Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Win32/Olmarik.TDL4, need help please! [Solved]

Started by sfred27 , Jul 25 2012 09:35 AM

This topic is locked

#1
sfred27

Posted 25 July 2012 - 09:35 AM

Member

Member
10 posts

Last night my computer shut off all of a sudden. After rebooting I ran eset and it found a trojan called "Win32/Olmarik.TDL4". After reading through various forums I discovered that there are different variants to the virus so I would need specific help. I have already ran aswMBR and saved the log file to my desktop and now needing further assistance. Thank you for any help I can get!

#2
Essexboy

Posted 25 July 2012 - 01:29 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi could you post the aswMBR log please and also

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
sfred27

Posted 25 July 2012 - 05:59 PM

Member

Topic Starter
Member
10 posts

Below is the log from aswMBR. Working on installing and running OTL now. Thanks for the help!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 10:21:16
-----------------------------
10:21:16.042 OS Version: Windows x64 6.1.7601 Service Pack 1
10:21:16.042 Number of processors: 2 586 0x603
10:21:16.043 ComputerName: SEANFREDERICK UserName:
10:21:20.183 Initialize success
10:21:30.273 AVAST engine download error: 0
10:21:33.784 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:21:33.786 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC64G Size: 305245MB BusType: 11
10:21:33.788 Device \Driver\atapi -> MajorFunction fffffa80048885e8
10:21:33.791 Disk 0 MBR read successfully
10:21:33.793 Disk 0 MBR scan
10:21:33.795 Disk 0 Windows 7 default MBR code
10:21:33.798 Disk 0 MBR hidden
10:21:33.815 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:21:33.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293431 MB offset 3074048
10:21:33.872 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10313 MB offset 604020736
10:21:33.907 Disk 0 scanning C:\Windows\system32\drivers
10:21:40.805 Service scanning
10:22:03.922 Modules scanning
10:22:03.930 Disk 0 trace - called modules:
10:22:03.935 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80048885e8]<<
10:22:03.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043b1060]
10:22:03.945 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800425a060]
10:22:03.950 \Driver\atapi[0xfffffa80047e9060] -> IRP_MJ_CREATE -> 0xfffffa80048885e8
10:22:03.957 Scan finished successfully
10:22:33.630 Disk 0 MBR has been saved successfully to "C:\Users\Sean Frederick\Desktop\MBR.dat"
10:22:33.636 The log file has been saved successfully to "C:\Users\Sean Frederick\Desktop\aswMBR.txt"

#4
sfred27

Posted 25 July 2012 - 06:24 PM

Member

Topic Starter
Member
10 posts

OTL logfile created on: 7/25/2012 7:15:21 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Sean Frederick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 35.13% Memory free
7.49 Gb Paging File | 4.63 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 235.49 Gb Free Space | 82.18% Space Free | Partition Type: NTFS

Computer Name: SEANFREDERICK | User Name: Sean Frederick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/25 20:11:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sean Frederick\Desktop\OTL.exe
PRC - [2012/03/03 19:08:17 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/08/20 19:42:42 | 000,615,776 | ---- | M] (Nortel Networks) -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/13 15:06:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/20 19:42:42 | 000,615,776 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/06/17 21:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/26 18:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/06 08:38:32 | 000,077,904 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV:64bit: - [2009/08/06 08:38:28 | 000,044,112 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntnvca.sys -- (NT_NvcA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 06:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://partners.sub...%2fDefault.aspx
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 90 70 10 59 D6 CC 01 [binary data]
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS467
IE - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/02/01 16:21:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/02/01 16:21:24 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NVC] C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CBC768C-AEC0-4002-8707-D23EB3A8C854}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FAD1252-C166-4B7C-AD81-E2378C75D620}: DhcpNameServer = 12.180.24.5 12.180.24.6
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6a104ce5-83f6-11e1-860d-c80aa9e86337}\Shell - "" = AutoRun
O33 - MountPoints2\{6a104ce5-83f6-11e1-860d-c80aa9e86337}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{6ce90b8b-424d-11e1-8bca-c2be300a4f6c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ce90b8b-424d-11e1-8bca-c2be300a4f6c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 20:11:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sean Frederick\Desktop\OTL.exe
[2012/07/25 13:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/25 10:10:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Sean Frederick\Desktop\aswMBR.exe
[2012/07/16 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Sean Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Franchise World Headquarters, LLC

========== Files - Modified Within 30 Days ==========

[2012/07/25 20:11:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sean Frederick\Desktop\OTL.exe
[2012/07/25 20:04:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 20:04:54 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 19:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 16:37:31 | 000,874,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/25 16:37:31 | 000,728,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 16:37:31 | 000,146,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/25 12:56:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 10:22:33 | 000,000,512 | ---- | M] () -- C:\Users\Sean Frederick\Desktop\MBR.dat
[2012/07/25 10:20:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Sean Frederick\Desktop\aswMBR.exe
[2012/07/25 09:16:10 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 09:16:10 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 09:08:14 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 13:33:00 | 000,137,140 | ---- | M] () -- C:\Users\Sean Frederick\Desktop\Owner Email Addresses - Rev. 07.03.12.pdf
[2012/07/16 22:41:20 | 000,000,314 | ---- | M] () -- C:\Users\Sean Frederick\Desktop\AliOffice 2.0.appref-ms
[2012/07/11 11:02:44 | 000,001,137 | ---- | M] () -- C:\Users\Sean Frederick\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 10:58:53 | 000,427,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 10:55:44 | 000,135,092 | ---- | M] () -- C:\Users\Sean Frederick\Desktop\ADA Checklist Form.pdf

========== Files Created - No Company Name ==========

[2012/07/25 10:22:33 | 000,000,512 | ---- | C] () -- C:\Users\Sean Frederick\Desktop\MBR.dat
[2012/07/18 13:33:00 | 000,137,140 | ---- | C] () -- C:\Users\Sean Frederick\Desktop\Owner Email Addresses - Rev. 07.03.12.pdf
[2012/07/11 10:55:44 | 000,135,092 | ---- | C] () -- C:\Users\Sean Frederick\Desktop\ADA Checklist Form.pdf
[2012/05/16 09:53:42 | 000,142,725 | ---- | C] () -- C:\Windows\hpwins30.dat
[2012/03/28 11:28:44 | 000,179,882 | ---- | C] () -- C:\Windows\hpwins12.dat
[2012/03/28 11:28:44 | 000,000,731 | ---- | C] () -- C:\Windows\hpwmdl12.dat
[2012/03/21 10:36:35 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/19 15:46:56 | 000,000,032 | ---- | C] () -- C:\Windows\RBuilder.ini
[2012/01/19 13:53:43 | 000,868,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/19 00:04:03 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\VXRAS.DLL
[2012/01/18 23:57:40 | 000,001,768 | ---- | C] () -- C:\Windows\SwWisrCombo.ini
[2012/01/18 23:57:01 | 000,000,297 | ---- | C] () -- C:\Windows\SwExportImport.ini
[2012/01/18 23:56:40 | 000,001,590 | ---- | C] () -- C:\Windows\SWCOMP.INI
[2012/01/18 23:56:40 | 000,000,690 | ---- | C] () -- C:\Windows\AliView.ini
[2012/01/18 23:56:40 | 000,000,432 | ---- | C] () -- C:\Windows\SwCompR.INI
[2012/01/18 23:56:40 | 000,000,295 | ---- | C] () -- C:\Windows\ALICOPY32.INI
[2012/01/18 23:56:40 | 000,000,077 | ---- | C] () -- C:\Windows\SwPict.ini
[2012/01/18 23:56:29 | 000,000,466 | ---- | C] () -- C:\Windows\Alcdun.ini
[2012/01/18 23:53:52 | 000,001,014 | ---- | C] () -- C:\Windows\SWRpt.INI
[2012/01/18 23:53:52 | 000,000,977 | ---- | C] () -- C:\Windows\AliRept.ini
[2012/01/18 23:53:52 | 000,000,416 | ---- | C] () -- C:\Windows\SwAddx.INI
[2012/01/18 23:53:52 | 000,000,386 | ---- | C] () -- C:\Windows\SwStorRepts.INI
[2012/01/18 23:53:52 | 000,000,025 | ---- | C] () -- C:\Windows\SwAliTog.INI
[2012/01/18 23:53:51 | 000,001,257 | ---- | C] () -- C:\Windows\SwGraph.INI
[2012/01/18 23:53:51 | 000,000,549 | ---- | C] () -- C:\Windows\swdToolx.INI
[2012/01/18 23:53:51 | 000,000,361 | ---- | C] () -- C:\Windows\SWDTool.INI
[2012/01/18 23:53:49 | 000,007,652 | ---- | C] () -- C:\Windows\SWDATA.INI
[2012/01/18 23:53:49 | 000,001,310 | ---- | C] () -- C:\Windows\SwAliFloppy.ini
[2012/01/18 23:53:49 | 000,000,690 | ---- | C] () -- C:\Windows\SwRead.INI
[2012/01/18 23:53:49 | 000,000,124 | ---- | C] () -- C:\Windows\BSBrowse.INI
[2012/01/18 23:53:49 | 000,000,037 | ---- | C] () -- C:\Windows\AliSplash.ini
[2012/01/18 23:53:47 | 000,000,045 | ---- | C] () -- C:\Windows\Ali2000.INI
[2012/01/18 23:53:47 | 000,000,036 | ---- | C] () -- C:\Windows\SubwayDA.INI
[2012/01/18 23:53:45 | 000,000,028 | ---- | C] () -- C:\Windows\AliNet.ini
[2012/01/18 23:35:48 | 000,001,256 | ---- | C] () -- C:\Windows\AliCall32.INI
[2012/01/18 23:34:38 | 000,002,392 | ---- | C] () -- C:\Windows\alimast32.ini
[2012/01/18 23:34:38 | 000,000,399 | ---- | C] () -- C:\Windows\AliEv32.ini
[2012/01/18 23:31:57 | 000,000,213 | ---- | C] () -- C:\Windows\InstallManager.INI
[2012/01/18 23:31:45 | 000,049,586 | ---- | C] () -- C:\Windows\swdecor.ini
[2012/01/18 23:31:45 | 000,003,492 | ---- | C] () -- C:\Windows\SwDecor-Spanish.ini
[2012/01/18 23:31:44 | 000,003,341 | ---- | C] () -- C:\Windows\SwDecor-French.ini
[2012/01/18 23:31:44 | 000,003,217 | ---- | C] () -- C:\Windows\SwDecor-German.ini
[2012/01/18 23:25:37 | 000,003,767 | ---- | C] () -- C:\Windows\AliComm32.INI
[2012/01/18 23:09:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/11 00:39:55 | 000,000,682 | ---- | C] () -- C:\Windows\hpwmdl30.dat

