description = An internal TBS error was detected. The error code was 0x800703e3.
This is usually caused by unexpected TPM or driver behavior and may be transient.

Error - 6/15/2012 7:17:04 AM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The hpHotkeyMonitor service failed to start due to the following error:
%%2

Error - 6/15/2012 7:17:04 AM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The Online Backup Service service failed to start due to the following
error: %%2

Error - 6/15/2012 7:24:09 AM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The hpHotkeyMonitor service failed to start due to the following error:
%%2

Error - 6/15/2012 7:24:11 AM | Computer Name = CypressHP | Source = Service Control Manager | ID = 7000
Description = The Online Backup Service service failed to start due to the following
error: %%2

Error - 6/17/2012 1:45:36 PM | Computer Name = CypressHP | Source = Microsoft-Windows-TBS | ID = 16385
Description = An internal TBS error was detected. The error code was 0x800703e3.
This is usually caused by unexpected TPM or driver behavior and may be transient.

Error - 6/17/2012 2:26:41 PM | Computer Name = CypressHP | Source = Microsoft-Windows-TBS | ID = 16385
Description = An internal TBS error was detected. The error code was 0x800703e3.
This is usually caused by unexpected TPM or driver behavior and may be transient.

< End of report >

#26
Render

Posted 01 August 2012 - 01:05 PM

Trusted Helper

Malware Removal
4,195 posts

Logs looks good.

Please uninstall this thing:

Anti-phishing Domain Advisor

Then test it.

#27
jorgeanchovy

Posted 02 August 2012 - 07:05 AM

Member

Topic Starter
Member
20 posts

Hi Render,

Will do. Have an idea I wanted to run past you. If it happens that my connection flicks out again, should I run that test.bat you sent me *while the connection is down*? That report looked like it had to do with the connectivity, so I wondered if we could learn something from me doing that.

Thanks,

Peter

#28
Render

Posted 02 August 2012 - 07:22 AM

Trusted Helper

Malware Removal
4,195 posts

I'm not sure as I still don't know for sure what's causing it.

#29
jorgeanchovy

Posted 02 August 2012 - 10:55 AM

Member

Topic Starter
Member
20 posts

Hi Render,

I did just lose connection at 12:45 EDT and ran test.bat while the connection was down. It was back up by the time I was rebooting the machine at the end of its process. Maybe it came back up in the middle and this report will read the same as yesterday's, I don't know. It was doing a pause and telling me to hit return to continue 2 or 3 times, which I don't remember from first time through.

Anyway, in case this gives you any helpful info, which it may not, here is the report from when the connection was down. The one piece of helpful info we do have is that the problem is not solved yet.

Local Area Connection:
Node IpAddress: [10.0.0.3] Scope Id: []

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
CYPRESSHP <20> UNIQUE Registered
CYPRESSHP <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

No names in cache

Wireless Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

No names in cache

Windows IP Configuration

Host Name . . . . . . . . . . . . : CypressHP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
Physical Address. . . . . . . . . : 20-10-7A-45-13-A2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 40-2C-F4-29-77-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-9C-02-93-27-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::61ab:60f0:508b:4be1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 10:02:00 PM
Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 8:11:24 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 238832274
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FA-DE-B2-00-9C-02-93-27-4E
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E96F5685-C65F-4776-A433-E6FD5A090BE9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{672FB6AB-8FCA-454A-961A-108F7F9DB738}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12D84F0F-F828-4D8C-B372-E0859B917957}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2848:310d:f5ff:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::2848:310d:f5ff:fffc%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging Yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=218ms TTL=45
Reply from 72.30.38.140: bytes=32 time=148ms TTL=45
Reply from 72.30.38.140: bytes=32 time=146ms TTL=45
Reply from 72.30.38.140: bytes=32 time=242ms TTL=45

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 242ms, Average = 188ms

Pinging Google.com [74.125.130.113] with 32 bytes of data:
Reply from 74.125.130.113: bytes=32 time=74ms TTL=42
Reply from 74.125.130.113: bytes=32 time=77ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42

Ping statistics for 74.125.130.113:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 77ms, Average = 75ms
These Windows services are started:

