Jump to content

Searchnu.com/406 redirect removal


Recommended Posts

Well logged into my girlfriend's laptop today and behold the virus magnet that she is had managed to contract this redirect as her homepage, I've been searching now to rid the issue but to no avail. I attempted to run the OTL.exe file to extract the needed logs that I noticed are needed but have hit a hangup when it tries to scan the modules which leads the program to be unresponsive. I am at a standstill at this point and have not gotten anywhere with any anti-virus i have ran. Would really appreciate any help that I can get at this point...

Thanks in advance,

--Dalton

Link to post
Share on other sites

if it amounts to anything I discovered that when opening IE9 it now gives me 2 iexplore.exe processes running in task manager which can be increased every time I open a new tab that also redirects.

Also she recently installed Google Chrome which does not seem to be affected by the redirect as of now....I honestly am lost trying to wrap my head around this

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Okay after much work I finally got the OTL to run and retrieved the 2 logs which are posted below....Ive already attempted rolling back to IE8 and have been successful in getting the redirect to searchnu.com/406 to stop, but am still having an issue with 2 iexplore.exe processes when only 1 should be running

OTL logfile created on: 4/21/2012 5:57:45 PM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\user\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 49.40% Memory free

5.49 Gb Paging File | 3.22 Gb Available in Paging File | 58.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281.46 Gb Total Space | 212.17 Gb Free Space | 75.38% Space Free | Partition Type: NTFS

Drive D: | 16.34 Gb Total Space | 2.36 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/04/21 15:52:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/14 15:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

PRC - [2011/11/14 15:13:32 | 001,884,064 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

PRC - [2011/11/14 15:13:30 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

PRC - [2011/06/30 16:14:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/27 15:02:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/03/01 10:47:56 | 007,832,440 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

PRC - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/03/01 10:24:45 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe

PRC - [2010/12/13 11:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/06/29 22:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/06/29 21:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/05/21 05:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2010/04/14 00:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe

PRC - [2009/12/03 02:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/12/03 02:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/09/06 10:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 17:22:33 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll

MOD - [2012/04/12 17:21:57 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll

MOD - [2012/04/12 17:21:38 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll

MOD - [2012/04/12 17:21:29 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll

MOD - [2012/03/23 19:15:57 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2012/02/18 00:01:18 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll

MOD - [2012/02/17 16:38:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll

MOD - [2012/02/17 08:28:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll

MOD - [2012/02/17 08:28:50 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll

MOD - [2012/02/17 08:27:54 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll

MOD - [2012/02/17 08:27:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll

MOD - [2012/02/17 08:27:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll

MOD - [2012/02/17 08:27:39 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll

MOD - [2011/11/14 15:13:38 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll

MOD - [2011/11/14 14:28:24 | 000,663,552 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/10/15 16:31:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll

MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll

MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll

MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll

MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll

MOD - [2010/05/19 14:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/05/19 14:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/05/19 14:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/08 18:58:12 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 12:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/04/19 22:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)

SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/11/14 15:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/06/30 16:14:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/27 15:02:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/02/26 22:34:36 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/29 22:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/05/21 05:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/03 02:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/12/03 02:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/09/20 15:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/09/06 10:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/06/30 16:14:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/06/30 16:14:05 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010/06/17 13:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/17 12:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/05/07 15:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/05/06 09:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/04/22 21:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/22 21:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/02 20:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/12/22 06:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/12/03 02:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2009/12/03 02:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2009/12/03 02:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2009/12/03 02:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/06/16 07:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{3AF0EADA-3E5F-40D6-93FF-A0643A3C29B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{4058A6EE-17D7-4FED-91F1-DD9E1BBF4281}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE:64bit: - HKLM\..\SearchScopes\{4EC3A6F3-B277-4D22-84DF-D1A4AC85DBA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{CA839A0F-B682-49A6-B552-2C320451925D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{3AF0EADA-3E5F-40D6-93FF-A0643A3C29B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{4058A6EE-17D7-4FED-91F1-DD9E1BBF4281}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\..\SearchScopes\{4EC3A6F3-B277-4D22-84DF-D1A4AC85DBA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{CA839A0F-B682-49A6-B552-2C320451925D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2011/02/15 19:58:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/15 19:58:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/23 21:12:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/23 21:12:55 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/26 15:01:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-2129704685-2787280841-99808866-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKU\S-1-5-21-2129704685-2787280841-99808866-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2129704685-2787280841-99808866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C51C20B-622F-4DD7-8070-83EBE0A90BD8}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 15:53:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/21 15:52:36 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2012/04/21 15:50:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2012/04/21 15:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/21 15:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/21 15:50:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/21 15:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/18 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ilivid Player

[2012/04/18 21:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/04/18 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/04/18 20:55:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google

[2012/04/12 18:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin

[2012/04/12 18:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin

[2012/04/12 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy

[2012/03/31 12:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/03/31 12:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/03/31 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/03/31 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/03/23 19:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2012/03/23 19:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

========== Files - Modified Within 30 Days ==========

[2012/04/21 18:00:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129704685-2787280841-99808866-1000UA.job

[2012/04/21 17:52:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/21 17:52:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/21 17:47:44 | 003,276,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/21 17:47:44 | 001,031,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/21 17:47:44 | 000,005,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/21 17:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/21 17:42:30 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/21 17:08:29 | 000,028,658 | ---- | M] () -- C:\Users\user\Documents\cc_20120421_170823.reg

[2012/04/21 15:55:27 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job

[2012/04/21 15:52:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2012/04/21 15:50:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/20 22:59:53 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129704685-2787280841-99808866-1000Core.job

[2012/04/18 20:56:05 | 000,002,306 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2012/04/12 18:53:08 | 000,000,051 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/31 12:16:17 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/30 16:08:31 | 000,001,437 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/03/23 19:16:15 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

========== Files Created - No Company Name ==========

[2012/04/21 17:08:26 | 000,028,658 | ---- | C] () -- C:\Users\user\Documents\cc_20120421_170823.reg

[2012/04/21 15:50:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/18 20:56:05 | 000,002,306 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2012/04/18 20:55:10 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129704685-2787280841-99808866-1000UA.job

[2012/04/18 20:55:06 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129704685-2787280841-99808866-1000Core.job

[2012/03/31 12:16:17 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/23 21:00:46 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuser.job

[2012/03/23 19:16:15 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012/02/26 14:48:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/02/26 14:48:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/02/26 14:48:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/02/26 14:48:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/02/26 14:48:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/14 01:44:14 | 000,001,016 | ---- | C] () -- C:\ProgramData\repository.xml

[2011/03/15 01:41:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/02/23 20:57:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/02/23 20:55:17 | 000,202,698 | ---- | C] () -- C:\Windows\hpoins41.dat