========== LOP Check ==========

[2012/04/13 03:18:05 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\Avery
[2012/02/01 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\ESET
[2012/04/11 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\MotoCast
[2012/04/11 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\Motorola
[2012/03/21 13:44:48 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\Softland
[2012/01/19 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Sean Frederick\AppData\Roaming\TeamViewer
[2009/07/14 00:08:49 | 000,023,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[1999/06/25 11:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE32.EXE

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >

OTL Extras logfile created on: 7/25/2012 7:15:21 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Sean Frederick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 35.13% Memory free
7.49 Gb Paging File | 4.63 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 235.49 Gb Free Space | 82.18% Space Free | Partition Type: NTFS

Computer Name: SEANFREDERICK | User Name: Sean Frederick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0054B76C-FC79-4ACF-8DE5-56AC7E84A2D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0059BE6F-6053-4AD5-8958-7E73B8E12D17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{01242512-725A-410B-AF46-BE9CD7E5F765}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0CDED47C-FB5E-45CC-B060-807D94E97E0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17CE5168-CC92-4985-B932-3846E1016858}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E1E62BE-DE12-4E91-9F5E-B1F3E9CC3268}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A03712D-E4FD-4EB5-85A2-8CAB83C16315}" = rport=138 | protocol=17 | dir=out | app=system |
"{3428DB0B-A1CE-433E-9B4F-0AD850F91538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{478A22F4-B14F-4756-AEBD-FD1371990649}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{481E4E34-87F9-4189-B42B-31A066782CAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5095353A-8FF5-4AD6-92DE-ED8417155569}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BC06B59-1A38-4182-A265-E79D62483EA3}" = rport=137 | protocol=17 | dir=out | app=system |
"{6AB03B5E-5322-4125-A72C-8C8FAE2F150F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6BC1C47C-A6F5-45F0-B506-616B7F7E41F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{81E3FAA9-B178-4248-AA30-E98EFE4AA72D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{864A1D8D-8235-45E0-9A4F-65DEF7A33602}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9E192264-52A3-4859-B5B9-028CF3D9B0FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{A61A227E-26EA-485B-9245-3D3508BC40EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB6C8012-C23E-4464-9490-01AD322C0019}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB72B1AB-0A1D-434E-B206-3A03E4621E4A}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBA46B4B-B42E-4F33-BD39-E4C586BD801C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB22947C-FA2B-4CDD-866D-DBBE1FD52057}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8123C7F-4CCA-4561-A0C9-B26588959D4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA795488-D6F4-4781-8949-F7BFA43E0586}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDF4873F-6E82-4954-BECF-8FEAA8835F84}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA36FBD-9626-4107-96D9-2F66BB373367}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10275F67-E2C2-43FE-9CB0-775BEC7A2E07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{170C037D-164C-480B-8EA1-DB4077EEFA21}" = protocol=6 | dir=in | app=c:\program files (x86)\nortel\nortel vpn client\nvc.exe |
"{2DDE0142-8105-4D0D-B500-8DE6E7E25477}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{323BE0C5-571A-4A95-8E6C-E7836691D413}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{34B86E8C-846E-4F5B-9A53-EC8F86303FAD}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{48DB8D98-3C11-4E5B-91B6-762720D32AED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E95E17E-D05B-4809-8B91-BF253B5A9728}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{4F0103ED-DFDE-4F7D-9EED-D145D139208D}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{5ADEF698-0908-4821-A031-972EC5F080DA}" = protocol=58 | dir=in | [email protected],-28545 |
"{659D04FA-7239-4A7C-A412-50D4FBEF52A2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7D1FD5AA-F1B2-4A4D-A467-8876F2300468}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{811D6144-4BD8-4A98-87F0-5C077B702F66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81E95C6C-24AC-48AC-82C7-66F45E05C908}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AB3C808-3496-4524-B6CF-DC2FCC9363D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A853339A-AC04-41FA-9F71-7FF80D7CC9AB}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{AA44EDB6-A0D6-4A21-9ADE-A444C72C64BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF7D6D63-A28C-4A78-9ED7-230AF5910CB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B498541B-0D48-4EE8-BA77-C2859B1E3DD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6214E06-4272-48E5-BAB6-62C405E04485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1AE9940-536A-469D-ACF1-72852237650F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C4DBF10F-7099-4F98-8A88-3E2CB7CD2748}" = protocol=58 | dir=out | [email protected],-28546 |
"{C6655533-1E64-4BFB-BC5A-2B2C690E9C62}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{C66ABAFC-BF1D-4A82-A494-E1D5AB29782B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6DF2D29-8CAF-44A5-A54A-0EAFC9C0F4A7}" = protocol=6 | dir=out | app=system |
"{C850BA4E-07B8-45C1-A1BD-957FFEABD60C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD776719-2446-4D3F-BD9E-11015F5649F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{D1D7C859-AFA1-4EC7-9B71-C77578980741}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3A4F140-81A1-4710-9809-073519EE57B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5C8595A-B92B-4985-B7A6-E5F8E9D3BAA3}" = protocol=1 | dir=out | [email protected],-28544 |
"{D9DD3683-318B-4213-8986-FAF6681A4A5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E32D6708-67BC-48C6-9B7C-6336F31062C9}" = protocol=1 | dir=in | [email protected],-28543 |
"{E55C0AC9-6E89-4EFB-9F24-ABB7B4E1402A}" = protocol=17 | dir=in | app=c:\program files (x86)\nortel\nortel vpn client\nvc.exe |
"{ED02883C-E47A-4B7D-9452-DC5307008302}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDA18F8F-338A-4529-9DBD-4322BF4FFB29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3D1C205-4C88-46A3-A7BA-0CF0F4ED106B}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"TCP Query User{0181A31B-70E1-4463-A976-3FDE9F0F2BB3}C:\hoss\sw\alicall32.exe" = protocol=6 | dir=in | app=c:\hoss\sw\alicall32.exe |
"UDP Query User{72ED9657-FF6E-46A8-948E-0EAAAF40A905}C:\hoss\sw\alicall32.exe" = protocol=17 | dir=in | app=c:\hoss\sw\alicall32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0BD11124-2849-4888-A99C-591480EA6796}" = HP Officejet H470 series
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4EC5CF64-2E59-411D-0820-020091001103}" = Nortel VPN Client
"{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{698977A6-6CEA-4BB5-9271-442C61ED39CE}" = HP Officejet 100 Mobile L411
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"doPDF 7 printer_is1" = doPDF 7.3 printer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C876BA7-32D3-4DE6-9934-B6A97FA09FCE}" = 470_Help
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A4CF00-9FAC-47c8-9B37-91CC23815D64}" = L411
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{58793BC5-EBCE-4e86-9ED2-2410A738AEEB}" = L411_Software_Min
"{5A6EF6D8-D0DD-431B-8F90-106A1A0984F1}" = H470_Basic
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{629F38D9-30E4-4B8B-83B2-9CF7CB5BEF9E}" = L411_Help
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{990635A0-3FCF-4933-AD9B-09CB5C0DC873}" = BPDSoftware
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFFD253D-5CE1-44B5-81DC-E00EF7048770}" = BPDSoftware_Ini
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AliComm32 and Eval32" = AliComm32 and Eval32
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"OUTLOOKR" = Microsoft Office Outlook 2007