Adobe Acrobat Update Service
AMD External Events Utility
Andrea ST Filters Service
Application Information
Application Management
ArcCapture
Audio Service
Authentication Service
Avira Realtime Protection
Avira Scheduler
Background Intelligent Transfer Service
Base Filtering Engine
Bluetooth Service
Broadcom Wireless LAN Tray Service
Certificate Propagation
CNG Key Isolation
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
DNS Client
Encrypting File System (EFS)
EPSON V3 Service4(04)
EPSON V5 Service4(04)
Extensible Authentication Protocol
File Sanitizer for HP ProtectTools
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Listener
HomeGroup Provider
HP DayStarter Service
HP Power Assistant Service
HP ProtectTools Service
HP Quick Synchronization Service
HP Service
HP Software Framework Service
HP Support Assistant Service
IKE and AuthIP IPsec Keying Modules
Intel® Identity Protection Technology Host Interface Service
Intel® Management and Security Application Local Management Service
Intel® Management and Security Application User Notification Service
Intel® Rapid Storage Technology
IP Helper
LightScribeService Direct Disc Labeling Service
McAfee Endpoint Encryption Agent
McciCMService
McciCMService64
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Office Software Protection Platform
Offline Files
OnlineStorageService
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Personal Secure Drive Service
Plug and Play
PnP-X IP Bus Enumerator
Portrait Displays SDK Service
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secondary Logon
Secunia PSI Agent
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Security Platform Management Service
Server
Shell Hardware Detection
Skype C2C Service
Smart Card
SSDP Discovery
Superfetch
System Event Notification Service
Tablet PC Input Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Themes
TPM Base Services
Trusted Platform Core Service
UPnP Device Host
User Profile Service
Validity VCS Fingerprint Service
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation

The command completed successfully.

.
Afd
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancillary Function Driver for Winsock
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
dhcp
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 524
FLAGS :
Dnscache
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx
: nsi
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1568
FLAGS :
gpsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: gpsvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k GPSvcGroup
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Group Policy Client
DEPENDENCIES : RPCSS
: Mup
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: gpsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1284
FLAGS :
iphlpsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: iphlpsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k NetSvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IP Helper
DEPENDENCIES : RpcSS
: Tdx
: winmgmt
: tcpip
: nsi
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: iphlpsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
lanmanserver
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES : SamSS
: Srv
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
Lmhosts
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 524
FLAGS :
NetBIOS
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
NetBT
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 87
DISPLAY_NAME : NetBT
DEPENDENCIES : Tdx
: tcpip
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
Netman
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
: nsi
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 596
FLAGS :
netprofm
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network List Service
DEPENDENCIES : RpcSs
: nlasvc
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
NlaSvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness
DEPENDENCIES : NSI
: RpcSs
: TcpIp
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1568
FLAGS :
nsi
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Store Interface Service
DEPENDENCIES : nsiproxy
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
PolicyAgent
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPsec Policy Agent
DEPENDENCIES : Tcpip
: bfe
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
RasMan
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
: SstpSvc
SERVICE_START_NAME : localSystem

SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
RPCSS
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : RpcEptMapper
: DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 948
FLAGS :
SstpSvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secure Socket Tunneling Protocol Service
DEPENDENCIES :
SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1320
FLAGS :
TCPIP
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
WebClient
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

#30
Render

Posted 02 August 2012 - 12:35 PM

Trusted Helper

Malware Removal
4,195 posts

Looks OK:

Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-9C-02-93-27-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::61ab:60f0:508b:4be1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 10:02:00 PM
Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 8:11:24 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 238832274
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FA-DE-B2-00-9C-02-93-27-4E
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Pinging Yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=218ms TTL=45
Reply from 72.30.38.140: bytes=32 time=148ms TTL=45
Reply from 72.30.38.140: bytes=32 time=146ms TTL=45
Reply from 72.30.38.140: bytes=32 time=242ms TTL=45

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 242ms, Average = 188ms

Pinging Google.com [74.125.130.113] with 32 bytes of data:
Reply from 74.125.130.113: bytes=32 time=74ms TTL=42
Reply from 74.125.130.113: bytes=32 time=77ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42
Reply from 74.125.130.113: bytes=32 time=76ms TTL=42

Ping statistics for 74.125.130.113:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 77ms, Average = 75ms

Please download Farbar Service Scanner and run it on the computer.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.