[2011/02/15 19:41:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/02/15 19:35:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/02/15 19:34:45 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2011/02/15 19:34:45 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2010/07/11 02:09:02 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini

[2010/07/11 01:08:27 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

========== LOP Check ==========

[2012/04/21 16:07:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\go

[2012/02/25 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PerformerSoft

[2012/04/21 15:53:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client

[2011/07/27 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer

[2011/02/23 20:58:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP

[2011/02/28 21:09:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

[2012/03/11 00:20:26 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 4/21/2012 5:57:45 PM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\user\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 49.40% Memory free

5.49 Gb Paging File | 3.22 Gb Available in Paging File | 58.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281.46 Gb Total Space | 212.17 Gb Free Space | 75.38% Space Free | Partition Type: NTFS

Drive D: | 16.34 Gb Total Space | 2.36 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)

"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager

"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai

"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish

"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser

"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional

"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New

"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation

"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light

"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English

"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French

"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework

"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian

"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista

"Adobe AIR" = Adobe AIR

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"alotToolbar" = ALOT Toolbar

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"ENTERPRISER" = Microsoft Office Enterprise 2007

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"My HP Game Console" = HP Game Console

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"TeamViewer 6" = TeamViewer 6

"VLC media player" = VLC media player 2.0.0

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WT087328" = Blackhawk Striker 2

"WT087335" = Build-a-lot 2

"WT087342" = Dora's Carnival Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087373" = Jewel Quest 3

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087513" = Virtual Villagers - The Secret City

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2129704685-2787280841-99808866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = EasyBits GO

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/8/2012 5:05:11 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2231

Error - 4/8/2012 5:05:15 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 274 user’s\032Library._home-sharing._tcp.local.

TXT txtvers=1â¦hQ=1094â¦dmv=131080â¦iTSh Version=196616â¦MID=0xC57441F88C30178Aâ¦PrVs=65538â¦Database

ID=20

Error - 4/8/2012 5:05:15 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing: 21 user’s\032Library._home-sharing._tcp.local.

SRV 0 0 3689 user-HP.local.

Error - 4/8/2012 5:05:16 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 274 user’s\032Library._home-sharing._tcp.local.

TXT txtvers=1â¦hQ=1094â¦dmv=131080â¦iTSh Version=196616â¦MID=0xC57441F88C30178Aâ¦PrVs=65538â¦Database

ID=20

Error - 4/8/2012 5:05:16 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing: 21 user’s\032Library._home-sharing._tcp.local.

SRV 0 0 3689 user-HP.local.

Error - 4/8/2012 5:05:18 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 274 user’s\032Library._home-sharing._tcp.local.

TXT txtvers=1â¦hQ=1094â¦dmv=131080â¦iTSh Version=196616â¦MID=0xC57441F88C30178Aâ¦PrVs=65538â¦Database

ID=20

Error - 4/8/2012 5:05:18 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing: 21 user’s\032Library._home-sharing._tcp.local.

SRV 0 0 3689 user-HP.local.

Error - 4/8/2012 5:05:22 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 274 user’s\032Library._home-sharing._tcp.local.

TXT txtvers=1â¦hQ=1094â¦dmv=131080â¦iTSh Version=196616â¦MID=0xC57441F88C30178Aâ¦PrVs=65538â¦Database

ID=20

Error - 4/8/2012 5:05:22 AM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing: 21 user’s\032Library._home-sharing._tcp.local.

SRV 0 0 3689 user-HP.local.

Error - 4/9/2012 1:40:58 PM | Computer Name = user-HP | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.106:5353 274 user’s\032Library._home-sharing._tcp.local.

TXT txtvers=1â¦hQ=1094â¦dmv=131080â¦iTSh Version=196616â¦MID=0xC57441F88C30178Aâ¦PrVs=65538â¦Database

ID=20

[ Hewlett-Packard Events ]

Error - 2/24/2012 4:43:38 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201202241543.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at

System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 3/9/2012 7:40:44 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201203091840.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at

System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 3/16/2012 4:02:25 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201203161602.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at

System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 4/7/2012 11:01:18 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization:

60 TargetSite: Void addTempSession()

Error - 4/7/2012 11:01:24 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization:

60 TargetSite: Void addTempSession()

Error - 4/14/2012 8:51:49 AM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization:

50 TargetSite: Void addTempSession()

Error - 4/14/2012 8:51:52 AM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization:

50 TargetSite: Void addTempSession()

Error - 4/20/2012 11:00:06 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 4/20/2012 11:00:06 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 4/20/2012 11:00:24 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization:

40 TargetSite: Void addTempSession()

[ HP Wireless Assistant Events ]

Error - 2/15/2011 10:41:01 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:42:08 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:43:16 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:44:24 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:45:31 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:46:39 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/15/2011 10:47:44 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 9/27/2011 4:43:38 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&

radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/4/2011 11:37:50 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1

radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/4/2011 10:12:15 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]

Error - 12/7/2011 8:39:16 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7000

Description = The Diagnostic System Host service failed to start due to the following

error: %%1115

Error - 12/7/2011 8:39:16 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1062

Error - 12/7/2011 4:33:47 PM | Computer Name = user-HP | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error - 12/7/2011 4:33:47 PM | Computer Name = user-HP | Source = Service Control Manager | ID = 7000

Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed

to start due to the following error: %%1053

Error - 12/7/2011 10:43:43 PM | Computer Name = user-HP | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the RtVOsdService service.

Error - 12/7/2011 11:19:05 PM | Computer Name = user-HP | Source = DCOM | ID = 10016

Description =

Error - 12/7/2011 11:19:05 PM | Computer Name = user-HP | Source = DCOM | ID = 10016

Description =

Error - 12/8/2011 7:51:51 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7034

Description = The HP Software Framework Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 12/8/2011 5:03:11 PM | Computer Name = user-HP | Source = bowser | ID = 8003

Description =

Error - 12/9/2011 7:51:52 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7034

Description = The HP Software Framework Service service terminated unexpectedly.

It has done this 2 time(s).