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4169945649-4223079018-1734316641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dc883534f170fbd3" = AliOffice 2.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 9:55:13 AM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/19/2012 1:27:41 AM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/20/2012 8:08:45 PM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/21/2012 12:17:30 PM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/23/2012 9:27:24 AM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/23/2012 10:59:39 AM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/25/2012 10:22:29 AM | Computer Name = SeanFrederick | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/25/2012 10:32:57 AM | Computer Name = SeanFrederick | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time
stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process
id: 0xd50 Faulting application start time: 0x01cd6a6f18fb8589 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 9fe562f9-d665-11e1-8d53-c80aa9e86337

Error - 7/25/2012 11:04:57 AM | Computer Name = SeanFrederick | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xc0000017 Fault offset: 0x0000b9bc Faulting
process id: 0x16f0 Faulting application start time: 0x01cd6a72d12557cb Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 18739fea-d66a-11e1-8d53-c80aa9e86337

Error - 7/25/2012 1:18:38 PM | Computer Name = SeanFrederick | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time
stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0003ec44 Faulting process
id: 0xf98 Faulting application start time: 0x01cd6a7742975084 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: c56ee08c-d67c-11e1-8d53-c80aa9e86337

[ DAI Events ]
Error - 1/11/2012 7:37:19 PM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description =

Error - 1/31/2012 10:08:48 AM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description =

Error - 1/31/2012 2:26:41 PM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description = Timestamp: 1/31/2012 6:26:41 PM Category: Default Category Priority:
1 EventId: 911 Severity: Error Title: DAIOffice Exception Handling (Global Policy)
Machine:
SEANFREDERICK Application Domain: DefaultDomain Process Id: 1552 Process Name: C:\Users\Sean
Frederick\AppData\Local\Apps\2.0\473EQ4AR.1PY\MJB4YL87.0JM\daio..tion_9383af0417645b99_0001.0000_66e5c55164ab70ac\DAIOffice.exe
Win32
Thread Id: 4668 Thread Name: Extended Properties: Message: HandlingInstanceID: 0d0444f0-0580-4442-b863-8cafbd9adc42
An
exception of type 'System.InvalidOperationException' occurred and was caught. --------------------------------------------------------------------------------
01/31/2012
12:26:41 Type : System.InvalidOperationException, mscorlib, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : DialogResult can be set only after Window
is created and shown as dialog. Source : DAI.Core Help link : Data : System.Collections.ListDictionaryInternal
TargetSite
: enuFriendlyExceptionTypes GetFriendlyException(System.Exception) Stack Trace :
at DAI.Core.ExceptionManagement.ExceptionManager.GetFriendlyException(Exception
ex) Additional Data : 1) System.Object - Additional Info: MachineName : SEANFREDERICK
TimeStamp
: 1/31/2012 6:26:41 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 AppDomainName
: DefaultDomain ThreadIdentity : SeanFrederick\Sean Frederick WindowsIdentity : SeanFrederick\Sean
Frederick

Error - 2/2/2012 5:01:22 PM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description = Timestamp: 2/2/2012 9:01:22 PM Category: Default Category Priority:
1 EventId: 911 Severity: Error Title: DAIOffice Exception Handling (Global Policy) Machine:
SEANFREDERICK Application Domain: DefaultDomain Process Id: 4072 Process Name: C:\Users\Sean
Frederick\AppData\Local\Apps\2.0\473EQ4AR.1PY\MJB4YL87.0JM\daio..tion_9383af0417645b99_0001.0000_66e5c55164ab70ac\DAIOffice.exe
Win32
Thread Id: 3340 Thread Name: Extended Properties: Message: HandlingInstanceID: 7b192044-8307-4c9f-b134-8bd3cc6501b8
An
exception of type 'System.InvalidOperationException' occurred and was caught. --------------------------------------------------------------------------------
02/02/2012
15:01:21 Type : System.InvalidOperationException, mscorlib, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : DialogResult can be set only after Window
is created and shown as dialog. Source : DAI.Core Help link : Data : System.Collections.ListDictionaryInternal
TargetSite
: enuFriendlyExceptionTypes GetFriendlyException(System.Exception) Stack Trace :
at DAI.Core.ExceptionManagement.ExceptionManager.GetFriendlyException(Exception
ex) Additional Data : 1) System.Object - Additional Info: MachineName : SEANFREDERICK
TimeStamp
: 2/2/2012 9:01:21 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 AppDomainName
: DefaultDomain ThreadIdentity : SeanFrederick\Sean Frederick WindowsIdentity : SeanFrederick\Sean
Frederick

Error - 2/3/2012 1:13:49 AM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description =

Error - 2/8/2012 11:29:08 PM | Computer Name = SeanFrederick | Source = Office-Client | ID = 911
Description =

[ OSession Events ]
Error - 2/6/2012 6:04:51 PM | Computer Name = SeanFrederick | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111830
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/25/2012 1:22:05 AM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 1:29:04 AM | Computer Name = SeanFrederick | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/25/2012 1:29:50 AM | Computer Name = SeanFrederick | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/25/2012 1:29:50 AM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 10:08:21 AM | Computer Name = SeanFrederick | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/25/2012 10:08:21 AM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 5:11:49 PM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 5:21:33 PM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 6:16:45 PM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/25/2012 9:04:54 PM | Computer Name = SeanFrederick | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

#5
Essexboy

Posted 26 July 2012 - 07:10 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets try and get it all in one fell swoop

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#6
sfred27

Posted 26 July 2012 - 06:22 PM

Member

Topic Starter
Member
10 posts

19:17:20.0266 1308 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:17:20.0329 1308 ============================================================
19:17:20.0329 1308 Current date / time: 2012/07/26 19:17:20.0329
19:17:20.0329 1308 SystemInfo:
19:17:20.0329 1308
19:17:20.0329 1308 OS Version: 6.1.7601 ServicePack: 1.0
19:17:20.0329 1308 Product type: Workstation
19:17:20.0329 1308 ComputerName: SEANFREDERICK
19:17:20.0329 1308 UserName: Sean Frederick
19:17:20.0329 1308 Windows directory: C:\Windows
19:17:20.0329 1308 System windows directory: C:\Windows
19:17:20.0329 1308 Running under WOW64
19:17:20.0329 1308 Processor architecture: Intel x64
19:17:20.0329 1308 Number of processors: 2
19:17:20.0329 1308 Page size: 0x1000
19:17:20.0329 1308 Boot type: Normal boot
19:17:20.0329 1308 ============================================================
19:17:22.0045 1308 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:22.0060 1308 ============================================================
19:17:22.0060 1308 \Device\Harddisk0\DR0:
19:17:22.0060 1308 MBR partitions:
19:17:22.0060 1308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D1B800
19:17:22.0060 1308 ============================================================
19:17:22.0076 1308 C: <-> \Device\Harddisk0\DR0\Partition0
19:17:22.0076 1308 ============================================================
19:17:22.0076 1308 Initialize success
19:17:22.0076 1308 ============================================================

ComboFix 12-07-27.02 - Sean Frederick 07/26/2012 19:06:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2482 [GMT -5:00]
Running from: c:\users\Sean Frederick\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 00:10 . 2012-07-27 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 23:48 . 2012-07-26 23:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 04:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B94AA9-D066-47EA-9443-D32D87D0A9A8}\mpengine.dll
2012-07-11 15:45 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:55 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 20:06 . 2012-05-09 15:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 20:06 . 2012-01-19 04:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:42 . 2012-01-19 03:50 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-06 15:46 . 2012-06-06 15:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-06-02 22:19 . 2012-06-22 21:23 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 21:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:23 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 21:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 21:23 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 21:23 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 21:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2012-01-20 17:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 15:21 . 2012-05-14 15:21 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-14 15:21 . 2012-02-14 18:27 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-13 05:21 . 2012-05-13 05:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-13 05:21 . 2012-05-13 05:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-13 05:21 . 2012-05-13 05:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-13 05:21 . 2012-05-13 05:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-13 05:21 . 2012-05-13 05:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-13 05:21 . 2012-05-13 05:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-13 05:21 . 2012-05-13 05:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-13 05:21 . 2012-05-13 05:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-13 05:21 . 2012-05-13 05:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-13 05:21 . 2012-05-13 05:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-13 05:21 . 2012-05-13 05:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-13 05:21 . 2012-05-13 05:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-13 05:21 . 2012-05-13 05:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-13 05:21 . 2012-05-13 05:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-13 05:21 . 2012-05-13 05:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-13 05:21 . 2012-05-13 05:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-13 05:21 . 2012-05-13 05:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-13 05:21 . 2012-05-13 05:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-13 05:21 . 2012-05-13 05:21 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-13 05:21 . 2012-05-13 05:21 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-13 05:21 . 2012-05-13 05:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-13 05:21 . 2012-05-13 05:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-13 05:21 . 2012-05-13 05:21 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-13 05:21 . 2012-05-13 05:21 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-13 05:21 . 2012-05-13 05:21 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-13 05:21 . 2012-05-13 05:21 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-13 05:21 . 2012-05-13 05:21 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-13 05:21 . 2012-05-13 05:21 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-13 05:21 . 2012-05-13 05:21 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-13 05:21 . 2012-05-13 05:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-13 05:21 . 2012-05-13 05:21 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-13 05:21 . 2012-05-13 05:21 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-13 05:21 . 2012-05-13 05:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-13 05:21 . 2012-05-13 05:21 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-13 05:21 . 2012-05-13 05:21 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-13 05:21 . 2012-05-13 05:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-13 05:21 . 2012-05-13 05:21 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-13 05:21 . 2012-05-13 05:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-13 05:21 . 2012-05-13 05:21 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-13 05:21 . 2012-05-13 05:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-13 05:21 . 2012-05-13 05:21 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-13 05:21 . 2012-05-13 05:21 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-13 05:21 . 2012-05-13 05:21 448512 ----a-w- c:\windows\system32\html.iec
2012-05-13 05:21 . 2012-05-13 05:21 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-13 05:21 . 2012-05-13 05:21 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-13 05:21 . 2012-05-13 05:21 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-13 05:21 . 2012-05-13 05:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-13 05:21 . 2012-05-13 05:21 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-13 05:21 . 2012-05-13 05:21 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-13 05:21 . 2012-05-13 05:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-13 05:21 . 2012-05-13 05:21 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-13 05:21 . 2012-05-13 05:21 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-04 11:06 . 2012-06-13 14:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 18:45 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 14:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 18:45 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 14:27 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:27 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-19 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-08 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NVC"="c:\program files (x86)\Nortel\Nortel VPN Client\Nvc.exe" [2009-08-21 1762640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-19 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2009-08-21 615776]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2009-08-06 77904]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2009-08-06 44112]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 20:06]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 04:19]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 04:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://partners.sub...%2fDefault.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2012-07-26 19:16:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 00:16
.
Pre-Run: 251,704,385,536 bytes free
Post-Run: 255,589,154,816 bytes free
.
- - End Of File - - 526A1C39F5062B9E19E181DD4B91850A

#7
sfred27

Posted 26 July 2012 - 06:25 PM

Member

Topic Starter
Member
10 posts

My computer seems to be running smoothly and much faster. It's great! Is it all fixed now?
Again, thank you so much for your help!

#8
Essexboy

Posted 27 July 2012 - 06:02 AM

GeekU Moderator

Retired Staff
69,964 posts

It looks better but the TDSSKiller log is a tad short, could you re-run TDSSKiller please

We will follow that with a sweep for orphans, how is the computer behaving ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#9
sfred27