< End of report >

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: user [Admin rights]

Mode: Scan -- Date: 04/21/2012 18:22:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEKT-60PVMT0 SATA Disk Device +++++

--- User ---

[MBR] 0e7492e72a364372c37bb2eb61934de6

[bSP] 3afe59d307710d456db841af26ce566e : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288213 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590669824 | Size: 16728 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] f7e788a0389d14181e06d13cdac5e34c

[bSP] 577b52cf174beaa0200374fc9a415006 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69632 Mo

1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143015936 | Size: 400 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

This is the report I retrieved from RougeKiller

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

18:44:09.0229 6012 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

18:44:09.0558 6012 ============================================================

18:44:09.0558 6012 Current date / time: 2012/04/21 18:44:09.0558

18:44:09.0558 6012 SystemInfo:

18:44:09.0558 6012

18:44:09.0558 6012 OS Version: 6.1.7600 ServicePack: 0.0

18:44:09.0558 6012 Product type: Workstation

18:44:09.0558 6012 ComputerName: USER-HP

18:44:09.0558 6012 UserName: user

18:44:09.0558 6012 Windows directory: C:\Windows

18:44:09.0558 6012 System windows directory: C:\Windows

18:44:09.0558 6012 Running under WOW64

18:44:09.0558 6012 Processor architecture: Intel x64

18:44:09.0558 6012 Number of processors: 2

18:44:09.0558 6012 Page size: 0x1000

18:44:09.0558 6012 Boot type: Normal boot

18:44:09.0558 6012 ============================================================

18:44:10.0932 6012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:44:10.0932 6012 \Device\Harddisk0\DR0:

18:44:10.0932 6012 MBR partitions:

18:44:10.0932 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

18:44:10.0932 6012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232EA800

18:44:10.0932 6012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2334E800, BlocksNum 0x20AC000

18:44:10.0932 6012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

18:44:10.0963 6012 C: <-> \Device\Harddisk0\DR0\Partition1

18:44:11.0010 6012 D: <-> \Device\Harddisk0\DR0\Partition2

18:44:11.0010 6012 Initialize success

18:44:11.0010 6012 ============================================================

18:44:26.0693 6912 ============================================================

18:44:26.0693 6912 Scan started

18:44:26.0693 6912 Mode: Manual; SigCheck; TDLFS;

18:44:26.0693 6912 ============================================================

18:44:28.0050 6912 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

18:44:28.0518 6912 !SASCORE - ok

18:44:28.0674 6912 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

18:44:28.0737 6912 1394ohci - ok

18:44:28.0830 6912 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

18:44:28.0846 6912 ACPI - ok

18:44:28.0877 6912 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

18:44:28.0955 6912 AcpiPmi - ok

18:44:29.0127 6912 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

18:44:29.0142 6912 AdobeActiveFileMonitor8.0 - ok

18:44:29.0189 6912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:44:29.0220 6912 adp94xx - ok

18:44:29.0252 6912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:44:29.0298 6912 adpahci - ok

18:44:29.0330 6912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:44:29.0345 6912 adpu320 - ok

18:44:29.0392 6912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:44:29.0439 6912 AeLookupSvc - ok

18:44:29.0720 6912 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

18:44:29.0751 6912 AERTFilters - ok

18:44:29.0829 6912 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

18:44:29.0876 6912 AFD - ok

18:44:30.0063 6912 AffinegyService (23e7cb4641b93ce8591d1057670a4f04) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

18:44:30.0094 6912 AffinegyService - ok

18:44:30.0141 6912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

18:44:30.0156 6912 agp440 - ok

18:44:30.0172 6912 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:44:30.0219 6912 ALG - ok

18:44:30.0234 6912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

18:44:30.0266 6912 aliide - ok

18:44:30.0344 6912 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe

18:44:30.0422 6912 AMD External Events Utility - ok

18:44:30.0468 6912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

18:44:30.0500 6912 amdide - ok

18:44:30.0531 6912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:44:30.0578 6912 AmdK8 - ok

18:44:30.0749 6912 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys

18:44:31.0046 6912 amdkmdag - ok

18:44:31.0077 6912 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys

18:44:31.0108 6912 amdkmdap - ok

18:44:31.0155 6912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:44:31.0186 6912 AmdPPM - ok

18:44:31.0202 6912 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

18:44:31.0326 6912 amdsata - ok

18:44:31.0358 6912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:44:31.0404 6912 amdsbs - ok

18:44:31.0436 6912 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

18:44:31.0451 6912 amdxata - ok

18:44:31.0560 6912 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

18:44:31.0592 6912 AntiVirSchedulerService - ok

18:44:31.0623 6912 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

18:44:31.0654 6912 AntiVirService - ok

18:44:31.0685 6912 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

18:44:31.0763 6912 AppID - ok

18:44:31.0794 6912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:44:31.0888 6912 AppIDSvc - ok

18:44:31.0919 6912 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

18:44:31.0982 6912 Appinfo - ok

18:44:32.0060 6912 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:44:32.0091 6912 Apple Mobile Device - ok

18:44:32.0138 6912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:44:32.0169 6912 arc - ok

18:44:32.0200 6912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:44:32.0231 6912 arcsas - ok

18:44:32.0262 6912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:44:32.0356 6912 AsyncMac - ok

18:44:32.0372 6912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

18:44:32.0403 6912 atapi - ok

18:44:32.0481 6912 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

18:44:32.0590 6912 athr - ok

18:44:32.0652 6912 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

18:44:32.0699 6912 AtiHdmiService - ok

18:44:32.0699 6912 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

18:44:32.0730 6912 AtiPcie - ok

18:44:32.0777 6912 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:44:32.0964 6912 AudioEndpointBuilder - ok

18:44:32.0980 6912 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:44:33.0089 6912 AudioSrv - ok

18:44:33.0152 6912 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

18:44:33.0183 6912 avgntflt - ok

18:44:33.0214 6912 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

18:44:33.0245 6912 avipbb - ok

18:44:33.0308 6912 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

18:44:33.0401 6912 AxInstSV - ok

18:44:33.0479 6912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:44:33.0510 6912 b06bdrv - ok

18:44:33.0588 6912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:44:33.0635 6912 b57nd60a - ok

18:44:33.0682 6912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:44:33.0729 6912 BDESVC - ok

18:44:33.0807 6912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:44:33.0900 6912 Beep - ok

18:44:33.0963 6912 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

18:44:34.0088 6912 BFE - ok

18:44:34.0166 6912 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll

18:44:34.0306 6912 BITS - ok

18:44:34.0337 6912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:44:34.0368 6912 blbdrive - ok

18:44:34.0446 6912 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:44:34.0493 6912 Bonjour Service - ok

18:44:34.0540 6912 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

18:44:34.0587 6912 bowser - ok

18:44:34.0618 6912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:44:34.0665 6912 BrFiltLo - ok

18:44:34.0696 6912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:44:34.0743 6912 BrFiltUp - ok

18:44:34.0836 6912 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:44:34.0946 6912 BridgeMP - ok

18:44:35.0039 6912 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

18:44:35.0148 6912 Browser - ok

18:44:35.0180 6912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:44:35.0226 6912 Brserid - ok

18:44:35.0258 6912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:44:35.0304 6912 BrSerWdm - ok

18:44:35.0320 6912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:44:35.0398 6912 BrUsbMdm - ok

18:44:35.0429 6912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:44:35.0476 6912 BrUsbSer - ok

18:44:35.0507 6912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:44:35.0554 6912 BTHMODEM - ok

18:44:35.0601 6912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:44:35.0710 6912 bthserv - ok