Posted 27 July 2012 - 07:13 PM

Member

Topic Starter
Member
10 posts

19:19:11.0502 3168 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:19:11.0928 3168 ============================================================
19:19:11.0928 3168 Current date / time: 2012/07/27 19:19:11.0928
19:19:11.0928 3168 SystemInfo:
19:19:11.0928 3168
19:19:11.0928 3168 OS Version: 6.1.7601 ServicePack: 1.0
19:19:11.0928 3168 Product type: Workstation
19:19:11.0928 3168 ComputerName: SEANFREDERICK
19:19:11.0929 3168 UserName: Sean Frederick
19:19:11.0929 3168 Windows directory: C:\Windows
19:19:11.0929 3168 System windows directory: C:\Windows
19:19:11.0929 3168 Running under WOW64
19:19:11.0929 3168 Processor architecture: Intel x64
19:19:11.0929 3168 Number of processors: 2
19:19:11.0929 3168 Page size: 0x1000
19:19:11.0929 3168 Boot type: Normal boot
19:19:11.0929 3168 ============================================================
19:19:12.0814 3168 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:19:12.0827 3168 ============================================================
19:19:12.0827 3168 \Device\Harddisk0\DR0:
19:19:12.0828 3168 MBR partitions:
19:19:12.0828 3168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D1B800
19:19:12.0828 3168 ============================================================
19:19:12.0851 3168 C: <-> \Device\Harddisk0\DR0\Partition0
19:19:12.0851 3168 ============================================================
19:19:12.0851 3168 Initialize success
19:19:12.0851 3168 ============================================================
19:20:25.0783 4816 ============================================================
19:20:25.0783 4816 Scan started
19:20:25.0783 4816 Mode: Manual; SigCheck; TDLFS;
19:20:25.0783 4816 ============================================================
19:20:26.0352 4816 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:20:26.0431 4816 1394ohci - ok
19:20:26.0474 4816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:20:26.0491 4816 ACPI - ok
19:20:26.0526 4816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:20:26.0593 4816 AcpiPmi - ok
19:20:26.0681 4816 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:20:26.0691 4816 AdobeARMservice - ok
19:20:26.0806 4816 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:20:26.0819 4816 AdobeFlashPlayerUpdateSvc - ok
19:20:26.0868 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:20:26.0888 4816 adp94xx - ok
19:20:26.0917 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:20:26.0934 4816 adpahci - ok
19:20:26.0973 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:20:26.0988 4816 adpu320 - ok
19:20:27.0018 4816 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:20:27.0071 4816 AeLookupSvc - ok
19:20:27.0141 4816 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:20:27.0188 4816 AFD - ok
19:20:27.0233 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:20:27.0245 4816 agp440 - ok
19:20:27.0276 4816 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:20:27.0299 4816 ALG - ok
19:20:27.0329 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:20:27.0340 4816 aliide - ok
19:20:27.0381 4816 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
19:20:27.0421 4816 AMD External Events Utility - ok
19:20:27.0451 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:20:27.0462 4816 amdide - ok
19:20:27.0489 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:20:27.0516 4816 AmdK8 - ok
19:20:27.0573 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:20:27.0632 4816 AmdPPM - ok
19:20:27.0700 4816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:20:27.0713 4816 amdsata - ok
19:20:27.0741 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:20:27.0755 4816 amdsbs - ok
19:20:27.0775 4816 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:20:27.0786 4816 amdxata - ok
19:20:27.0830 4816 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:20:27.0936 4816 AppID - ok
19:20:27.0965 4816 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:20:28.0007 4816 AppIDSvc - ok
19:20:28.0051 4816 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:20:28.0084 4816 Appinfo - ok
19:20:28.0129 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:20:28.0142 4816 arc - ok
19:20:28.0154 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:20:28.0167 4816 arcsas - ok
19:20:28.0280 4816 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:20:28.0290 4816 aspnet_state - ok
19:20:28.0320 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:28.0355 4816 AsyncMac - ok
19:20:28.0381 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:20:28.0392 4816 atapi - ok
19:20:28.0713 4816 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:20:28.0881 4816 atikmdag - ok
19:20:29.0026 4816 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:20:29.0082 4816 AudioEndpointBuilder - ok
19:20:29.0089 4816 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:20:29.0128 4816 AudioSrv - ok
19:20:29.0174 4816 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:20:29.0199 4816 AxInstSV - ok
19:20:29.0269 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:20:29.0299 4816 b06bdrv - ok
19:20:29.0334 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:20:29.0368 4816 b57nd60a - ok
19:20:29.0476 4816 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:20:29.0490 4816 BBSvc - ok
19:20:29.0529 4816 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:20:29.0543 4816 BBUpdate - ok
19:20:29.0578 4816 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:20:29.0613 4816 BDESVC - ok
19:20:29.0653 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:20:29.0697 4816 Beep - ok
19:20:29.0778 4816 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:20:29.0845 4816 BFE - ok
19:20:29.0920 4816 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:20:29.0961 4816 BITS - ok
19:20:30.0017 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:30.0032 4816 blbdrive - ok
19:20:30.0060 4816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:20:30.0085 4816 bowser - ok
19:20:30.0108 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:20:30.0167 4816 BrFiltLo - ok
19:20:30.0181 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:20:30.0196 4816 BrFiltUp - ok
19:20:30.0235 4816 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:20:30.0277 4816 BridgeMP - ok
19:20:30.0300 4816 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:20:30.0333 4816 Browser - ok
19:20:30.0365 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:20:30.0409 4816 Brserid - ok
19:20:30.0414 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:30.0442 4816 BrSerWdm - ok
19:20:30.0459 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:30.0492 4816 BrUsbMdm - ok
19:20:30.0496 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:30.0508 4816 BrUsbSer - ok
19:20:30.0515 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:20:30.0551 4816 BTHMODEM - ok
19:20:30.0589 4816 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:20:30.0633 4816 bthserv - ok
19:20:30.0669 4816 catchme - ok
19:20:30.0695 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:20:30.0741 4816 cdfs - ok
19:20:30.0778 4816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:20:30.0809 4816 cdrom - ok
19:20:30.0849 4816 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:20:30.0889 4816 CertPropSvc - ok
19:20:30.0916 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:20:30.0931 4816 circlass - ok
19:20:30.0965 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:20:30.0982 4816 CLFS - ok
19:20:31.0031 4816 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:31.0043 4816 clr_optimization_v2.0.50727_32 - ok
19:20:31.0085 4816 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:20:31.0097 4816 clr_optimization_v2.0.50727_64 - ok
19:20:31.0161 4816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:20:31.0173 4816 clr_optimization_v4.0.30319_32 - ok
19:20:31.0218 4816 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:20:31.0230 4816 clr_optimization_v4.0.30319_64 - ok
19:20:31.0251 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:31.0275 4816 CmBatt - ok
19:20:31.0307 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:20:31.0319 4816 cmdide - ok
19:20:31.0363 4816 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:20:31.0389 4816 CNG - ok
19:20:31.0424 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:20:31.0435 4816 Compbatt - ok
19:20:31.0464 4816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:20:31.0489 4816 CompositeBus - ok
19:20:31.0506 4816 COMSysApp - ok
19:20:31.0520 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:20:31.0532 4816 crcdisk - ok
19:20:31.0584 4816 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:20:31.0630 4816 CryptSvc - ok
19:20:31.0675 4816 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:20:31.0713 4816 DcomLaunch - ok
19:20:31.0748 4816 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:20:31.0786 4816 defragsvc - ok
19:20:31.0854 4816 DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
19:20:31.0864 4816 DeviceMonitorService - ok
19:20:31.0883 4816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:20:31.0923 4816 DfsC - ok
19:20:31.0963 4816 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:20:32.0009 4816 Dhcp - ok
19:20:32.0037 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:20:32.0083 4816 discache - ok
19:20:32.0125 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:20:32.0137 4816 Disk - ok
19:20:32.0169 4816 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:20:32.0220 4816 Dnscache - ok
19:20:32.0265 4816 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:20:32.0310 4816 dot3svc - ok
19:20:32.0349 4816 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:20:32.0366 4816 Dot4 - ok
19:20:32.0378 4816 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:20:32.0392 4816 Dot4Print - ok
19:20:32.0399 4816 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:20:32.0421 4816 dot4usb - ok
19:20:32.0454 4816 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:20:32.0504 4816 DPS - ok
19:20:32.0535 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:20:32.0574 4816 drmkaud - ok
19:20:32.0649 4816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:20:32.0678 4816 DXGKrnl - ok
19:20:32.0735 4816 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
19:20:32.0761 4816 eamonm - ok
19:20:32.0795 4816 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:20:32.0844 4816 EapHost - ok
19:20:33.0033 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:20:33.0111 4816 ebdrv - ok
19:20:33.0224 4816 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:20:33.0236 4816 EFS - ok
19:20:33.0307 4816 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
19:20:33.0319 4816 ehdrv - ok
19:20:33.0407 4816 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:20:33.0451 4816 ehRecvr - ok
19:20:33.0490 4816 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:20:33.0522 4816 ehSched - ok
19:20:33.0648 4816 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
19:20:33.0672 4816 ekrn - ok
19:20:33.0784 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:20:33.0806 4816 elxstor - ok
19:20:33.0864 4816 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
19:20:33.0877 4816 epfw - ok
19:20:33.0906 4816 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
19:20:33.0916 4816 EpfwLWF - ok
19:20:33.0938 4816 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
19:20:33.0948 4816 epfwwfp - ok
19:20:33.0965 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:20:33.0985 4816 ErrDev - ok
19:20:34.0044 4816 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:20:34.0083 4816 EventSystem - ok
19:20:34.0109 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:20:34.0159 4816 exfat - ok
19:20:34.0184 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:20:34.0229 4816 fastfat - ok
19:20:34.0305 4816 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:20:34.0340 4816 Fax - ok
19:20:34.0366 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:20:34.0385 4816 fdc - ok
19:20:34.0418 4816 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:20:34.0453 4816 fdPHost - ok
19:20:34.0469 4816 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:20:34.0533 4816 FDResPub - ok
19:20:34.0561 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:20:34.0573 4816 FileInfo - ok
19:20:34.0593 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:20:34.0643 4816 Filetrace - ok
19:20:34.0657 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:20:34.0669 4816 flpydisk - ok
19:20:34.0715 4816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:20:34.0731 4816 FltMgr - ok
19:20:34.0812 4816 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:20:34.0851 4816 FontCache - ok
19:20:34.0926 4816 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:20:34.0938 4816 FontCache3.0.0.0 - ok
19:20:34.0978 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:20:34.0990 4816 FsDepends - ok
19:20:35.0012 4816 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:20:35.0024 4816 Fs_Rec - ok
19:20:35.0070 4816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:20:35.0088 4816 fvevol - ok
19:20:35.0111 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:20:35.0124 4816 gagp30kx - ok
19:20:35.0184 4816 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:20:35.0228 4816 gpsvc - ok
19:20:35.0320 4816 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:20:35.0331 4816 gupdate - ok
19:20:35.0334 4816 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:20:35.0344 4816 gupdatem - ok
19:20:35.0378 4816 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:20:35.0389 4816 gusvc - ok
19:20:35.0414 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:20:35.0449 4816 hcw85cir - ok
19:20:35.0500 4816 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:20:35.0528 4816 HdAudAddService - ok
19:20:35.0564 4816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:20:35.0590 4816 HDAudBus - ok
19:20:35.0617 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:20:35.0645 4816 HidBatt - ok
19:20:35.0652 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:20:35.0673 4816 HidBth - ok
19:20:35.0678 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:20:35.0701 4816 HidIr - ok
19:20:35.0724 4816 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:20:35.0770 4816 hidserv - ok
19:20:35.0809 4816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:20:35.0820 4816 HidUsb - ok
19:20:35.0850 4816 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:20:35.0915 4816 hkmsvc - ok
19:20:35.0953 4816 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:20:35.0985 4816 HomeGroupListener - ok
19:20:36.0024 4816 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:20:36.0046 4816 HomeGroupProvider - ok
19:20:36.0174 4816 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:20:36.0186 4816 hpqcxs08 - ok
19:20:36.0248 4816 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:20:36.0260 4816 hpqddsvc - ok
19:20:36.0290 4816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:20:36.0302 4816 HpSAMD - ok