18:44:35.0741 6912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:44:35.0866 6912 cdfs - ok

18:44:35.0897 6912 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

18:44:35.0928 6912 cdrom - ok

18:44:35.0960 6912 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:44:36.0069 6912 CertPropSvc - ok

18:44:36.0147 6912 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

18:44:36.0178 6912 CinemaNow Service - ok

18:44:36.0209 6912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:44:36.0240 6912 circlass - ok

18:44:36.0272 6912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:44:36.0318 6912 CLFS - ok

18:44:36.0381 6912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:44:36.0412 6912 clr_optimization_v2.0.50727_32 - ok

18:44:36.0459 6912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:44:36.0490 6912 clr_optimization_v2.0.50727_64 - ok

18:44:36.0568 6912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:44:36.0630 6912 clr_optimization_v4.0.30319_32 - ok

18:44:36.0646 6912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:44:36.0677 6912 clr_optimization_v4.0.30319_64 - ok

18:44:36.0693 6912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:44:36.0740 6912 CmBatt - ok

18:44:36.0771 6912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

18:44:36.0786 6912 cmdide - ok

18:44:36.0849 6912 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

18:44:36.0927 6912 CNG - ok

18:44:36.0974 6912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:44:37.0020 6912 Compbatt - ok

18:44:37.0067 6912 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

18:44:37.0114 6912 CompositeBus - ok

18:44:37.0130 6912 COMSysApp - ok

18:44:37.0192 6912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:44:37.0223 6912 crcdisk - ok

18:44:37.0270 6912 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

18:44:37.0395 6912 CryptSvc - ok

18:44:37.0535 6912 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

18:44:37.0613 6912 cvhsvc - ok

18:44:37.0722 6912 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:44:37.0847 6912 DcomLaunch - ok

18:44:37.0878 6912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:44:38.0003 6912 defragsvc - ok

18:44:38.0050 6912 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

18:44:38.0128 6912 DfsC - ok

18:44:38.0175 6912 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

18:44:38.0300 6912 Dhcp - ok

18:44:38.0331 6912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:44:38.0471 6912 discache - ok

18:44:38.0502 6912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:44:38.0549 6912 Disk - ok

18:44:38.0580 6912 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

18:44:38.0612 6912 Dnscache - ok

18:44:38.0643 6912 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

18:44:38.0752 6912 dot3svc - ok

18:44:38.0768 6912 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

18:44:38.0877 6912 DPS - ok

18:44:38.0892 6912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:44:38.0924 6912 drmkaud - ok

18:44:38.0986 6912 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

18:44:39.0048 6912 DXGKrnl - ok

18:44:39.0080 6912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:44:39.0126 6912 EapHost - ok

18:44:39.0220 6912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:44:39.0376 6912 ebdrv - ok

18:44:39.0423 6912 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

18:44:39.0470 6912 EFS - ok

18:44:39.0548 6912 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

18:44:39.0641 6912 ehRecvr - ok

18:44:39.0688 6912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:44:39.0735 6912 ehSched - ok

18:44:39.0813 6912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:44:39.0860 6912 elxstor - ok

18:44:39.0906 6912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

18:44:39.0938 6912 ErrDev - ok

18:44:40.0000 6912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:44:40.0140 6912 EventSystem - ok

18:44:40.0172 6912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:44:40.0296 6912 exfat - ok

18:44:40.0328 6912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:44:40.0452 6912 fastfat - ok

18:44:40.0499 6912 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

18:44:40.0562 6912 Fax - ok

18:44:40.0577 6912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:44:40.0624 6912 fdc - ok

18:44:40.0655 6912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:44:40.0749 6912 fdPHost - ok

18:44:40.0780 6912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:44:40.0874 6912 FDResPub - ok

18:44:40.0905 6912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:44:40.0936 6912 FileInfo - ok

18:44:40.0952 6912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:44:41.0061 6912 Filetrace - ok

18:44:41.0154 6912 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:44:41.0232 6912 FLEXnet Licensing Service - ok

18:44:41.0248 6912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:44:41.0279 6912 flpydisk - ok

18:44:41.0326 6912 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

18:44:41.0357 6912 FltMgr - ok

18:44:41.0435 6912 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

18:44:41.0529 6912 FontCache - ok

18:44:41.0607 6912 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:44:41.0622 6912 FontCache3.0.0.0 - ok

18:44:41.0638 6912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:44:41.0669 6912 FsDepends - ok

18:44:41.0716 6912 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

18:44:41.0747 6912 Fs_Rec - ok

18:44:41.0794 6912 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:44:41.0841 6912 fvevol - ok

18:44:41.0872 6912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:44:41.0903 6912 gagp30kx - ok

18:44:42.0012 6912 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

18:44:42.0044 6912 GameConsoleService - ok

18:44:42.0090 6912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:44:42.0106 6912 GEARAspiWDM - ok

18:44:42.0200 6912 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

18:44:42.0293 6912 gpsvc - ok

18:44:42.0309 6912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:44:42.0356 6912 hcw85cir - ok

18:44:42.0402 6912 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

18:44:42.0465 6912 HdAudAddService - ok

18:44:42.0496 6912 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:44:42.0558 6912 HDAudBus - ok

18:44:42.0590 6912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:44:42.0636 6912 HidBatt - ok

18:44:42.0652 6912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:44:42.0683 6912 HidBth - ok

18:44:42.0714 6912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:44:42.0761 6912 HidIr - ok

18:44:42.0792 6912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:44:42.0886 6912 hidserv - ok

18:44:42.0933 6912 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

18:44:42.0964 6912 HidUsb - ok

18:44:42.0995 6912 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

18:44:43.0104 6912 hkmsvc - ok

18:44:43.0136 6912 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

18:44:43.0167 6912 HomeGroupListener - ok

18:44:43.0198 6912 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

18:44:43.0229 6912 HomeGroupProvider - ok

18:44:43.0354 6912 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:44:43.0385 6912 HP Support Assistant Service - ok

18:44:43.0494 6912 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

18:44:43.0526 6912 HP Wireless Assistant Service - ok

18:44:43.0588 6912 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:44:43.0619 6912 HPDrvMntSvc.exe - ok

18:44:43.0744 6912 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

18:44:43.0775 6912 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

18:44:43.0775 6912 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

18:44:43.0791 6912 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

18:44:43.0822 6912 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

18:44:43.0822 6912 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

18:44:43.0853 6912 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

18:44:43.0931 6912 hpqwmiex - ok

18:44:44.0009 6912 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

18:44:44.0056 6912 HpSAMD - ok

18:44:44.0103 6912 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

18:44:44.0181 6912 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

18:44:44.0181 6912 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

18:44:44.0243 6912 HPWMISVC (5aa89e152634954e15e9db265c6a8557) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

18:44:44.0274 6912 HPWMISVC - ok

18:44:44.0306 6912 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

18:44:44.0446 6912 HTTP - ok

18:44:44.0477 6912 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

18:44:44.0508 6912 hwpolicy - ok

18:44:44.0540 6912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:44:44.0571 6912 i8042prt - ok

18:44:44.0618 6912 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

18:44:44.0680 6912 iaStorV - ok

18:44:44.0789 6912 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:44:44.0852 6912 idsvc - ok

18:44:45.0039 6912 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:44:45.0304 6912 igfx - ok

18:44:45.0335 6912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:44:45.0351 6912 iirsp - ok

18:44:45.0398 6912 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

18:44:45.0476 6912 IKEEXT - ok

18:44:45.0554 6912 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys

18:44:45.0632 6912 IntcAzAudAddService - ok

18:44:45.0663 6912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

18:44:45.0678 6912 intelide - ok

18:44:45.0741 6912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:44:45.0772 6912 intelppm - ok

18:44:45.0803 6912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:44:45.0897 6912 IPBusEnum - ok

18:44:45.0912 6912 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:44:46.0022 6912 IpFilterDriver - ok

18:44:46.0053 6912 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

18:44:46.0178 6912 iphlpsvc - ok

18:44:46.0224 6912 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

18:44:46.0256 6912 IPMIDRV - ok

18:44:46.0302 6912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:44:46.0396 6912 IPNAT - ok

18:44:46.0505 6912 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

18:44:46.0583 6912 iPod Service - ok

18:44:46.0614 6912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:44:46.0661 6912 IRENUM - ok

18:44:46.0677 6912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

18:44:46.0724 6912 isapnp - ok

18:44:46.0770 6912 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

18:44:46.0802 6912 iScsiPrt - ok

18:44:46.0833 6912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:44:46.0864 6912 kbdclass - ok

18:44:46.0895 6912 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

18:44:46.0942 6912 kbdhid - ok

18:44:46.0989 6912 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:44:47.0036 6912 KeyIso - ok

18:44:47.0051 6912 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

18:44:47.0082 6912 KSecDD - ok

18:44:47.0114 6912 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

18:44:47.0145 6912 KSecPkg - ok

18:44:47.0160 6912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:44:47.0270 6912 ksthunk - ok

18:44:47.0316 6912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:44:47.0457 6912 KtmRm - ok

18:44:47.0504 6912 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll

18:44:47.0566 6912 LanmanServer - ok

18:44:47.0597 6912 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

18:44:47.0722 6912 LanmanWorkstation - ok

18:44:47.0831 6912 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

18:44:47.0847 6912 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

18:44:47.0847 6912 LightScribeService - detected UnsignedFile.Multi.Generic (1)

18:44:47.0894 6912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:44:48.0003 6912 lltdio - ok

18:44:48.0050 6912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:44:48.0159 6912 lltdsvc - ok

18:44:48.0190 6912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:44:48.0284 6912 lmhosts - ok

18:44:48.0330 6912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:44:48.0362 6912 LSI_FC - ok

18:44:48.0393 6912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:44:48.0424 6912 LSI_SAS - ok

18:44:48.0440 6912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:44:48.0471 6912 LSI_SAS2 - ok

18:44:48.0502 6912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:44:48.0533 6912 LSI_SCSI - ok

18:44:48.0564 6912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:44:48.0658 6912 luafv - ok

18:44:48.0736 6912 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

18:44:48.0767 6912 MBAMProtector - ok

18:44:48.0892 6912 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:44:48.0954 6912 MBAMService - ok

18:44:49.0001 6912 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

18:44:49.0032 6912 Mcx2Svc - ok

18:44:49.0064 6912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:44:49.0095 6912 megasas - ok

18:44:49.0126 6912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:44:49.0173 6912 MegaSR - ok

18:44:49.0266 6912 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

18:44:49.0298 6912 Microsoft Office Groove Audit Service - ok

18:44:49.0344 6912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:44:49.0454 6912 MMCSS - ok

18:44:49.0485 6912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:44:49.0594 6912 Modem - ok

18:44:49.0610 6912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:44:49.0656 6912 monitor - ok

18:44:49.0688 6912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:44:49.0719 6912 mouclass - ok

18:44:49.0750 6912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:44:49.0781 6912 mouhid - ok

18:44:49.0828 6912 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

18:44:49.0859 6912 mountmgr - ok

18:44:49.0890 6912 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

18:44:49.0922 6912 mpio - ok

18:44:49.0937 6912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:44:50.0046 6912 mpsdrv - ok

18:44:50.0078 6912 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

18:44:50.0218 6912 MpsSvc - ok

18:44:50.0249 6912 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

18:44:50.0296 6912 MRxDAV - ok

18:44:50.0343 6912 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:44:50.0390 6912 mrxsmb - ok

18:44:50.0436 6912 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:44:50.0468 6912 mrxsmb10 - ok

18:44:50.0500 6912 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:44:50.0547 6912 mrxsmb20 - ok

18:44:50.0593 6912 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys

18:44:50.0625 6912 msahci - ok

18:44:50.0656 6912 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

18:44:50.0687 6912 msdsm - ok

18:44:50.0718 6912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:44:50.0749 6912 MSDTC - ok

18:44:50.0781 6912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:44:50.0874 6912 Msfs - ok

18:44:50.0905 6912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:44:51.0015 6912 mshidkmdf - ok

18:44:51.0030 6912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

18:44:51.0061 6912 msisadrv - ok

18:44:51.0108 6912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:44:51.0217 6912 MSiSCSI - ok

18:44:51.0233 6912 msiserver - ok

18:44:51.0264 6912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:44:51.0358 6912 MSKSSRV - ok

18:44:51.0373 6912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:44:51.0483 6912 MSPCLOCK - ok

18:44:51.0515 6912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:44:51.0608 6912 MSPQM - ok

18:44:51.0640 6912 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

18:44:51.0686 6912 MsRPC - ok

18:44:51.0718 6912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

18:44:51.0749 6912 mssmbios - ok

18:44:51.0764 6912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:44:51.0874 6912 MSTEE - ok

18:44:51.0920 6912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:44:51.0952 6912 MTConfig - ok

18:44:51.0967 6912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:44:51.0998 6912 Mup - ok

18:44:52.0061 6912 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

18:44:52.0186 6912 napagent - ok

18:44:52.0248 6912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:44:52.0310 6912 NativeWifiP - ok

18:44:52.0357 6912 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

18:44:52.0435 6912 NDIS - ok

18:44:52.0466 6912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:44:52.0561 6912 NdisCap - ok

18:44:52.0592 6912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:44:52.0655 6912 NdisTapi - ok

18:44:52.0701 6912 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

18:44:52.0748 6912 Ndisuio - ok

18:44:52.0795 6912 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:44:52.0842 6912 NdisWan - ok

18:44:52.0873 6912 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

18:44:52.0935 6912 NDProxy - ok

18:44:52.0967 6912 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

18:44:52.0982 6912 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:44:52.0982 6912 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:44:53.0029 6912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:44:53.0091 6912 NetBIOS - ok

18:44:53.0123 6912 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

18:44:53.0201 6912 NetBT - ok

18:44:53.0247 6912 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:44:53.0279 6912 Netlogon - ok

18:44:53.0325 6912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:44:53.0435 6912 Netman - ok

18:44:53.0497 6912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:44:53.0654 6912 netprofm - ok

18:44:53.0794 6912 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:44:53.0857 6912 NetTcpPortSharing - ok

18:44:54.0028 6912 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

18:44:54.0278 6912 netw5v64 - ok

18:44:54.0325 6912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:44:54.0356 6912 nfrd960 - ok

18:44:54.0403 6912 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

18:44:54.0528 6912 NlaSvc - ok

18:44:54.0730 6912 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

18:44:54.0918 6912 NOBU - ok

18:44:54.0949 6912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:44:55.0058 6912 Npfs - ok

18:44:55.0089 6912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:44:55.0183 6912 nsi - ok

18:44:55.0230 6912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:44:55.0354 6912 nsiproxy - ok

18:44:55.0448 6912 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

18:44:55.0557 6912 Ntfs - ok

18:44:55.0588 6912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:44:55.0713 6912 Null - ok

18:44:55.0760 6912 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

18:44:55.0791 6912 nvraid - ok

18:44:55.0838 6912 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

18:44:55.0885 6912 nvstor - ok

18:44:55.0932 6912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

18:44:55.0963 6912 nv_agp - ok

18:44:56.0119 6912 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:44:56.0181 6912 odserv - ok

18:44:56.0228 6912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

18:44:56.0290 6912 ohci1394 - ok

18:44:56.0353 6912 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:44:56.0384 6912 ose - ok

18:44:56.0587 6912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:44:56.0868 6912 osppsvc - ok

18:44:56.0946 6912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:44:56.0992 6912 p2pimsvc - ok

18:44:57.0039 6912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:44:57.0086 6912 p2psvc - ok

18:44:57.0117 6912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:44:57.0164 6912 Parport - ok

18:44:57.0195 6912 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

18:44:57.0226 6912 partmgr - ok

18:44:57.0258 6912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:44:57.0320 6912 PcaSvc - ok

18:44:57.0351 6912 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

18:44:57.0382 6912 pci - ok

18:44:57.0414 6912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

18:44:57.0445 6912 pciide - ok

18:44:57.0507 6912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:44:57.0538 6912 pcmcia - ok

18:44:57.0570 6912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:44:57.0601 6912 pcw - ok

18:44:57.0632 6912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:44:57.0772 6912 PEAUTH - ok

18:44:57.0835 6912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:44:57.0882 6912 PerfHost - ok

18:44:57.0975 6912 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

18:44:58.0131 6912 pla - ok

18:44:58.0209 6912 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

18:44:58.0256 6912 PlugPlay - ok

18:44:58.0303 6912 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

18:44:58.0334 6912 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:44:58.0334 6912 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:44:58.0365 6912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:44:58.0396 6912 PNRPAutoReg - ok

18:44:58.0428 6912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:44:58.0459 6912 PNRPsvc - ok

18:44:58.0506 6912 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

18:44:58.0616 6912 PolicyAgent - ok

18:44:58.0647 6912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:44:58.0772 6912 Power - ok

18:44:58.0819 6912 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

18:44:58.0912 6912 PptpMiniport - ok

18:44:58.0943 6912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:44:58.0990 6912 Processor - ok

18:44:59.0021 6912 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

18:44:59.0131 6912 ProfSvc - ok

18:44:59.0177 6912 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:44:59.0209 6912 ProtectedStorage - ok

18:44:59.0240 6912 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

18:44:59.0349 6912 Psched - ok

18:44:59.0396 6912 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

18:44:59.0427 6912 PxHlpa64 - ok

18:44:59.0505 6912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:44:59.0614 6912 ql2300 - ok

18:44:59.0645 6912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:44:59.0692 6912 ql40xx - ok

18:44:59.0723 6912 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:44:59.0801 6912 QWAVE - ok

18:44:59.0817 6912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:44:59.0864 6912 QWAVEdrv - ok

18:44:59.0895 6912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:45:00.0004 6912 RasAcd - ok

18:45:00.0020 6912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:45:00.0113 6912 RasAgileVpn - ok

18:45:00.0145 6912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:45:00.0254 6912 RasAuto - ok

18:45:00.0285 6912 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:45:00.0394 6912 Rasl2tp - ok

18:45:00.0410 6912 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

18:45:00.0519 6912 RasMan - ok

18:45:00.0550 6912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:45:00.0644 6912 RasPppoe - ok

18:45:00.0659 6912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:45:00.0769 6912 RasSstp - ok

18:45:00.0815 6912 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

18:45:00.0909 6912 rdbss - ok

18:45:00.0956 6912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:45:00.0987 6912 rdpbus - ok

18:45:01.0003 6912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:45:01.0112 6912 RDPCDD - ok

18:45:01.0159 6912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:45:01.0252 6912 RDPENCDD - ok

18:45:01.0283 6912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:45:01.0377 6912 RDPREFMP - ok

18:45:01.0424 6912 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

18:45:01.0455 6912 RDPWD - ok

18:45:01.0471 6912 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

18:45:01.0517 6912 rdyboost - ok

18:45:01.0549 6912 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:45:01.0658 6912 RemoteAccess - ok

18:45:01.0689 6912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:45:01.0798 6912 RemoteRegistry - ok

18:45:01.0829 6912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:45:01.0939 6912 RpcEptMapper - ok

18:45:01.0985 6912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:45:02.0017 6912 RpcLocator - ok

18:45:02.0063 6912 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:45:02.0157 6912 RpcSs - ok

18:45:02.0204 6912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:45:02.0313 6912 rspndr - ok

18:45:02.0391 6912 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

18:45:02.0438 6912 RSUSBSTOR - ok

18:45:02.0500 6912 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:45:02.0547 6912 RTL8167 - ok

18:45:02.0625 6912 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

18:45:02.0641 6912 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

18:45:02.0641 6912 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

18:45:02.0688 6912 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:45:02.0719 6912 SamSs - ok

18:45:02.0781 6912 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

18:45:02.0812 6912 SASDIFSV - ok

18:45:02.0859 6912 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

18:45:02.0890 6912 SASKUTIL - ok

18:45:02.0922 6912 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

18:45:02.0953 6912 sbp2port - ok

18:45:03.0000 6912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:45:03.0093 6912 SCardSvr - ok

18:45:03.0109 6912 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

18:45:03.0218 6912 scfilter - ok

18:45:03.0265 6912 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

18:45:03.0343 6912 Schedule - ok

18:45:03.0390 6912 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:45:03.0483 6912 SCPolicySvc - ok

18:45:03.0514 6912 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

18:45:03.0561 6912 sdbus - ok

18:45:03.0577 6912 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

18:45:03.0624 6912 SDRSVC - ok

18:45:03.0748 6912 SeaPort (3e0cff5f0a9d23e327703d72cea5253f) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

18:45:03.0780 6912 SeaPort - ok

18:45:03.0826 6912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:45:03.0920 6912 secdrv - ok

18:45:03.0967 6912 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

18:45:04.0107 6912 seclogon - ok

18:45:04.0123 6912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

18:45:04.0201 6912 SENS - ok

18:45:04.0232 6912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:45:04.0248 6912 SensrSvc - ok

18:45:04.0279 6912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:45:04.0310 6912 Serenum - ok

18:45:04.0341 6912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:45:04.0357 6912 Serial - ok

18:45:04.0388 6912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:45:04.0435 6912 sermouse - ok

18:45:04.0482 6912 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

18:45:04.0591 6912 SessionEnv - ok

18:45:04.0622 6912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

18:45:04.0653 6912 sffdisk - ok

18:45:04.0684 6912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

18:45:04.0731 6912 sffp_mmc - ok

18:45:04.0762 6912 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

18:45:04.0809 6912 sffp_sd - ok

18:45:04.0856 6912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:45:04.0887 6912 sfloppy - ok

18:45:04.0950 6912 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys

18:45:05.0012 6912 Sftfs - ok

18:45:05.0106 6912 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

18:45:05.0152 6912 sftlist - ok

18:45:05.0184 6912 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys

18:45:05.0215 6912 Sftplay - ok

18:45:05.0246 6912 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys

18:45:05.0262 6912 Sftredir - ok

18:45:05.0293 6912 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys

18:45:05.0308 6912 Sftvol - ok

18:45:05.0340 6912 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

18:45:05.0371 6912 sftvsa - ok

18:45:05.0402 6912 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:45:05.0511 6912 SharedAccess - ok

18:45:05.0574 6912 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

18:45:05.0636 6912 ShellHWDetection - ok

18:45:05.0683 6912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:45:05.0714 6912 SiSRaid2 - ok

18:45:05.0745 6912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:45:05.0776 6912 SiSRaid4 - ok

18:45:05.0823 6912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:45:05.0932 6912 Smb - ok

18:45:05.0979 6912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:45:06.0026 6912 SNMPTRAP - ok

18:45:06.0057 6912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:45:06.0088 6912 spldr - ok

18:45:06.0135 6912 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

18:45:06.0198 6912 Spooler - ok

18:45:06.0291 6912 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

18:45:06.0478 6912 sppsvc - ok

18:45:06.0510 6912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:45:06.0603 6912 sppuinotify - ok

18:45:06.0650 6912 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

18:45:06.0712 6912 srv - ok

18:45:06.0744 6912 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

18:45:06.0775 6912 srv2 - ok

18:45:06.0822 6912 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

18:45:06.0853 6912 SrvHsfHDA - ok

18:45:06.0915 6912 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:45:07.0009 6912 SrvHsfV92 - ok

18:45:07.0024 6912 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:45:07.0056 6912 SrvHsfWinac - ok

18:45:07.0087 6912 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

18:45:07.0118 6912 srvnet - ok

18:45:07.0165 6912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:45:07.0227 6912 SSDPSRV - ok

18:45:07.0258 6912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:45:07.0305 6912 SstpSvc - ok

18:45:07.0336 6912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:45:07.0368 6912 stexstor - ok

18:45:07.0414 6912 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

18:45:07.0461 6912 StillCam - ok

18:45:07.0508 6912 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

18:45:07.0570 6912 stisvc - ok

18:45:07.0602 6912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

18:45:07.0633 6912 swenum - ok

18:45:07.0664 6912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:45:07.0789 6912 swprv - ok

18:45:07.0851 6912 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys

18:45:07.0898 6912 SynTP - ok

18:45:07.0960 6912 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

18:45:08.0085 6912 SysMain - ok

18:45:08.0116 6912 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

18:45:08.0163 6912 TabletInputService - ok

18:45:08.0194 6912 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

18:45:08.0304 6912 TapiSrv - ok

18:45:08.0335 6912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:45:08.0444 6912 TBS - ok

18:45:08.0538 6912 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

18:45:08.0662 6912 Tcpip - ok

18:45:08.0740 6912 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

18:45:08.0850 6912 TCPIP6 - ok

18:45:08.0896 6912 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

18:45:08.0990 6912 tcpipreg - ok

18:45:09.0021 6912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:45:09.0068 6912 TDPIPE - ok

18:45:09.0099 6912 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

18:45:09.0130 6912 TDTCP - ok

18:45:09.0162 6912 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

18:45:09.0271 6912 tdx - ok

18:45:09.0520 6912 TeamViewer6 (c314391535b8bba4238c13d663b07f83) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

18:45:09.0661 6912 TeamViewer6 - ok

18:45:09.0692 6912 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

18:45:09.0723 6912 TermDD - ok

18:45:09.0770 6912 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

18:45:09.0942 6912 TermService - ok

18:45:09.0957 6912 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:45:10.0020 6912 Themes - ok

18:45:10.0051 6912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:45:10.0144 6912 THREADORDER - ok

18:45:10.0176 6912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:45:10.0269 6912 TrkWks - ok

18:45:10.0316 6912 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

18:45:10.0363 6912 TrustedInstaller - ok

18:45:10.0410 6912 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:45:10.0503 6912 tssecsrv - ok

18:45:10.0550 6912 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

18:45:10.0659 6912 tunnel - ok

18:45:10.0706 6912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:45:10.0737 6912 uagp35 - ok

18:45:10.0769 6912 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys

18:45:10.0816 6912 udfs - ok

18:45:10.0847 6912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:45:10.0894 6912 UI0Detect - ok

18:45:10.0941 6912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

18:45:10.0972 6912 uliagpkx - ok

18:45:11.0003 6912 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

18:45:11.0035 6912 umbus - ok

18:45:11.0066 6912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:45:11.0097 6912 UmPass - ok

18:45:11.0128 6912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:45:11.0237 6912 upnphost - ok

18:45:11.0284 6912 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:45:11.0300 6912 USBAAPL64 - ok

18:45:11.0347 6912 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

18:45:11.0378 6912 usbccgp - ok

18:45:11.0409 6912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

18:45:11.0456 6912 usbcir - ok

18:45:11.0487 6912 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

18:45:11.0518 6912 usbehci - ok

18:45:11.0565 6912 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

18:45:11.0596 6912 usbfilter - ok

18:45:11.0627 6912 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

18:45:11.0659 6912 usbhub - ok

18:45:11.0674 6912 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys

18:45:11.0721 6912 usbohci - ok

18:45:11.0752 6912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:45:11.0783 6912 usbprint - ok

18:45:11.0830 6912 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:45:11.0877 6912 USBSTOR - ok

18:45:11.0908 6912 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

18:45:11.0924 6912 usbuhci - ok

18:45:11.0971 6912 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

18:45:12.0017 6912 usbvideo - ok

18:45:12.0049 6912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:45:12.0158 6912 UxSms - ok

18:45:12.0189 6912 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:45:12.0236 6912 VaultSvc - ok

18:45:12.0267 6912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

18:45:12.0298 6912 vdrvroot - ok

18:45:12.0329 6912 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

18:45:12.0376 6912 vds - ok

18:45:12.0407 6912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:45:12.0454 6912 vga - ok

18:45:12.0470 6912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:45:12.0579 6912 VgaSave - ok

18:45:12.0626 6912 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

18:45:12.0657 6912 vhdmp - ok

18:45:12.0688 6912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

18:45:12.0704 6912 viaide - ok

18:45:12.0735 6912 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

18:45:12.0766 6912 volmgr - ok

18:45:12.0797 6912 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

18:45:12.0844 6912 volmgrx - ok

18:45:12.0875 6912 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

18:45:12.0907 6912 volsnap - ok

18:45:12.0953 6912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:45:12.0985 6912 vsmraid - ok

18:45:13.0047 6912 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

18:45:13.0141 6912 VSS - ok

18:45:13.0156 6912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:45:13.0203 6912 vwifibus - ok

18:45:13.0250 6912 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:45:13.0312 6912 vwififlt - ok

18:45:13.0359 6912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:45:13.0484 6912 W32Time - ok

18:45:13.0531 6912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:45:13.0577 6912 WacomPen - ok

18:45:13.0609 6912 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:45:13.0702 6912 WANARP - ok

18:45:13.0718 6912 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:45:13.0811 6912 Wanarpv6 - ok

18:45:13.0905 6912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:45:13.0999 6912 WatAdminSvc - ok

18:45:14.0061 6912 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

18:45:14.0155 6912 wbengine - ok

18:45:14.0170 6912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:45:14.0217 6912 WbioSrvc - ok

18:45:14.0279 6912 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

18:45:14.0311 6912 wcncsvc - ok

18:45:14.0342 6912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:45:14.0373 6912 WcsPlugInService - ok

18:45:14.0420 6912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:45:14.0435 6912 Wd - ok

18:45:14.0482 6912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:45:14.0545 6912 Wdf01000 - ok

18:45:14.0560 6912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:45:14.0623 6912 WdiServiceHost - ok

18:45:14.0623 6912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:45:14.0685 6912 WdiSystemHost - ok

18:45:14.0716 6912 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

18:45:14.0763 6912 WebClient - ok

18:45:14.0794 6912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:45:14.0903 6912 Wecsvc - ok

18:45:14.0919 6912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:45:15.0028 6912 wercplsupport - ok

18:45:15.0059 6912 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:45:15.0153 6912 WerSvc - ok

18:45:15.0200 6912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:45:15.0309 6912 WfpLwf - ok

18:45:15.0340 6912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:45:15.0371 6912 WIMMount - ok

18:45:15.0434 6912 WinDefend - ok

18:45:15.0449 6912 WinHttpAutoProxySvc - ok

18:45:15.0527 6912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:45:15.0605 6912 Winmgmt - ok

18:45:15.0668 6912 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

18:45:15.0777 6912 WinRM - ok

18:45:15.0839 6912 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

18:45:15.0871 6912 WinUsb - ok

18:45:15.0917 6912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:45:15.0995 6912 Wlansvc - ok

18:45:16.0136 6912 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:45:16.0276 6912 wlidsvc - ok

18:45:16.0307 6912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

18:45:16.0339 6912 WmiAcpi - ok

18:45:16.0417 6912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:45:16.0448 6912 wmiApSrv - ok

18:45:16.0510 6912 WMPNetworkSvc - ok

18:45:16.0541 6912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:45:16.0588 6912 WPCSvc - ok

18:45:16.0604 6912 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

18:45:16.0666 6912 WPDBusEnum - ok

18:45:16.0697 6912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:45:16.0807 6912 ws2ifsl - ok

18:45:16.0838 6912 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll

18:45:16.0885 6912 wscsvc - ok

18:45:16.0900 6912 WSearch - ok

18:45:17.0009 6912 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

18:45:17.0228 6912 wuauserv - ok

18:45:17.0259 6912 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

18:45:17.0368 6912 WudfPf - ok

18:45:17.0399 6912 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:45:17.0493 6912 WUDFRd - ok

18:45:17.0540 6912 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

18:45:17.0633 6912 wudfsvc - ok

18:45:17.0649 6912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:45:17.0680 6912 WwanSvc - ok

18:45:17.0727 6912 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

18:45:17.0774 6912 yukonw7 - ok

18:45:17.0805 6912 MBR (0x1B8) (ced913df7efc52cae7e848328999b01c) \Device\Harddisk0\DR0

18:45:17.0961 6912 \Device\Harddisk0\DR0 - ok

18:45:18.0008 6912 Boot (0x1200) (1edee061d7ee80abd31a8eccb7743583) \Device\Harddisk0\DR0\Partition0

18:45:18.0008 6912 \Device\Harddisk0\DR0\Partition0 - ok

18:45:18.0023 6912 Boot (0x1200) (eb9e34273bb6a55407c85dcc73eee477) \Device\Harddisk0\DR0\Partition1

18:45:18.0023 6912 \Device\Harddisk0\DR0\Partition1 - ok

18:45:18.0070 6912 Boot (0x1200) (59b5094c0c60ba293101b201023d6972) \Device\Harddisk0\DR0\Partition2

18:45:18.0070 6912 \Device\Harddisk0\DR0\Partition2 - ok

18:45:18.0101 6912 Boot (0x1200) (ee23be9c7e0c8f3d8f1d43d81453506f) \Device\Harddisk0\DR0\Partition3

18:45:18.0101 6912 \Device\Harddisk0\DR0\Partition3 - ok

18:45:18.0117 6912 ============================================================

18:45:18.0117 6912 Scan finished

18:45:18.0117 6912 ============================================================

18:45:18.0148 2836 Detected object count: 7

18:45:18.0148 2836 Actual detected object count: 7

18:45:55.0888 2836 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0888 2836 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0903 2836 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0903 2836 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0903 2836 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0903 2836 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0903 2836 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0903 2836 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0919 2836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0919 2836 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0919 2836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0919 2836 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:45:55.0919 2836 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

18:45:55.0919 2836 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:46:11.0191 6664 Deinitialize success

Had 7 threats all being simple unsigned files

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.