19:20:36.0410 4816 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:20:36.0433 4816 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:20:36.0433 4816 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:20:36.0495 4816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:20:36.0546 4816 HTTP - ok
19:20:36.0570 4816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:20:36.0580 4816 hwpolicy - ok
19:20:36.0630 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:20:36.0643 4816 i8042prt - ok
19:20:36.0688 4816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:20:36.0707 4816 iaStorV - ok
19:20:36.0817 4816 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:20:36.0843 4816 idsvc - ok
19:20:36.0889 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:20:36.0901 4816 iirsp - ok
19:20:36.0959 4816 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:20:37.0023 4816 IKEEXT - ok
19:20:37.0055 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:20:37.0066 4816 intelide - ok
19:20:37.0095 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:20:37.0116 4816 intelppm - ok
19:20:37.0147 4816 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:20:37.0182 4816 IPBusEnum - ok
19:20:37.0217 4816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:20:37.0255 4816 IpFilterDriver - ok
19:20:37.0301 4816 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:20:37.0367 4816 iphlpsvc - ok
19:20:37.0403 4816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:20:37.0431 4816 IPMIDRV - ok
19:20:37.0469 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:20:37.0507 4816 IPNAT - ok
19:20:37.0520 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:20:37.0593 4816 IRENUM - ok
19:20:37.0611 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:20:37.0622 4816 isapnp - ok
19:20:37.0662 4816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:20:37.0678 4816 iScsiPrt - ok
19:20:37.0688 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:20:37.0701 4816 kbdclass - ok
19:20:37.0732 4816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:20:37.0754 4816 kbdhid - ok
19:20:37.0864 4816 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:37.0879 4816 KeyIso - ok
19:20:37.0895 4816 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:20:37.0907 4816 KSecDD - ok
19:20:37.0942 4816 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:20:37.0955 4816 KSecPkg - ok
19:20:37.0981 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:20:38.0026 4816 ksthunk - ok
19:20:38.0061 4816 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:20:38.0102 4816 KtmRm - ok
19:20:38.0136 4816 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:20:38.0150 4816 L1C - ok
19:20:38.0196 4816 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:20:38.0248 4816 LanmanServer - ok
19:20:38.0274 4816 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:20:38.0319 4816 LanmanWorkstation - ok
19:20:38.0346 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:20:38.0401 4816 lltdio - ok
19:20:38.0450 4816 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:20:38.0502 4816 lltdsvc - ok
19:20:38.0519 4816 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:20:38.0553 4816 lmhosts - ok
19:20:38.0582 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:20:38.0595 4816 LSI_FC - ok
19:20:38.0610 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:20:38.0623 4816 LSI_SAS - ok
19:20:38.0641 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:20:38.0653 4816 LSI_SAS2 - ok
19:20:38.0662 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:20:38.0675 4816 LSI_SCSI - ok
19:20:38.0704 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:20:38.0749 4816 luafv - ok
19:20:38.0778 4816 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:20:38.0810 4816 Mcx2Svc - ok
19:20:38.0827 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:20:38.0839 4816 megasas - ok
19:20:38.0874 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:20:38.0890 4816 MegaSR - ok
19:20:38.0922 4816 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:20:38.0968 4816 MMCSS - ok
19:20:38.0982 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:20:39.0021 4816 Modem - ok
19:20:39.0060 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:20:39.0088 4816 monitor - ok
19:20:39.0161 4816 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
19:20:39.0174 4816 MotoHelper - ok
19:20:39.0203 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:20:39.0215 4816 mouclass - ok
19:20:39.0240 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:20:39.0265 4816 mouhid - ok
19:20:39.0293 4816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:20:39.0305 4816 mountmgr - ok
19:20:39.0336 4816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:20:39.0350 4816 mpio - ok
19:20:39.0365 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:20:39.0400 4816 mpsdrv - ok
19:20:39.0467 4816 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:20:39.0530 4816 MpsSvc - ok
19:20:39.0589 4816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:20:39.0620 4816 MRxDAV - ok
19:20:39.0671 4816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:39.0732 4816 mrxsmb - ok
19:20:39.0765 4816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:39.0801 4816 mrxsmb10 - ok
19:20:39.0834 4816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:39.0855 4816 mrxsmb20 - ok
19:20:39.0879 4816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:20:39.0890 4816 msahci - ok
19:20:39.0923 4816 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:20:39.0937 4816 msdsm - ok
19:20:39.0969 4816 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:20:39.0984 4816 MSDTC - ok
19:20:40.0023 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:20:40.0057 4816 Msfs - ok
19:20:40.0071 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:20:40.0124 4816 mshidkmdf - ok
19:20:40.0149 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:20:40.0160 4816 msisadrv - ok
19:20:40.0210 4816 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:20:40.0246 4816 MSiSCSI - ok
19:20:40.0251 4816 msiserver - ok
19:20:40.0278 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:20:40.0312 4816 MSKSSRV - ok
19:20:40.0316 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:20:40.0364 4816 MSPCLOCK - ok
19:20:40.0368 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:20:40.0420 4816 MSPQM - ok
19:20:40.0454 4816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:20:40.0471 4816 MsRPC - ok
19:20:40.0493 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:20:40.0505 4816 mssmbios - ok
19:20:40.0602 4816 MSSQL$SQLEXPRESS - ok
19:20:40.0658 4816 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:20:40.0668 4816 MSSQLServerADHelper100 - ok
19:20:40.0700 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:20:40.0737 4816 MSTEE - ok
19:20:40.0740 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:20:40.0753 4816 MTConfig - ok
19:20:40.0774 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:20:40.0786 4816 Mup - ok
19:20:40.0837 4816 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:20:40.0885 4816 napagent - ok
19:20:40.0953 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:20:40.0985 4816 NativeWifiP - ok
19:20:41.0059 4816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:20:41.0084 4816 NDIS - ok
19:20:41.0101 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:20:41.0136 4816 NdisCap - ok
19:20:41.0170 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:20:41.0204 4816 NdisTapi - ok
19:20:41.0232 4816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:20:41.0273 4816 Ndisuio - ok
19:20:41.0300 4816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:20:41.0347 4816 NdisWan - ok
19:20:41.0369 4816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:20:41.0402 4816 NDProxy - ok
19:20:41.0440 4816 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
19:20:41.0451 4816 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:20:41.0451 4816 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:20:41.0477 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:20:41.0523 4816 NetBIOS - ok
19:20:41.0562 4816 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:20:41.0609 4816 NetBT - ok
19:20:41.0636 4816 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:41.0647 4816 Netlogon - ok
19:20:41.0693 4816 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:20:41.0732 4816 Netman - ok
19:20:41.0820 4816 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:41.0831 4816 NetMsmqActivator - ok
19:20:41.0838 4816 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:41.0849 4816 NetPipeActivator - ok
19:20:41.0889 4816 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:20:41.0936 4816 netprofm - ok
19:20:41.0940 4816 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:41.0950 4816 NetTcpActivator - ok
19:20:41.0954 4816 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:41.0965 4816 NetTcpPortSharing - ok
19:20:42.0020 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:20:42.0032 4816 nfrd960 - ok
19:20:42.0088 4816 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:20:42.0139 4816 NlaSvc - ok
19:20:42.0155 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:20:42.0189 4816 Npfs - ok
19:20:42.0213 4816 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:20:42.0257 4816 nsi - ok
19:20:42.0284 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:20:42.0318 4816 nsiproxy - ok
19:20:42.0435 4816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:20:42.0475 4816 Ntfs - ok
19:20:42.0596 4816 NT_NvcA (4b7d63af862db7ce39ff4121c87864d7) C:\Windows\system32\DRIVERS\ntnvca.sys
19:20:42.0606 4816 NT_NvcA - ok
19:20:42.0629 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:20:42.0662 4816 Null - ok
19:20:42.0764 4816 NvcSvcMgr (736b4b3eeb5241fb1c971969f1afe1ed) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
19:20:42.0783 4816 NvcSvcMgr - ok
19:20:42.0819 4816 nvcwfpco (f65c0144f068f26ca35979775aa400fc) C:\Windows\system32\DRIVERS\nvcwfpco.sys
19:20:42.0830 4816 nvcwfpco - ok
19:20:42.0862 4816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:20:42.0875 4816 nvraid - ok
19:20:42.0916 4816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:20:42.0930 4816 nvstor - ok
19:20:42.0948 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:20:42.0961 4816 nv_agp - ok
19:20:43.0061 4816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:20:43.0078 4816 odserv - ok
19:20:43.0104 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:20:43.0130 4816 ohci1394 - ok
19:20:43.0169 4816 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:20:43.0180 4816 ose - ok
19:20:43.0545 4816 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:20:43.0712 4816 osppsvc - ok
19:20:43.0856 4816 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:20:43.0873 4816 p2pimsvc - ok
19:20:43.0902 4816 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:20:43.0919 4816 p2psvc - ok
19:20:43.0980 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:20:43.0993 4816 Parport - ok
19:20:44.0016 4816 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:20:44.0028 4816 partmgr - ok
19:20:44.0063 4816 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:20:44.0092 4816 PcaSvc - ok
19:20:44.0123 4816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:20:44.0136 4816 pci - ok
19:20:44.0144 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:20:44.0154 4816 pciide - ok
19:20:44.0184 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:20:44.0199 4816 pcmcia - ok
19:20:44.0213 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:20:44.0224 4816 pcw - ok
19:20:44.0262 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:20:44.0318 4816 PEAUTH - ok
19:20:44.0370 4816 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:20:44.0399 4816 PerfHost - ok
19:20:44.0492 4816 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:20:44.0562 4816 pla - ok
19:20:44.0593 4816 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:20:44.0624 4816 PlugPlay - ok
19:20:44.0685 4816 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
19:20:44.0701 4816 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:20:44.0701 4816 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:20:44.0725 4816 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:20:44.0750 4816 PNRPAutoReg - ok
19:20:44.0778 4816 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:20:44.0792 4816 PNRPsvc - ok
19:20:44.0845 4816 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:20:44.0895 4816 PolicyAgent - ok
19:20:44.0934 4816 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:20:44.0983 4816 Power - ok
19:20:45.0045 4816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:20:45.0080 4816 PptpMiniport - ok
19:20:45.0111 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:20:45.0131 4816 Processor - ok
19:20:45.0175 4816 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:20:45.0202 4816 ProfSvc - ok
19:20:45.0225 4816 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:45.0236 4816 ProtectedStorage - ok
19:20:45.0273 4816 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:20:45.0330 4816 Psched - ok
19:20:45.0412 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:20:45.0453 4816 ql2300 - ok
19:20:45.0588 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:20:45.0601 4816 ql40xx - ok
19:20:45.0632 4816 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:20:45.0686 4816 QWAVE - ok
19:20:45.0713 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:20:45.0730 4816 QWAVEdrv - ok
19:20:45.0749 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:20:45.0783 4816 RasAcd - ok
19:20:45.0814 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:20:45.0858 4816 RasAgileVpn - ok
19:20:45.0880 4816 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:20:45.0932 4816 RasAuto - ok
19:20:45.0963 4816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:20:46.0006 4816 Rasl2tp - ok
19:20:46.0043 4816 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:20:46.0081 4816 RasMan - ok
19:20:46.0121 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:20:46.0172 4816 RasPppoe - ok
19:20:46.0192 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:20:46.0232 4816 RasSstp - ok
19:20:46.0276 4816 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:20:46.0328 4816 rdbss - ok
19:20:46.0356 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:20:46.0379 4816 rdpbus - ok
19:20:46.0394 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:20:46.0444 4816 RDPCDD - ok
19:20:46.0468 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:20:46.0514 4816 RDPENCDD - ok
19:20:46.0531 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:20:46.0565 4816 RDPREFMP - ok
19:20:46.0601 4816 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:20:46.0637 4816 RDPWD - ok
19:20:46.0683 4816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:20:46.0697 4816 rdyboost - ok
19:20:46.0723 4816 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:20:46.0767 4816 RemoteAccess - ok
19:20:46.0804 4816 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:20:46.0841 4816 RemoteRegistry - ok
19:20:46.0867 4816 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:20:46.0902 4816 RpcEptMapper - ok
19:20:46.0914 4816 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:20:46.0928 4816 RpcLocator - ok
19:20:46.0976 4816 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
19:20:47.0014 4816 RpcSs - ok
19:20:47.0073 4816 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys
19:20:47.0104 4816 RsFx0151 - ok
19:20:47.0149 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:20:47.0184 4816 rspndr - ok
19:20:47.0264 4816 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
19:20:47.0294 4816 rtl8192se - ok
19:20:47.0313 4816 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:47.0325 4816 SamSs - ok
19:20:47.0355 4816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:20:47.0368 4816 sbp2port - ok
19:20:47.0405 4816 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:20:47.0455 4816 SCardSvr - ok
19:20:47.0478 4816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:20:47.0528 4816 scfilter - ok
19:20:47.0605 4816 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:20:47.0655 4816 Schedule - ok
19:20:47.0683 4816 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:20:47.0715 4816 SCPolicySvc - ok
19:20:47.0728 4816 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:20:47.0767 4816 SDRSVC - ok
19:20:47.0842 4816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:20:47.0892 4816 secdrv - ok
19:20:47.0925 4816 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:20:47.0958 4816 seclogon - ok
19:20:47.0979 4816 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:20:48.0021 4816 SENS - ok
19:20:48.0045 4816 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:20:48.0058 4816 SensrSvc - ok
19:20:48.0085 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:20:48.0102 4816 Serenum - ok
19:20:48.0121 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:20:48.0134 4816 Serial - ok
19:20:48.0163 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:20:48.0181 4816 sermouse - ok
19:20:48.0219 4816 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:20:48.0264 4816 SessionEnv - ok
19:20:48.0291 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:20:48.0311 4816 sffdisk - ok
19:20:48.0326 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:20:48.0337 4816 sffp_mmc - ok
19:20:48.0350 4816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:20:48.0374 4816 sffp_sd - ok
19:20:48.0402 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:20:48.0422 4816 sfloppy - ok
19:20:48.0483 4816 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:20:48.0533 4816 SharedAccess - ok
19:20:48.0570 4816 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:20:48.0606 4816 ShellHWDetection - ok
19:20:48.0637 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:20:48.0649 4816 SiSRaid2 - ok
19:20:48.0677 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:20:48.0690 4816 SiSRaid4 - ok
19:20:48.0766 4816 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:20:48.0777 4816 SkypeUpdate - ok
19:20:48.0809 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:20:48.0844 4816 Smb - ok
19:20:48.0873 4816 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:20:48.0897 4816 SNMPTRAP - ok
19:20:48.0918 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:20:48.0929 4816 spldr - ok
19:20:48.0978 4816 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:20:49.0016 4816 Spooler - ok
19:20:49.0219 4816 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:20:49.0310 4816 sppsvc - ok
19:20:49.0423 4816 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:20:49.0458 4816 sppuinotify - ok
19:20:49.0570 4816 SQLAgent$SQLEXPRESS (3420e0482ad95120b471b7328a8d7d08) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:20:49.0587 4816 SQLAgent$SQLEXPRESS - ok
19:20:49.0690 4816 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:20:49.0705 4816 SQLBrowser - ok
19:20:49.0761 4816 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:20:49.0774 4816 SQLWriter - ok
19:20:49.0848 4816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:20:49.0881 4816 srv - ok
19:20:49.0913 4816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:20:49.0944 4816 srv2 - ok
19:20:49.0983 4816 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:20:50.0010 4816 SrvHsfHDA - ok
19:20:50.0101 4816 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:20:50.0146 4816 SrvHsfV92 - ok
19:20:50.0321 4816 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:20:50.0357 4816 SrvHsfWinac - ok
19:20:50.0385 4816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:20:50.0421 4816 srvnet - ok
19:20:50.0462 4816 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:20:50.0498 4816 SSDPSRV - ok
19:20:50.0514 4816 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:20:50.0551 4816 SstpSvc - ok
19:20:50.0578 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:20:50.0589 4816 stexstor - ok
19:20:50.0611 4816 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:20:50.0638 4816 StillCam - ok
19:20:50.0698 4816 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:20:50.0738 4816 stisvc - ok
19:20:50.0768 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:20:50.0779 4816 swenum - ok
19:20:50.0822 4816 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:20:50.0872 4816 swprv - ok
19:20:50.0967 4816 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:20:51.0021 4816 SysMain - ok
19:20:51.0139 4816 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:20:51.0158 4816 TabletInputService - ok
19:20:51.0187 4816 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:20:51.0223 4816 TapiSrv - ok
19:20:51.0249 4816 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:20:51.0284 4816 TBS - ok
19:20:51.0418 4816 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:20:51.0461 4816 Tcpip - ok
19:20:51.0695 4816 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:20:51.0733 4816 TCPIP6 - ok
19:20:51.0849 4816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:20:51.0893 4816 tcpipreg - ok
19:20:51.0924 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:20:51.0939 4816 TDPIPE - ok
19:20:51.0959 4816 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:20:51.0980 4816 TDTCP - ok
19:20:52.0018 4816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:20:52.0051 4816 tdx - ok
19:20:52.0081 4816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:20:52.0093 4816 TermDD - ok
19:20:52.0143 4816 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:20:52.0184 4816 TermService - ok
19:20:52.0202 4816 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:20:52.0250 4816 Themes - ok
19:20:52.0278 4816 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:20:52.0312 4816 THREADORDER - ok
19:20:52.0335 4816 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:20:52.0386 4816 TrkWks - ok
19:20:52.0443 4816 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:20:52.0497 4816 TrustedInstaller - ok
19:20:52.0534 4816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:20:52.0578 4816 tssecsrv - ok
19:20:52.0609 4816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:20:52.0637 4816 TsUsbFlt - ok
19:20:52.0692 4816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:20:52.0740 4816 tunnel - ok
19:20:52.0764 4816 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:20:52.0775 4816 TVALZ - ok
19:20:52.0802 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:20:52.0814 4816 uagp35 - ok
19:20:52.0855 4816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:20:52.0917 4816 udfs - ok
19:20:52.0961 4816 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:20:52.0981 4816 UI0Detect - ok
19:20:53.0014 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:20:53.0028 4816 uliagpkx - ok
19:20:53.0064 4816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:20:53.0089 4816 umbus - ok
19:20:53.0110 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:20:53.0132 4816 UmPass - ok
19:20:53.0178 4816 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:20:53.0227 4816 upnphost - ok
19:20:53.0258 4816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:20:53.0276 4816 usbccgp - ok
19:20:53.0301 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:20:53.0317 4816 usbcir - ok
19:20:53.0338 4816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:20:53.0369 4816 usbehci - ok
19:20:53.0406 4816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:20:53.0435 4816 usbhub - ok
19:20:53.0454 4816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:20:53.0483 4816 usbohci - ok
19:20:53.0510 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:20:53.0530 4816 usbprint - ok
19:20:53.0570 4816 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:20:53.0602 4816 usbscan - ok
19:20:53.0625 4816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:20:53.0650 4816 USBSTOR - ok
19:20:53.0666 4816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:20:53.0689 4816 usbuhci - ok
19:20:53.0738 4816 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:20:53.0755 4816 usbvideo - ok
19:20:53.0785 4816 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:20:53.0835 4816 UxSms - ok
19:20:53.0859 4816 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:53.0870 4816 VaultSvc - ok
19:20:53.0895 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:20:53.0907 4816 vdrvroot - ok
19:20:53.0964 4816 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:20:54.0004 4816 vds - ok
19:20:54.0030 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:20:54.0045 4816 vga - ok
19:20:54.0062 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:20:54.0107 4816 VgaSave - ok
19:20:54.0142 4816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:20:54.0157 4816 vhdmp - ok
19:20:54.0182 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:20:54.0193 4816 viaide - ok
19:20:54.0215 4816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:20:54.0227 4816 volmgr - ok
19:20:54.0266 4816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:20:54.0283 4816 volmgrx - ok
19:20:54.0314 4816 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:20:54.0330 4816 volsnap - ok
19:20:54.0373 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:20:54.0387 4816 vsmraid - ok
19:20:54.0495 4816 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:20:54.0560 4816 VSS - ok
19:20:54.0678 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:20:54.0706 4816 vwifibus - ok
19:20:54.0720 4816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:20:54.0751 4816 vwififlt - ok
19:20:54.0795 4816 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:20:54.0835 4816 W32Time - ok
19:20:54.0850 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:20:54.0863 4816 WacomPen - ok
19:20:54.0909 4816 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:20:54.0951 4816 WANARP - ok
19:20:54.0964 4816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:20:54.0997 4816 Wanarpv6 - ok
19:20:55.0093 4816 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:20:55.0128 4816 WatAdminSvc - ok
19:20:55.0227 4816 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:20:55.0262 4816 wbengine - ok
19:20:55.0380 4816 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:20:55.0399 4816 WbioSrvc - ok
19:20:55.0438 4816 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:20:55.0473 4816 wcncsvc - ok
19:20:55.0492 4816 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:20:55.0505 4816 WcsPlugInService - ok
19:20:55.0544 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:20:55.0555 4816 Wd - ok
19:20:55.0614 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:20:55.0638 4816 Wdf01000 - ok
19:20:55.0659 4816 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:20:55.0693 4816 WdiServiceHost - ok
19:20:55.0697 4816 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:20:55.0715 4816 WdiSystemHost - ok
19:20:55.0749 4816 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:20:55.0782 4816 WebClient - ok
19:20:55.0819 4816 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:20:55.0867 4816 Wecsvc - ok
19:20:55.0881 4816 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:20:55.0927 4816 wercplsupport - ok
19:20:55.0962 4816 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:20:55.0997 4816 WerSvc - ok
19:20:56.0055 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:20:56.0090 4816 WfpLwf - ok
19:20:56.0107 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:20:56.0119 4816 WIMMount - ok
19:20:56.0148 4816 WinDefend - ok
19:20:56.0157 4816 WinHttpAutoProxySvc - ok
19:20:56.0215 4816 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:20:56.0252 4816 Winmgmt - ok
19:20:56.0383 4816 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:20:56.0448 4816 WinRM - ok
19:20:56.0612 4816 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:20:56.0655 4816 Wlansvc - ok
19:20:56.0843 4816 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:20:56.0896 4816 wlidsvc - ok
19:20:57.0015 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:20:57.0038 4816 WmiAcpi - ok
19:20:57.0087 4816 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:20:57.0110 4816 wmiApSrv - ok
19:20:57.0149 4816 WMPNetworkSvc - ok
19:20:57.0170 4816 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:20:57.0183 4816 WPCSvc - ok
19:20:57.0218 4816 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:20:57.0233 4816 WPDBusEnum - ok
19:20:57.0259 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:20:57.0309 4816 ws2ifsl - ok
19:20:57.0328 4816 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:20:57.0354 4816 wscsvc - ok
19:20:57.0357 4816 WSearch - ok
19:20:57.0504 4816 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:20:57.0563 4816 wuauserv - ok
19:20:57.0684 4816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:20:57.0726 4816 WudfPf - ok
19:20:57.0753 4816 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:20:57.0803 4816 WUDFRd - ok
19:20:57.0834 4816 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:20:57.0868 4816 wudfsvc - ok
19:20:57.0896 4816 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:20:57.0926 4816 WwanSvc - ok
19:20:57.0950 4816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:20:58.0223 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:20:58.0223 4816 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:20:58.0249 4816 Boot (0x1200) (7fa0b101fc1780c3489009b6971d3169) \Device\Harddisk0\DR0\Partition0
19:20:58.0251 4816 \Device\Harddisk0\DR0\Partition0 - ok
19:20:58.0251 4816 ============================================================
19:20:58.0251 4816 Scan finished
19:20:58.0251 4816 ============================================================
19:20:58.0262 3440 Detected object count: 4
19:20:58.0262 3440 Actual detected object count: 4
19:21:07.0240 3440 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:07.0240 3440 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:07.0242 3440 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:07.0242 3440 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:07.0244 3440 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:07.0244 3440 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:07.0246 3440 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:21:07.0246 3440 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#10
sfred27

Posted 27 July 2012 - 07:20 PM

Member

Topic Starter
Member
10 posts

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sean Frederick :: SEANFREDERICK [administrator]

Protection: Enabled

7/27/2012 7:26:50 PM
mbam-log-2012-07-27 (19-26-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193651
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11
Essexboy

Posted 28 July 2012 - 07:10 AM

GeekU Moderator

Retired Staff
69,964 posts

Final run now I think... Once completed could you let me know of any outstanding problems

Re-run TDSSKiller with the same parameters
Then when you get this showing select delete:

\Device\Harddisk0\DR0 ( TDSS File System )

#12
sfred27

Posted 28 July 2012 - 10:36 PM

Member

Topic Starter
Member
10 posts

After running TDSSKiller it came up with-
Found: 4 threats
Neutralized: 1 threat
Quarantined: 15 objects

And I deleted "\Device\Harddisk0\DR0 ( TDSS File System )".

#13
Essexboy

Posted 29 July 2012 - 02:57 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now any problems ?

#14
sfred27

Posted 29 July 2012 - 09:24 AM

Member

Topic Starter
Member
10 posts

I don't believe so...it is running a lot faster than it was. Thank you for the help!

#15
Essexboy

Posted 29 July 2012 - 10:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Go to control panel
Select folder options (Appearance > Folder options in category view)
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit