lman2

Honorary Members

View Profile See their activity

Posts
39
Joined
November 4, 2012
Last visited
September 29, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by lman2

c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

these are the otl logs All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 312685323 bytes ->Temporary Internet Files folder emptied: 10659893 bytes ->FireFox cache emptied: 398475750 bytes ->Flash cache emptied: 0 bytes User: Louis ->Temp folder emptied: 12485209 bytes ->Temporary Internet Files folder emptied: 9569196 bytes ->Java cache emptied: 337170 bytes ->FireFox cache emptied: 422679202 bytes ->Flash cache emptied: 19909 bytes User: Mcx1-LOUIS-HP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 245945 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 222862009 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119186 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,326.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Guest ->Flash cache emptied: 0 bytes User: Louis ->Flash cache emptied: 0 bytes User: Mcx1-LOUIS-HP ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: Guest User: Louis ->Java cache emptied: 0 bytes User: Mcx1-LOUIS-HP User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11082012_183449 Files\Folders moved on Reboot... C:\Users\Louis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
help please

lman2 posted a topic in General Windows PC Help

I just bought an old alienware computer that was running windows xp and had a bunch of viruses. It seems the previous owner didn't know what he was doing and deleted a lot of the main programs too because I couldn't access anything, such as the "uninstall programs" menu or "system properties" etc. I took it to my friend and he installed windows 7 and told me that should take care of all the problems. It seems to be running smoother. I just downloaded malwayrebytes on it. Should I also download tdsskiller and OTL on it too? Or does anyone know of any other antivirus/malware etc programs I should download on it? Any advice on how to get the best use out of this computer. I plan on using it mostly for gaming. I happen to be really bad with computer jargon so if anyone could give me as simple instructions as possible I would really appreciate it. =D P.S. By installing windows 7 did he erase any of the alienware software? Not sure if there is even such a thing (like I said bad with computers lol) but I don't have any install disks or anything like that so if it is missing that software anyone know how I could go about replacing it if its even necessary
- November 8, 2012
- 6 replies
Computer help

lman2 replied to lman2's topic in General Windows PC Help

I just bought an old alienware computer that was running windows xp and had a bunch of viruses. It seems the previous owner didn't know what he was doing and deleted a lot of the main programs too because I couldn't access anything, such as the "uninstall programs" menu or "system properties" etc. I took it to my friend and he installed windows 7 and told me that should take care of all the problems. It seems to be running smoother. I just downloaded malwayrebytes on it. Should I also download tdsskiller and OTL on it too? Or does anyone know of any other antivirus/malware etc programs I should download on it? Any advice on how to get the best use out of this computer. I plan on using it mostly for gaming. I happen to be really bad with computer jargon so if anyone could give me as simple instructions as possible I would really appreciate it. =D P.S. By installing windows 7 did he erase any of the alienware software? Not sure if there is even such a thing (like I said bad with computers lol) but I don't have any install disks or anything like that so if it is missing that software anyone know how I could go about replacing it if its even necessary
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

ok I did the scan, took more than 2 hours. Says it found 15 threats, here are the logs ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=29f46ba74dfe73449032d4007f17d00c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-08 05:27:27 # local_time=2012-11-08 12:27:27 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 103886436 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=264046 # found=15 # cleaned=0 # scan_time=9460 C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Louis\AppData\Local\Temp\Av-test.txt Eicar test file (unable to clean) 00000000000000000000000000000000 I C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5d1375c1-15a3c105 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-71e37dac Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b4d836b-1c6c5faa Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Louis\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Temp\jar_cache3442685919197725160.tmp Java/Exploit.CVE-2012-1723.CU trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\Temp\MZHTOL Java/Exploit.CVE-2012-1723.CU trojan (unable to clean) 00000000000000000000000000000000 I
Computer help

lman2 posted a topic in General Windows PC Help

I just bought an old alienware computer that was running windows xp and had a bunch of viruses. It seems the previous owner didn't know what he was doing and deleted a lot of the main programs too because I couldn't access anything, such as the "uninstall programs" menu or "system properties" etc. I took it to my friend and he installed windows 7 and told me that should take care of all the problems. It seems to be running smoother. I just downloaded malwayrebytes on it. Should I also download tdsskiller and OTL on it too? Or does anyone know of any other antivirus/malware etc programs I should download on it? Any advice on how to get the best use out of this computer. I plan on using it mostly for gaming. I happen to be really bad with computer jargon so if anyone could give me as simple instructions as possible I would really appreciate it. =D P.S. By installing windows 7 did he erase any of the alienware software? Not sure if there is even such a thing (like I said bad with computers lol) but I don't have any install disks or anything like that so if it is missing that software anyone know how I could go about replacing it if its even necessary
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

By the way thanks for all your help I really appreciate it.
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

Wow it actually rebooted. First time in a very long time! When it booted back up I just reopened TDSSKILLER and went to report. This is the log that was there. On a second note I just bought an old alienware computer that was running windows xp and had a bunch of viruses. I nstalled windows 7 and it seems to be running smoother. Just downloaded malwayrebytes on it. Should I also download tdsskiller and OLS on it too? Or do you have any other antivirus/malware etc programs I should download on it? 20:27:55.0992 3412 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:27:56.0460 3412 ============================================================ 20:27:56.0460 3412 Current date / time: 2012/11/07 20:27:56.0460 20:27:56.0460 3412 SystemInfo: 20:27:56.0460 3412 20:27:56.0460 3412 OS Version: 6.1.7601 ServicePack: 1.0 20:27:56.0460 3412 Product type: Workstation 20:27:56.0460 3412 ComputerName: LOUIS-HP 20:27:56.0460 3412 UserName: Louis 20:27:56.0460 3412 Windows directory: C:\Windows 20:27:56.0460 3412 System windows directory: C:\Windows 20:27:56.0460 3412 Running under WOW64 20:27:56.0460 3412 Processor architecture: Intel x64 20:27:56.0460 3412 Number of processors: 2 20:27:56.0460 3412 Page size: 0x1000 20:27:56.0460 3412 Boot type: Normal boot 20:27:56.0460 3412 ============================================================ 20:27:59.0206 3412 BG loaded 20:28:00.0469 3412 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:28:00.0469 3412 Drive \Device\Harddisk1\DR1 - Size: 0x1E6E80000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:28:00.0469 3412 ============================================================ 20:28:00.0469 3412 \Device\Harddisk0\DR0: 20:28:00.0469 3412 MBR partitions: 20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B9C000 20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37C00000, BlocksNum 0x2752000 20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830 20:28:00.0469 3412 \Device\Harddisk1\DR1: 20:28:00.0469 3412 MBR partitions: 20:28:00.0469 3412 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2001, BlocksNum 0xF353FF 20:28:00.0469 3412 ============================================================ 20:28:00.0797 3412 C: <-> \Device\Harddisk0\DR0\Partition2 20:28:01.0639 3412 D: <-> \Device\Harddisk0\DR0\Partition3 20:28:01.0686 3412 F: <-> \Device\Harddisk0\DR0\Partition4 20:28:01.0686 3412 ============================================================ 20:28:01.0686 3412 Initialize success 20:28:01.0686 3412 ============================================================
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

Ok so I ran OTL and did the scan you asked, but when it rebooted it froze. So then I did the TDSSKILLER I did the scan and when it found an infected file I hit skip instead of cure. This is the log I got when I pressed report 18:09:04.0962 2056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:09:05.0321 2056 ============================================================ 18:09:05.0321 2056 Current date / time: 2012/11/07 18:09:05.0321 18:09:05.0321 2056 SystemInfo: 18:09:05.0321 2056 18:09:05.0321 2056 OS Version: 6.1.7601 ServicePack: 1.0 18:09:05.0321 2056 Product type: Workstation 18:09:05.0321 2056 ComputerName: LOUIS-HP 18:09:05.0321 2056 UserName: Louis 18:09:05.0321 2056 Windows directory: C:\Windows 18:09:05.0321 2056 System windows directory: C:\Windows 18:09:05.0321 2056 Running under WOW64 18:09:05.0321 2056 Processor architecture: Intel x64 18:09:05.0321 2056 Number of processors: 2 18:09:05.0321 2056 Page size: 0x1000 18:09:05.0321 2056 Boot type: Normal boot 18:09:05.0321 2056 ============================================================ 18:09:06.0616 2056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:09:06.0616 2056 Drive \Device\Harddisk1\DR1 - Size: 0x1E6E80000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:09:06.0631 2056 ============================================================ 18:09:06.0631 2056 \Device\Harddisk0\DR0: 18:09:06.0631 2056 MBR partitions: 18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B9C000 18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37C00000, BlocksNum 0x2752000 18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830 18:09:06.0631 2056 \Device\Harddisk1\DR1: 18:09:06.0631 2056 MBR partitions: 18:09:06.0631 2056 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2001, BlocksNum 0xF353FF 18:09:06.0631 2056 ============================================================ 18:09:06.0663 2056 C: <-> \Device\Harddisk0\DR0\Partition2 18:09:06.0709 2056 D: <-> \Device\Harddisk0\DR0\Partition3 18:09:06.0725 2056 F: <-> \Device\Harddisk0\DR0\Partition4 18:09:06.0725 2056 ============================================================ 18:09:06.0725 2056 Initialize success 18:09:06.0725 2056 ============================================================ 18:11:16.0860 1436 ============================================================ 18:11:16.0860 1436 Scan started 18:11:16.0860 1436 Mode: Manual; 18:11:16.0860 1436 ============================================================ 18:11:17.0578 1436 ================ Scan system memory ======================== 18:11:17.0578 1436 System memory - ok 18:11:17.0578 1436 ================ Scan services ============================= 18:11:17.0781 1436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:11:17.0781 1436 1394ohci - ok 18:11:17.0812 1436 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 18:11:17.0812 1436 Accelerometer - ok 18:11:17.0890 1436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:11:17.0906 1436 ACPI - ok 18:11:17.0968 1436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:11:17.0968 1436 AcpiPmi - ok 18:11:18.0030 1436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:11:18.0046 1436 adp94xx - ok 18:11:18.0108 1436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:11:18.0108 1436 adpahci - ok 18:11:18.0140 1436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:11:18.0155 1436 adpu320 - ok 18:11:18.0264 1436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:11:18.0264 1436 AeLookupSvc - ok 18:11:18.0389 1436 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 18:11:18.0389 1436 AESTFilters - ok 18:11:18.0467 1436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:11:18.0483 1436 AFD - ok 18:11:18.0545 1436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:11:18.0545 1436 agp440 - ok 18:11:18.0576 1436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:11:18.0576 1436 ALG - ok 18:11:18.0623 1436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:11:18.0623 1436 aliide - ok 18:11:18.0686 1436 [ 09FCD2C758F1AD3DF931AB9D944FE348 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:11:18.0686 1436 AMD External Events Utility - ok 18:11:18.0701 1436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:11:18.0701 1436 amdide - ok 18:11:18.0764 1436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:11:18.0764 1436 AmdK8 - ok 18:11:19.0029 1436 [ 2E76D0A912AB09CA5586AB23E466A25F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:11:19.0216 1436 amdkmdag - ok 18:11:19.0278 1436 [ DD3C0C1B62DA0736482501C4BCDCD1F8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:11:19.0278 1436 amdkmdap - ok 18:11:19.0356 1436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:11:19.0356 1436 AmdPPM - ok 18:11:19.0419 1436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:11:19.0434 1436 amdsata - ok 18:11:19.0497 1436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:11:19.0497 1436 amdsbs - ok 18:11:19.0528 1436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:11:19.0528 1436 amdxata - ok 18:11:19.0606 1436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:11:19.0606 1436 AppID - ok 18:11:19.0637 1436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:11:19.0653 1436 AppIDSvc - ok 18:11:19.0684 1436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:11:19.0700 1436 Appinfo - ok 18:11:19.0840 1436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:11:19.0840 1436 Apple Mobile Device - ok 18:11:19.0934 1436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:11:19.0934 1436 arc - ok 18:11:19.0965 1436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:11:19.0965 1436 arcsas - ok 18:11:20.0012 1436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:11:20.0012 1436 AsyncMac - ok 18:11:20.0058 1436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:11:20.0058 1436 atapi - ok 18:11:20.0199 1436 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:11:20.0308 1436 athr - ok 18:11:20.0402 1436 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 18:11:20.0402 1436 AtiHdmiService - ok 18:11:20.0464 1436 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys 18:11:20.0464 1436 AtiPcie - ok 18:11:20.0542 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:11:20.0558 1436 AudioEndpointBuilder - ok 18:11:20.0589 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:11:20.0589 1436 AudioSrv - ok 18:11:20.0667 1436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:11:20.0667 1436 AxInstSV - ok 18:11:20.0729 1436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:11:20.0745 1436 b06bdrv - ok 18:11:20.0807 1436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:11:20.0823 1436 b57nd60a - ok 18:11:20.0885 1436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:11:20.0885 1436 BDESVC - ok 18:11:20.0901 1436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:11:20.0901 1436 Beep - ok 18:11:21.0041 1436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:11:21.0072 1436 BFE - ok 18:11:21.0135 1436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:11:21.0166 1436 BITS - ok 18:11:21.0228 1436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:11:21.0228 1436 blbdrive - ok 18:11:21.0431 1436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:11:21.0447 1436 Bonjour Service - ok 18:11:21.0509 1436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:11:21.0509 1436 bowser - ok 18:11:21.0540 1436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:11:21.0540 1436 BrFiltLo - ok 18:11:21.0572 1436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:11:21.0572 1436 BrFiltUp - ok 18:11:21.0618 1436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:11:21.0618 1436 Browser - ok 18:11:21.0650 1436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:11:21.0665 1436 Brserid - ok 18:11:21.0681 1436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:11:21.0681 1436 BrSerWdm - ok 18:11:21.0712 1436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:11:21.0712 1436 BrUsbMdm - ok 18:11:21.0728 1436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:11:21.0728 1436 BrUsbSer - ok 18:11:21.0759 1436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:11:21.0759 1436 BTHMODEM - ok 18:11:21.0790 1436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:11:21.0806 1436 bthserv - ok 18:11:21.0837 1436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:11:21.0837 1436 cdfs - ok 18:11:21.0899 1436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:11:21.0915 1436 cdrom - ok 18:11:21.0962 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:11:21.0977 1436 CertPropSvc - ok 18:11:22.0055 1436 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 18:11:22.0071 1436 CinemaNow Service - ok 18:11:22.0133 1436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:11:22.0133 1436 circlass - ok 18:11:22.0180 1436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:11:22.0180 1436 CLFS - ok 18:11:22.0258 1436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:11:22.0258 1436 clr_optimization_v2.0.50727_32 - ok 18:11:22.0305 1436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:11:22.0305 1436 clr_optimization_v2.0.50727_64 - ok 18:11:22.0398 1436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:11:22.0398 1436 clr_optimization_v4.0.30319_32 - ok 18:11:22.0430 1436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:11:22.0430 1436 clr_optimization_v4.0.30319_64 - ok 18:11:22.0508 1436 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 18:11:22.0508 1436 clwvd - ok 18:11:22.0554 1436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:11:22.0554 1436 CmBatt - ok 18:11:22.0601 1436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:11:22.0601 1436 cmdide - ok 18:11:22.0648 1436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:11:22.0648 1436 CNG - ok 18:11:22.0726 1436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:11:22.0726 1436 Compbatt - ok 18:11:22.0773 1436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:11:22.0788 1436 CompositeBus - ok 18:11:22.0804 1436 COMSysApp - ok 18:11:22.0851 1436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:11:22.0851 1436 crcdisk - ok 18:11:22.0913 1436 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:11:22.0913 1436 CryptSvc - ok 18:11:22.0976 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:11:22.0991 1436 DcomLaunch - ok 18:11:23.0038 1436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:11:23.0038 1436 defragsvc - ok 18:11:23.0085 1436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:11:23.0085 1436 DfsC - ok 18:11:23.0147 1436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:11:23.0163 1436 Dhcp - ok 18:11:23.0194 1436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:11:23.0194 1436 discache - ok 18:11:23.0272 1436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:11:23.0272 1436 Disk - ok 18:11:23.0319 1436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:11:23.0334 1436 Dnscache - ok 18:11:23.0381 1436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:11:23.0381 1436 dot3svc - ok 18:11:23.0428 1436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:11:23.0428 1436 DPS - ok 18:11:23.0506 1436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:11:23.0506 1436 drmkaud - ok 18:11:23.0568 1436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:11:23.0584 1436 DXGKrnl - ok 18:11:23.0646 1436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:11:23.0646 1436 EapHost - ok 18:11:23.0756 1436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:11:23.0849 1436 ebdrv - ok 18:11:23.0880 1436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:11:23.0880 1436 EFS - ok 18:11:23.0958 1436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:11:23.0974 1436 ehRecvr - ok 18:11:24.0021 1436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:11:24.0021 1436 ehSched - ok 18:11:24.0083 1436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:11:24.0099 1436 elxstor - ok 18:11:24.0130 1436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:11:24.0130 1436 ErrDev - ok 18:11:24.0224 1436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:11:24.0224 1436 EventSystem - ok 18:11:24.0255 1436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:11:24.0255 1436 exfat - ok 18:11:24.0286 1436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:11:24.0286 1436 fastfat - ok 18:11:24.0364 1436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:11:24.0395 1436 Fax - ok 18:11:24.0411 1436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:11:24.0411 1436 fdc - ok 18:11:24.0473 1436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:11:24.0489 1436 fdPHost - ok 18:11:24.0536 1436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:11:24.0536 1436 FDResPub - ok 18:11:24.0551 1436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:11:24.0551 1436 FileInfo - ok 18:11:24.0582 1436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:11:24.0582 1436 Filetrace - ok 18:11:24.0598 1436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:11:24.0598 1436 flpydisk - ok 18:11:24.0660 1436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:11:24.0676 1436 FltMgr - ok 18:11:24.0738 1436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:11:24.0770 1436 FontCache - ok 18:11:24.0848 1436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:11:24.0848 1436 FontCache3.0.0.0 - ok 18:11:24.0879 1436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:11:24.0879 1436 FsDepends - ok 18:11:24.0910 1436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:11:24.0910 1436 Fs_Rec - ok 18:11:24.0988 1436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:11:24.0988 1436 fvevol - ok 18:11:25.0035 1436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:11:25.0050 1436 gagp30kx - ok 18:11:25.0128 1436 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 18:11:25.0128 1436 GameConsoleService - ok 18:11:25.0206 1436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:11:25.0206 1436 GEARAspiWDM - ok 18:11:25.0269 1436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:11:25.0300 1436 gpsvc - ok 18:11:25.0331 1436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:11:25.0331 1436 hcw85cir - ok 18:11:25.0409 1436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:11:25.0409 1436 HdAudAddService - ok 18:11:25.0472 1436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:11:25.0472 1436 HDAudBus - ok 18:11:25.0487 1436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:11:25.0487 1436 HidBatt - ok 18:11:25.0518 1436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:11:25.0518 1436 HidBth - ok 18:11:25.0534 1436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:11:25.0534 1436 HidIr - ok 18:11:25.0565 1436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:11:25.0565 1436 hidserv - ok 18:11:25.0643 1436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:11:25.0643 1436 HidUsb - ok 18:11:25.0690 1436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:11:25.0690 1436 hkmsvc - ok 18:11:25.0737 1436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:11:25.0752 1436 HomeGroupListener - ok 18:11:25.0784 1436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:11:25.0799 1436 HomeGroupProvider - ok 18:11:25.0924 1436 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:11:25.0924 1436 HP Support Assistant Service - ok 18:11:26.0018 1436 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 18:11:26.0018 1436 HP Wireless Assistant Service - ok 18:11:26.0142 1436 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:11:26.0142 1436 HPDrvMntSvc.exe - ok 18:11:26.0174 1436 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 18:11:26.0174 1436 hpdskflt - ok 18:11:26.0220 1436 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 18:11:26.0236 1436 hpqwmiex - ok 18:11:26.0330 1436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:11:26.0345 1436 HpSAMD - ok 18:11:26.0439 1436 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 18:11:26.0439 1436 hpsrv - ok 18:11:26.0610 1436 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 18:11:26.0610 1436 HPWMISVC - ok 18:11:26.0704 1436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:11:26.0720 1436 HTTP - ok 18:11:26.0766 1436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:11:26.0766 1436 hwpolicy - ok 18:11:26.0813 1436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:11:26.0829 1436 i8042prt - ok 18:11:26.0876 1436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:11:26.0891 1436 iaStorV - ok 18:11:26.0954 1436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:11:26.0985 1436 idsvc - ok 18:11:27.0188 1436 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:11:27.0312 1436 igfx - ok 18:11:27.0375 1436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:11:27.0375 1436 iirsp - ok 18:11:27.0437 1436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:11:27.0468 1436 IKEEXT - ok 18:11:27.0484 1436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:11:27.0484 1436 intelide - ok 18:11:27.0562 1436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:11:27.0562 1436 intelppm - ok 18:11:27.0687 1436 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 18:11:27.0687 1436 IntuitUpdateServiceV4 - ok 18:11:27.0734 1436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:11:27.0734 1436 IPBusEnum - ok 18:11:27.0780 1436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:11:27.0780 1436 IpFilterDriver - ok 18:11:27.0843 1436 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:11:27.0858 1436 iphlpsvc - ok 18:11:27.0890 1436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:11:27.0890 1436 IPMIDRV - ok 18:11:27.0921 1436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:11:27.0921 1436 IPNAT - ok 18:11:28.0030 1436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:11:28.0046 1436 iPod Service - ok 18:11:28.0092 1436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:11:28.0092 1436 IRENUM - ok 18:11:28.0155 1436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:11:28.0155 1436 isapnp - ok 18:11:28.0202 1436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:11:28.0217 1436 iScsiPrt - ok 18:11:28.0248 1436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:11:28.0264 1436 kbdclass - ok 18:11:28.0311 1436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:11:28.0311 1436 kbdhid - ok 18:11:28.0326 1436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:11:28.0326 1436 KeyIso - ok 18:11:28.0373 1436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:11:28.0373 1436 KSecDD - ok 18:11:28.0404 1436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:11:28.0420 1436 KSecPkg - ok 18:11:28.0451 1436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:11:28.0451 1436 ksthunk - ok 18:11:28.0514 1436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:11:28.0514 1436 KtmRm - ok 18:11:28.0607 1436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:11:28.0623 1436 LanmanServer - ok 18:11:28.0685 1436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:11:28.0685 1436 LanmanWorkstation - ok 18:11:28.0763 1436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:11:28.0763 1436 lltdio - ok 18:11:28.0794 1436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:11:28.0810 1436 lltdsvc - ok 18:11:28.0857 1436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:11:28.0857 1436 lmhosts - ok 18:11:28.0966 1436 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe 18:11:28.0966 1436 LMIGuardianSvc - ok 18:11:29.0028 1436 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 18:11:29.0028 1436 LMIInfo - ok 18:11:29.0044 1436 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe 18:11:29.0044 1436 LMIMaint - ok 18:11:29.0091 1436 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 18:11:29.0106 1436 lmimirr - ok 18:11:29.0123 1436 LMIRfsClientNP - ok 18:11:29.0154 1436 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 18:11:29.0154 1436 LMIRfsDriver - ok 18:11:29.0201 1436 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe 18:11:29.0217 1436 LogMeIn - ok 18:11:29.0295 1436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:11:29.0295 1436 LSI_FC - ok 18:11:29.0326 1436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:11:29.0326 1436 LSI_SAS - ok 18:11:29.0357 1436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:11:29.0357 1436 LSI_SAS2 - ok 18:11:29.0388 1436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:11:29.0388 1436 LSI_SCSI - ok 18:11:29.0497 1436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:11:29.0497 1436 luafv - ok 18:11:29.0575 1436 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:11:29.0575 1436 MBAMProtector - ok 18:11:29.0685 1436 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:11:29.0685 1436 MBAMScheduler - ok 18:11:29.0716 1436 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:11:29.0731 1436 MBAMService - ok 18:11:29.0809 1436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:11:29.0809 1436 Mcx2Svc - ok 18:11:29.0841 1436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:11:29.0841 1436 megasas - ok 18:11:29.0872 1436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:11:29.0887 1436 MegaSR - ok 18:11:29.0919 1436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:11:29.0919 1436 MMCSS - ok 18:11:29.0934 1436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:11:29.0950 1436 Modem - ok 18:11:29.0997 1436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:11:29.0997 1436 monitor - ok 18:11:30.0059 1436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:11:30.0059 1436 mouclass - ok 18:11:30.0106 1436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:11:30.0106 1436 mouhid - ok 18:11:30.0153 1436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:11:30.0153 1436 mountmgr - ok 18:11:30.0293 1436 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:11:30.0293 1436 MozillaMaintenance - ok 18:11:30.0340 1436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:11:30.0340 1436 mpio - ok 18:11:30.0387 1436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:11:30.0387 1436 mpsdrv - ok 18:11:30.0449 1436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:11:30.0480 1436 MpsSvc - ok 18:11:30.0543 1436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:11:30.0543 1436 MRxDAV - ok 18:11:30.0605 1436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:11:30.0605 1436 mrxsmb - ok 18:11:30.0652 1436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:11:30.0667 1436 mrxsmb10 - ok 18:11:30.0699 1436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:11:30.0699 1436 mrxsmb20 - ok 18:11:30.0745 1436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:11:30.0745 1436 msahci - ok 18:11:30.0777 1436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:11:30.0777 1436 msdsm - ok 18:11:30.0792 1436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:11:30.0808 1436 MSDTC - ok 18:11:30.0855 1436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:11:30.0870 1436 Msfs - ok 18:11:30.0886 1436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:11:30.0886 1436 mshidkmdf - ok 18:11:30.0933 1436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:11:30.0933 1436 msisadrv - ok 18:11:30.0964 1436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:11:30.0964 1436 MSiSCSI - ok 18:11:30.0979 1436 msiserver - ok 18:11:31.0011 1436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:11:31.0011 1436 MSKSSRV - ok 18:11:31.0042 1436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:11:31.0042 1436 MSPCLOCK - ok 18:11:31.0057 1436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:11:31.0057 1436 MSPQM - ok 18:11:31.0120 1436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:11:31.0120 1436 MsRPC - ok 18:11:31.0167 1436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:11:31.0167 1436 mssmbios - ok 18:11:31.0182 1436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:11:31.0198 1436 MSTEE - ok 18:11:31.0213 1436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:11:31.0213 1436 MTConfig - ok 18:11:31.0260 1436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:11:31.0260 1436 Mup - ok 18:11:31.0323 1436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:11:31.0338 1436 napagent - ok 18:11:31.0385 1436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:11:31.0401 1436 NativeWifiP - ok 18:11:31.0463 1436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:11:31.0510 1436 NDIS - ok 18:11:31.0588 1436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:11:31.0588 1436 NdisCap - ok 18:11:31.0635 1436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:11:31.0635 1436 NdisTapi - ok 18:11:31.0775 1436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:11:31.0775 1436 Ndisuio - ok 18:11:31.0947 1436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:11:31.0947 1436 NdisWan - ok 18:11:32.0040 1436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:11:32.0056 1436 NDProxy - ok 18:11:32.0212 1436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:11:32.0212 1436 NetBIOS - ok 18:11:32.0383 1436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:11:32.0399 1436 NetBT - ok 18:11:32.0430 1436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:11:32.0446 1436 Netlogon - ok 18:11:32.0758 1436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:11:32.0758 1436 Netman - ok 18:11:32.0945 1436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:11:32.0961 1436 netprofm - ok 18:11:33.0023 1436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:11:33.0023 1436 NetTcpPortSharing - ok 18:11:33.0226 1436 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 18:11:33.0366 1436 netw5v64 - ok 18:11:33.0413 1436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:11:33.0429 1436 nfrd960 - ok 18:11:33.0491 1436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:11:33.0491 1436 NlaSvc - ok 18:11:33.0522 1436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:11:33.0522 1436 Npfs - ok 18:11:33.0553 1436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:11:33.0553 1436 nsi - ok 18:11:33.0585 1436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:11:33.0585 1436 nsiproxy - ok 18:11:33.0678 1436 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:11:33.0741 1436 Ntfs - ok 18:11:33.0787 1436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:11:33.0787 1436 Null - ok 18:11:33.0819 1436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:11:33.0834 1436 nvraid - ok 18:11:33.0850 1436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:11:33.0865 1436 nvstor - ok 18:11:33.0881 1436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:11:33.0881 1436 nv_agp - ok 18:11:33.0928 1436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:11:33.0928 1436 ohci1394 - ok 18:11:34.0021 1436 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:11:34.0037 1436 ose - ok 18:11:34.0255 1436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:11:34.0380 1436 osppsvc - ok 18:11:34.0443 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:11:34.0458 1436 p2pimsvc - ok 18:11:34.0505 1436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:11:34.0505 1436 p2psvc - ok 18:11:34.0536 1436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:11:34.0536 1436 Parport - ok 18:11:34.0583 1436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:11:34.0583 1436 partmgr - ok 18:11:34.0614 1436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:11:34.0614 1436 PcaSvc - ok 18:11:34.0661 1436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:11:34.0661 1436 pci - ok 18:11:34.0708 1436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:11:34.0708 1436 pciide - ok 18:11:34.0755 1436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:11:34.0755 1436 pcmcia - ok 18:11:34.0786 1436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:11:34.0786 1436 pcw - ok 18:11:34.0833 1436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:11:34.0848 1436 PEAUTH - ok 18:11:34.0942 1436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:11:34.0942 1436 PerfHost - ok 18:11:35.0035 1436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:11:35.0082 1436 pla - ok 18:11:35.0160 1436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:11:35.0176 1436 PlugPlay - ok 18:11:35.0191 1436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:11:35.0191 1436 PNRPAutoReg - ok 18:11:35.0207 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:11:35.0223 1436 PNRPsvc - ok 18:11:35.0269 1436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:11:35.0285 1436 PolicyAgent - ok 18:11:35.0332 1436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:11:35.0332 1436 Power - ok 18:11:35.0363 1436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:11:35.0379 1436 PptpMiniport - ok 18:11:35.0394 1436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:11:35.0394 1436 Processor - ok 18:11:35.0441 1436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:11:35.0441 1436 ProfSvc - ok 18:11:35.0457 1436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:11:35.0457 1436 ProtectedStorage - ok 18:11:35.0535 1436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:11:35.0535 1436 Psched - ok 18:11:35.0613 1436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:11:35.0675 1436 ql2300 - ok 18:11:35.0706 1436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:11:35.0706 1436 ql40xx - ok 18:11:35.0737 1436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:11:35.0753 1436 QWAVE - ok 18:11:35.0769 1436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:11:35.0784 1436 QWAVEdrv - ok 18:11:35.0800 1436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:11:35.0800 1436 RasAcd - ok 18:11:35.0831 1436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:11:35.0847 1436 RasAgileVpn - ok 18:11:35.0862 1436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:11:35.0862 1436 RasAuto - ok 18:11:35.0909 1436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:11:35.0925 1436 Rasl2tp - ok 18:11:35.0971 1436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:11:35.0971 1436 RasMan - ok 18:11:36.0018 1436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:11:36.0018 1436 RasPppoe - ok 18:11:36.0065 1436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:11:36.0065 1436 RasSstp - ok 18:11:36.0112 1436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:11:36.0127 1436 rdbss - ok 18:11:36.0143 1436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:11:36.0143 1436 rdpbus - ok 18:11:36.0159 1436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:11:36.0159 1436 RDPCDD - ok 18:11:36.0174 1436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:11:36.0174 1436 RDPENCDD - ok 18:11:36.0190 1436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:11:36.0205 1436 RDPREFMP - ok 18:11:36.0237 1436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:11:36.0237 1436 RDPWD - ok 18:11:36.0299 1436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:11:36.0315 1436 rdyboost - ok 18:11:36.0346 1436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:11:36.0346 1436 RemoteAccess - ok 18:11:36.0377 1436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:11:36.0377 1436 RemoteRegistry - ok 18:11:36.0408 1436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:11:36.0408 1436 RpcEptMapper - ok 18:11:36.0455 1436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:11:36.0455 1436 RpcLocator - ok 18:11:36.0533 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:11:36.0533 1436 RpcSs - ok 18:11:36.0658 1436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:11:36.0689 1436 rspndr - ok 18:11:36.0939 1436 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 18:11:36.0939 1436 RSUSBSTOR - ok 18:11:37.0001 1436 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:11:37.0017 1436 RTL8167 - ok 18:11:37.0032 1436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:11:37.0032 1436 SamSs - ok 18:11:37.0079 1436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:11:37.0079 1436 sbp2port - ok 18:11:37.0126 1436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:11:37.0126 1436 SCardSvr - ok 18:11:37.0157 1436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:11:37.0157 1436 scfilter - ok 18:11:37.0235 1436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:11:37.0266 1436 Schedule - ok 18:11:37.0313 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:11:37.0313 1436 SCPolicySvc - ok 18:11:37.0375 1436 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 18:11:37.0391 1436 sdbus - ok 18:11:37.0438 1436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:11:37.0453 1436 SDRSVC - ok 18:11:37.0469 1436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:11:37.0469 1436 secdrv - ok 18:11:37.0516 1436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:11:37.0516 1436 seclogon - ok 18:11:37.0578 1436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:11:37.0578 1436 SENS - ok 18:11:37.0641 1436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:11:37.0641 1436 SensrSvc - ok 18:11:37.0656 1436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:11:37.0656 1436 Serenum - ok 18:11:37.0687 1436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:11:37.0687 1436 Serial - ok 18:11:37.0734 1436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:11:37.0750 1436 sermouse - ok 18:11:37.0812 1436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:11:37.0812 1436 SessionEnv - ok 18:11:37.0843 1436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:11:37.0859 1436 sffdisk - ok 18:11:37.0875 1436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:11:37.0875 1436 sffp_mmc - ok 18:11:37.0890 1436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:11:37.0890 1436 sffp_sd - ok 18:11:37.0906 1436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:11:37.0906 1436 sfloppy - ok 18:11:37.0937 1436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:11:37.0953 1436 SharedAccess - ok 18:11:37.0999 1436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:11:37.0999 1436 ShellHWDetection - ok 18:11:38.0046 1436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:11:38.0062 1436 SiSRaid2 - ok 18:11:38.0093 1436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:11:38.0093 1436 SiSRaid4 - ok 18:11:38.0140 1436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:11:38.0140 1436 Smb - ok 18:11:38.0187 1436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:11:38.0187 1436 SNMPTRAP - ok 18:11:38.0202 1436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:11:38.0202 1436 spldr - ok 18:11:38.0249 1436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:11:38.0265 1436 Spooler - ok 18:11:38.0405 1436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:11:38.0514 1436 sppsvc - ok 18:11:38.0561 1436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:11:38.0561 1436 sppuinotify - ok 18:11:38.0608 1436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:11:38.0608 1436 srv - ok 18:11:38.0670 1436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:11:38.0686 1436 srv2 - ok 18:11:38.0748 1436 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 18:11:38.0748 1436 SrvHsfHDA - ok 18:11:38.0811 1436 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 18:11:38.0857 1436 SrvHsfV92 - ok 18:11:38.0889 1436 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 18:11:38.0904 1436 SrvHsfWinac - ok 18:11:38.0935 1436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:11:38.0935 1436 srvnet - ok 18:11:38.0998 1436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:11:38.0998 1436 SSDPSRV - ok 18:11:39.0013 1436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:11:39.0013 1436 SstpSvc - ok 18:11:39.0107 1436 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 18:11:39.0123 1436 STacSV - ok 18:11:39.0138 1436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:11:39.0138 1436 stexstor - ok 18:11:39.0216 1436 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 18:11:39.0232 1436 STHDA - ok 18:11:39.0294 1436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:11:39.0310 1436 stisvc - ok 18:11:39.0357 1436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:11:39.0357 1436 swenum - ok 18:11:39.0403 1436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:11:39.0419 1436 swprv - ok 18:11:39.0528 1436 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:11:39.0544 1436 SynTP - ok 18:11:39.0622 1436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:11:39.0684 1436 SysMain - ok 18:11:39.0731 1436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:11:39.0731 1436 TabletInputService - ok 18:11:39.0778 1436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:11:39.0793 1436 TapiSrv - ok 18:11:39.0825 1436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:11:39.0840 1436 TBS - ok 18:11:39.0918 1436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:11:39.0965 1436 Tcpip - ok 18:11:40.0043 1436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:11:40.0074 1436 TCPIP6 - ok 18:11:40.0121 1436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:11:40.0121 1436 tcpipreg - ok 18:11:40.0152 1436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:11:40.0152 1436 TDPIPE - ok 18:11:40.0199 1436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:11:40.0199 1436 TDTCP - ok 18:11:40.0246 1436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:11:40.0246 1436 tdx - ok 18:11:40.0261 1436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:11:40.0261 1436 TermDD - ok 18:11:40.0308 1436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:11:40.0355 1436 TermService - ok 18:11:40.0386 1436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:11:40.0386 1436 Themes - ok 18:11:40.0402 1436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:11:40.0402 1436 THREADORDER - ok 18:11:40.0433 1436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:11:40.0433 1436 TrkWks - ok 18:11:40.0495 1436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:11:40.0495 1436 TrustedInstaller - ok 18:11:40.0558 1436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:11:40.0558 1436 tssecsrv - ok 18:11:40.0620 1436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:11:40.0620 1436 TsUsbFlt - ok 18:11:40.0698 1436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:11:40.0698 1436 tunnel - ok 18:11:40.0729 1436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:11:40.0729 1436 uagp35 - ok 18:11:40.0776 1436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:11:40.0776 1436 udfs - ok 18:11:40.0854 1436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:11:40.0870 1436 UI0Detect - ok 18:11:40.0885 1436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:11:40.0885 1436 uliagpkx - ok 18:11:40.0948 1436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:11:40.0948 1436 umbus - ok 18:11:41.0026 1436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:11:41.0026 1436 UmPass - ok 18:11:41.0041 1436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:11:41.0057 1436 upnphost - ok 18:11:41.0119 1436 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:11:41.0119 1436 USBAAPL64 - ok 18:11:41.0166 1436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:11:41.0166 1436 usbccgp - ok 18:11:41.0213 1436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:11:41.0213 1436 usbcir - ok 18:11:41.0260 1436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:11:41.0260 1436 usbehci - ok 18:11:41.0338 1436 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 18:11:41.0338 1436 usbfilter - ok 18:11:41.0385 1436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:11:41.0400 1436 usbhub - ok 18:11:41.0416 1436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:11:41.0416 1436 usbohci - ok 18:11:41.0463 1436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:11:41.0478 1436 usbprint - ok 18:11:41.0525 1436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:11:41.0525 1436 USBSTOR - ok 18:11:41.0556 1436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:11:41.0556 1436 usbuhci - ok 18:11:41.0619 1436 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:11:41.0619 1436 usbvideo - ok 18:11:41.0650 1436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:11:41.0650 1436 UxSms - ok 18:11:41.0665 1436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:11:41.0665 1436 VaultSvc - ok 18:11:41.0728 1436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:11:41.0743 1436 vdrvroot - ok 18:11:41.0790 1436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:11:41.0821 1436 vds - ok 18:11:41.0931 1436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:11:41.0946 1436 vga - ok 18:11:41.0993 1436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:11:42.0024 1436 VgaSave - ok 18:11:42.0102 1436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:11:42.0102 1436 vhdmp - ok 18:11:42.0149 1436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:11:42.0149 1436 viaide - ok 18:11:42.0196 1436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:11:42.0211 1436 volmgr - ok 18:11:42.0243 1436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:11:42.0258 1436 volmgrx - ok 18:11:42.0274 1436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:11:42.0289 1436 volsnap - ok 18:11:42.0336 1436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:11:42.0352 1436 vsmraid - ok 18:11:42.0430 1436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:11:42.0492 1436 VSS - ok 18:11:42.0539 1436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:11:42.0539 1436 vwifibus - ok 18:11:42.0586 1436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:11:42.0601 1436 vwififlt - ok 18:11:42.0664 1436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:11:42.0664 1436 vwifimp - ok 18:11:42.0711 1436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:11:42.0726 1436 W32Time - ok 18:11:42.0757 1436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:11:42.0773 1436 WacomPen - ok 18:11:42.0835 1436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:11:42.0835 1436 WANARP - ok 18:11:42.0867 1436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:11:42.0867 1436 Wanarpv6 - ok 18:11:42.0960 1436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:11:43.0007 1436 WatAdminSvc - ok 18:11:43.0085 1436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:11:43.0132 1436 wbengine - ok 18:11:43.0179 1436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:11:43.0179 1436 WbioSrvc - ok 18:11:43.0225 1436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:11:43.0241 1436 wcncsvc - ok 18:11:43.0257 1436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:11:43.0257 1436 WcsPlugInService - ok 18:11:43.0303 1436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:11:43.0303 1436 Wd - ok 18:11:43.0335 1436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:11:43.0350 1436 Wdf01000 - ok 18:11:43.0381 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:11:43.0397 1436 WdiServiceHost - ok 18:11:43.0397 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:11:43.0413 1436 WdiSystemHost - ok 18:11:43.0459 1436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:11:43.0459 1436 WebClient - ok 18:11:43.0491 1436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:11:43.0491 1436 Wecsvc - ok 18:11:43.0506 1436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:11:43.0522 1436 wercplsupport - ok 18:11:43.0537 1436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:11:43.0553 1436 WerSvc - ok 18:11:43.0615 1436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:11:43.0615 1436 WfpLwf - ok 18:11:43.0631 1436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:11:43.0631 1436 WIMMount - ok 18:11:43.0647 1436 WinDefend - ok 18:11:43.0662 1436 WinHttpAutoProxySvc - ok 18:11:43.0709 1436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:11:43.0709 1436 Winmgmt - ok 18:11:43.0818 1436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:11:43.0881 1436 WinRM - ok 18:11:43.0959 1436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:11:43.0959 1436 WinUsb - ok 18:11:44.0021 1436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:11:44.0068 1436 Wlansvc - ok 18:11:44.0193 1436 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:11:44.0255 1436 wlidsvc - ok 18:11:44.0302 1436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:11:44.0302 1436 WmiAcpi - ok 18:11:44.0349 1436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:11:44.0349 1436 wmiApSrv - ok 18:11:44.0395 1436 WMPNetworkSvc - ok 18:11:44.0427 1436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:11:44.0442 1436 WPCSvc - ok 18:11:44.0473 1436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:11:44.0489 1436 WPDBusEnum - ok 18:11:44.0520 1436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:11:44.0520 1436 ws2ifsl - ok 18:11:44.0536 1436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:11:44.0551 1436 wscsvc - ok 18:11:44.0551 1436 WSearch - ok 18:11:44.0692 1436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:11:44.0754 1436 wuauserv - ok 18:11:44.0770 1436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:11:44.0770 1436 WudfPf - ok 18:11:44.0817 1436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:11:44.0832 1436 WUDFRd - ok 18:11:44.0879 1436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:11:44.0879 1436 wudfsvc - ok 18:11:44.0926 1436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:11:44.0941 1436 WwanSvc - ok 18:11:45.0019 1436 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 18:11:45.0019 1436 yukonw7 - ok 18:11:45.0066 1436 ================ Scan global =============================== 18:11:45.0113 1436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:11:45.0160 1436 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 18:11:45.0175 1436 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 18:11:45.0207 1436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:11:45.0253 1436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:11:45.0253 1436 [Global] - ok 18:11:45.0253 1436 ================ Scan MBR ================================== 18:11:45.0269 1436 [ 35A4FA451025305A24E864AAA8E364C9 ] \Device\Harddisk0\DR0 18:11:45.0269 1436 Suspicious mbr (Forged): \Device\Harddisk0\DR0 18:11:45.0331 1436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 18:11:45.0331 1436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 18:11:46.0096 1436 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 18:11:46.0111 1436 \Device\Harddisk1\DR1 - ok 18:11:46.0127 1436 ================ Scan VBR ================================== 18:11:46.0127 1436 [ 16795E6681B3C0DBAC67CA2B76316316 ] \Device\Harddisk0\DR0\Partition1 18:11:46.0127 1436 \Device\Harddisk0\DR0\Partition1 - ok 18:11:46.0158 1436 [ 0A2DDA0C23F99C9D13F2F88F1B7B931E ] \Device\Harddisk0\DR0\Partition2 18:11:46.0158 1436 \Device\Harddisk0\DR0\Partition2 - ok 18:11:46.0189 1436 [ 3FFFABA10CF32E8846FBFDCFA1DCE3F9 ] \Device\Harddisk0\DR0\Partition3 18:11:46.0189 1436 \Device\Harddisk0\DR0\Partition3 - ok 18:11:46.0205 1436 [ 677FCD79C456EB44806EDEB52B4232EC ] \Device\Harddisk0\DR0\Partition4 18:11:46.0221 1436 \Device\Harddisk0\DR0\Partition4 - ok 18:11:46.0221 1436 [ 27389A4D29D8CE922F3E6FD194F65191 ] \Device\Harddisk1\DR1\Partition1 18:11:46.0221 1436 \Device\Harddisk1\DR1\Partition1 - ok 18:11:46.0221 1436 ============================================================ 18:11:46.0221 1436 Scan finished 18:11:46.0221 1436 ============================================================ 18:11:46.0252 3632 Detected object count: 1 18:11:46.0252 3632 Actual detected object count: 1 18:14:07.0463 3632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user 18:14:07.0463 3632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

OTL logfile created on: 11/7/2012 1:17:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Louis\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 64.46% Memory free 7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445.80 Gb Total Space | 284.14 Gb Free Space | 63.74% Space Free | Partition Type: NTFS Drive D: | 19.66 Gb Total Space | 2.86 Gb Free Space | 14.53% Space Free | Partition Type: NTFS Drive E: | 3.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32 Drive G: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32 Computer Name: LOUIS-HP | User Name: Louis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/07 01:11:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/01/03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/06/25 01:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe ========== Modules (No Company Name) ========== MOD - [2012/06/16 12:28:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/16 12:27:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/10 00:05:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/09 23:11:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 23:10:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 23:10:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/09 23:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/09 23:08:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/09 23:08:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/09 23:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/09 23:07:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/01/19 01:49:30 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/03/03 17:20:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/03/03 17:18:40 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/03/03 17:18:39 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/26 17:38:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/05 17:10:14 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2012/07/05 17:10:08 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/06/08 11:06:24 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/07/05 17:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2012/06/08 11:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2012/06/08 11:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/03 17:21:02 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011/03/03 17:21:00 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2011/03/03 17:20:54 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/03/03 17:20:54 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/03 17:18:40 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/13 16:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/06/25 01:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/05/06 08:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/06/08 11:06:24 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {292D83CF-023C-4955-9AAC-ADDC18D857C1} IE:64bit: - HKLM\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE:64bit: - HKLM\..\SearchScopes\{292D83CF-023C-4955-9AAC-ADDC18D857C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8 IE - HKLM\..\SearchScopes,DefaultScope = {292D83CF-023C-4955-9AAC-ADDC18D857C1} IE - HKLM\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\..\SearchScopes\{292D83CF-023C-4955-9AAC-ADDC18D857C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} IE - HKCU\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms} IE - HKCU\..\SearchScopes\{20E6ED86-99FB-4690-9C06-FA38A8AFA0CC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=626EB91B-77C4-4EF5-9EB9-8701B2347060&apn_sauid=3485AD60-83F5-4B50-9C30-C92462E8BD0E IE - HKCU\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1 FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=" FF - user.js..keyword.enabled: 1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:38:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 17:38:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:38:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 17:38:22 | 000,000,000 | ---D | M] [2010/12/27 02:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Extensions [2012/10/30 03:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions [2012/10/15 19:25:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/10/30 03:35:28 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com [2012/10/30 03:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/30 03:23:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/10/26 17:38:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/14 04:57:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/20 09:19:47 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml Hosts file not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4174BE0A-A7D0-4062-8AD1-A29666782BAF}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/09/29 11:55:44 | 000,000,052 | -H-- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{732724fd-100c-11e0-9e5a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{732724fd-100c-11e0-9e5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2007/11/06 18:28:04 | 001,176,561 | -H-- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/07 01:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe [2012/11/07 00:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/07 00:08:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/07 00:08:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/07 00:08:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/07 00:08:40 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/11/07 00:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/07 00:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/07 00:07:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/11/07 00:01:20 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Louis\Desktop\ComboFix.exe [2012/11/06 01:28:29 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{F6C2881A-472C-4315-934B-BFC7CFD5E37D} [2012/11/03 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{53AFA52D-E6D7-414B-8B58-172792755489} [2012/10/31 13:21:38 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Macromedia [2012/10/31 03:25:34 | 000,000,000 | ---D | C] -- C:\Users\Louis\Documents\My Curse [2012/10/31 03:24:56 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012/10/31 03:24:25 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Apps [2012/10/31 03:24:24 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Deployment [2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012/10/30 19:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012/10/30 03:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/10/30 03:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/10/30 03:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012/10/30 03:23:36 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/10/30 03:23:36 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/10/30 03:23:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/10/30 03:23:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/10/30 03:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/10/30 03:08:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2012/10/29 01:02:39 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Roaming\Malwarebytes [2012/10/29 01:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/29 01:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/29 01:02:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/10/29 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/26 17:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/19 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{B0E7EDFA-8D25-4F01-82D2-8CFD8C48A11C} [2012/10/19 01:44:46 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{D665F84E-08C6-4862-82FE-61ABD20CD259} [2012/10/10 01:19:27 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/10/10 01:19:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/10/10 01:19:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/10/10 01:19:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/10/10 01:19:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/10/10 01:19:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/10/10 01:19:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/10/10 01:19:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/10/10 01:19:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/10/10 01:19:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/10/10 01:19:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/10/10 01:19:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 01:19:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 01:19:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/10/10 01:19:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 01:19:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 01:19:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 01:19:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 01:19:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 01:19:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 01:19:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/10/10 01:19:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 01:19:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 01:19:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 01:19:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 01:19:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 01:19:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 01:19:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 01:19:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/10/10 01:19:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/10/10 01:19:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 01:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 01:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/10/10 01:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/10/10 01:19:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/10/10 01:19:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 01:19:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 01:19:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 01:19:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/10/10 01:19:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 01:19:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/10/10 01:19:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/10/10 01:18:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/10 01:18:16 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/10 01:18:14 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/10/09 21:56:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun [1 C:\Users\Louis\Documents\*.tmp files -> C:\Users\Louis\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/07 01:11:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe [2012/11/07 00:28:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/07 00:28:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/07 00:26:42 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/07 00:26:42 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/07 00:26:42 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/07 00:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/07 00:19:28 | 488,450,754 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/07 00:19:27 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012/11/07 00:01:28 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Louis\Desktop\ComboFix.exe [2012/11/03 22:50:19 | 000,000,024 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\mbam.context.scan [2012/10/31 13:16:19 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/31 13:16:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/31 13:12:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLouis.job [2012/10/31 03:24:56 | 000,000,318 | ---- | M] () -- C:\Users\Louis\Desktop\Curse Client.appref-ms [2012/10/30 19:35:14 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/10/30 03:22:42 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/10/30 03:22:42 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/10/30 03:22:42 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/10/30 03:22:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/10/30 03:22:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/10/29 01:02:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/26 22:50:02 | 000,002,048 | ---- | M] () -- C:\Users\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/24 13:47:02 | 000,007,168 | ---- | M] () -- C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/23 02:16:54 | 000,213,187 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg [2012/10/20 12:43:07 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/10/10 02:07:52 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [1 C:\Users\Louis\Documents\*.tmp files -> C:\Users\Louis\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/07 00:08:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/07 00:08:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/07 00:08:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/07 00:08:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/07 00:08:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/03 22:50:19 | 000,000,024 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\mbam.context.scan [2012/10/31 13:12:38 | 488,450,754 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/10/31 03:24:56 | 000,000,318 | ---- | C] () -- C:\Users\Louis\Desktop\Curse Client.appref-ms [2012/10/30 19:35:09 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/10/29 01:02:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/20 12:43:07 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/09/21 14:49:58 | 000,213,187 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg [2012/09/19 15:51:53 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI [2012/05/23 16:43:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/04/17 21:29:08 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/07/20 19:43:58 | 000,024,209 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\UserTile.png [2011/07/17 06:33:07 | 000,001,940 | ---- | C] () -- C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/03/29 00:18:20 | 000,001,854 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\GhostObjGAFix.xml [2011/03/03 17:21:15 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/29 20:24:29 | 000,007,168 | ---- | C] () -- C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/21 03:09:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/11/21 03:00:57 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010/11/21 03:00:57 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/10/06 15:33:13 | 000,001,024 | ---- | M] () -- C:\.rnd [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2012/11/07 00:19:27 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012/11/07 00:19:35 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report >
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 11/7/2012 1:17:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Louis\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 64.46% Memory free 7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445.80 Gb Total Space | 284.14 Gb Free Space | 63.74% Space Free | Partition Type: NTFS Drive D: | 19.66 Gb Total Space | 2.86 Gb Free Space | 14.53% Space Free | Partition Type: NTFS Drive E: | 3.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32 Drive G: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32 Computer Name: LOUIS-HP | User Name: Louis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{017DC992-1E01-4B20-A6E4-5A7C11B7EC82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0711DC59-D873-4041-8562-53632FC65A4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{074D1759-7202-48A1-841D-1AACDEAFA102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{147BC4F5-48F6-4263-8FE6-7EEF1BA0A7D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1C5D859A-8B93-42A3-97C4-1235CAE30A21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{28EDA110-95A9-48EB-927C-830FCADE8175}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{313A4857-D558-4E73-8BA0-0890EF418376}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{32D61884-A0DD-44B6-A0DC-FE26E74B6FD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34F26717-B593-49E0-B13B-2A239ED3656F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39D2FB1B-9328-4CE4-9648-074C1581B677}" = rport=10243 | protocol=6 | dir=out | app=system | "{3F7C0FB4-390A-4A20-91BF-2B83DE89BE6E}" = lport=10244 | protocol=6 | dir=in | app=system | "{5123830D-78DB-4AE9-B5D7-A866098F816F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51F4A67D-6CCF-4918-82FE-E457B88857B5}" = rport=445 | protocol=6 | dir=out | app=system | "{52A325D9-C6E4-472E-A29F-4B5AB4681722}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{566F1AE5-EBD3-4580-9035-E1F7A3AA1218}" = rport=137 | protocol=17 | dir=out | app=system | "{56F40FFF-FAAF-4C30-A13E-93097EA8D6D0}" = lport=2869 | protocol=6 | dir=in | app=system | "{5943E1E7-3D84-4526-AD4F-FF41B476AC12}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{5D7F5138-8FE8-40F4-8E2A-D8ABEF856980}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E140AC3-2E48-411C-908B-4DFBE4E76383}" = lport=2869 | protocol=6 | dir=in | app=system | "{6540AF16-D57F-4A6F-8872-2B3EF19DF2E1}" = lport=3390 | protocol=6 | dir=in | app=system | "{660D1CAA-3DB8-4050-AB20-8D292B47DC69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{66664D1A-A99B-417F-9490-8A1D8074FCA2}" = lport=139 | protocol=6 | dir=in | app=system | "{6871B833-A02B-4E4D-9102-C8A3EF5F9ED1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E4900A2-00C4-4BD8-AF90-860292E0CB0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{718A6631-632B-405C-AAB7-67FC579786D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{78EDFC03-A61B-41A2-A458-79222360B769}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78F798FB-69D3-49B7-82D2-A3D817833A20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7A41A0B2-960B-4FCD-8F15-1D8D1130CD91}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7C5DA828-C74C-41F5-8B95-303CDA11E140}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{7E15EE67-B803-4C53-8C32-FC5248508E21}" = lport=138 | protocol=17 | dir=in | app=system | "{84B74441-B429-428D-9AAD-25C8B60E6D9B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{8992BCE9-B170-44C7-85BE-BA2C2E360728}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C25DDF9-E9BC-4CA1-B5C5-777DA3CC8908}" = rport=139 | protocol=6 | dir=out | app=system | "{9E0706CB-2144-45F1-A4BD-138229B9BEBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A26005A6-0FCD-4FE4-A41C-163ECD8C2FFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8D7800F-E76B-4B9D-B648-BFF18C377C1F}" = lport=137 | protocol=17 | dir=in | app=system | "{AC04BB92-C131-4708-BB4A-3CA2BC51F75F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AE90F12C-96EB-49BA-A8CD-7CE6781BDB92}" = lport=10244 | protocol=6 | dir=in | app=system | "{B0C24DF9-BCBF-4647-8A3D-AD375F4C0D40}" = lport=10243 | protocol=6 | dir=in | app=system | "{B8B9AFD1-7BD6-430E-8C9E-03B080E0C467}" = lport=445 | protocol=6 | dir=in | app=system | "{B8ED9C5D-A40B-4501-A54C-9F1D85EC4854}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9361806-7975-4466-B7E7-2A8B0067F024}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B939F6F7-A316-4CBD-9C74-8163C7474D8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BC0301F7-9686-4C51-8A71-482202E9C89F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0B961EE-A836-483D-BE95-5A0E8192645B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D1A8AC01-C5EE-47C0-B303-2A4011B66BB8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{D6A7AB3A-B374-4481-8E8D-D4281F84E936}" = lport=2869 | protocol=6 | dir=in | app=system | "{D952D781-DF1F-43E5-9EB5-73ECBF10960A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{E139FC5B-07A1-4FA2-B414-7CE5019CE2F8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | "{E45222E0-16C9-4A99-8A63-26363860D06D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FB27A09F-D2CA-42FD-A596-1954CD29D786}" = lport=445 | protocol=6 | dir=in | app=system | "{FE2BB376-38D8-4475-834F-FFA4C4691701}" = rport=138 | protocol=17 | dir=out | app=system | "{FE59F810-5E2A-435C-88D7-4EF6F20DD7DC}" = lport=3390 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B01D2A-CEEB-4B2E-87A7-9B1685C1974C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A47B230-D6E6-4723-951C-31E195D4AAC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0AD14557-66F2-46CA-9465-A7CEE27395A1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{0ADCDD67-C44A-46C8-B56B-B66600CFBE2B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{13703457-9910-4CFB-A73A-825C638C1BA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{13AD54C1-BCEC-49CD-B2D7-7C7AA7DBB8CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{1561155B-0037-4700-8867-6953E721CCCF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{18A7B22B-D348-44ED-9993-4DD6C8D99808}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{1F987303-B0E6-4C45-88E1-F34769401296}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{237D6ED7-472B-41FF-BEEE-AB15B0F8E597}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{2A17F185-D980-4542-A325-B30A6339452B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2A56F978-E20F-4A7D-8F77-5D5BFFC35DCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3001E19E-1D7A-41F9-8015-71033E235F9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3277918D-48F1-41E7-8540-29BA528313DC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{3D5DD04C-036F-4E5F-8493-B755DDDC134B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3F29C488-4B59-446C-A0C7-1772F6541BE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{421235A6-03A0-4346-9104-1ABFD343BD44}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{43728195-5800-4EF1-AEF2-F97B066D080F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5301DF11-867C-4A4D-9871-442E019EB748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{57FB5B87-7426-4291-8608-9D7C9D448698}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{5D6A6B98-1F9A-4F9B-A0D8-221204A5F823}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5FCC2524-FFEE-4147-B84A-B3AE7617729C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{60A315AC-EE62-43E4-AEA0-E835C5B09395}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{62685AA2-136B-456A-9E52-1ED8187618EC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{67CE29DF-2E98-47AA-A2D6-1AF0A414099A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | "{6D45897D-AF40-4F91-A0D3-26532801C422}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7EB9E8C8-028C-45A3-8C96-1FB5877D6D71}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{8B506222-6E42-4EEA-98D4-D179A3D547EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8CD8D5DE-7FC8-4C96-B6F6-2278A873D87C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{8F618C08-0BE6-40C1-9E3C-CE29D3ACBFDB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{91FC623E-F5F6-462E-AA4B-6688E18785B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{94CFFA55-092D-4361-9AB5-470ABD9A5FD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{978C5423-CBD3-4ED7-A765-CF538C7F6675}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{99E24E69-EB42-40A2-82BE-C7B2C4611DFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9A209952-F339-477D-B00B-C1171F9AED69}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{9A4CC89C-F1D0-4FE2-9F6F-EBFA453818F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9A6C43AF-0F5E-41B4-B2C4-6F05A92B9F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A30F0D69-12F6-4309-8DC1-DA76EA61C633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A6BCC675-2899-4D02-82C4-CCB127C4C65B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AA8F5B20-138F-45C3-B799-495461F278BF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{AF128D1D-8EB7-48C9-B22A-D74432EFD2CE}" = protocol=6 | dir=out | app=system | "{B00148B3-83B5-45CC-BE6B-A62B1A0387B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{B04BFF3C-F46C-40E9-A0CB-D5A492650A57}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{B14D2AAC-695E-4F0C-8F4C-1847F1B512BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B639A1EF-18BF-4ABC-A6E4-92E5AC87F057}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{BB3E9EB7-956A-4C01-BBFF-E259BF8B3CA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BCD6745C-D6B5-4DB3-9622-94B455A87241}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BDC03E2A-337F-43C6-AD69-39807644E5FB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C3F4C5D3-1C3F-4A3B-9F87-9572BE59391A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | "{C5BE0AE7-AA65-4DAB-AE34-2ECE8C8DA5BB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{C69AD06F-999D-4724-A37F-3DA32D001F33}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C7755E37-B7C6-4654-B596-32E384C8CE71}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CAAE139C-815C-4D59-9544-D83586D2FC35}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{CD84EF7F-0ED4-43B9-B618-035D18E2CF30}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{D7959424-1533-410B-8651-4EFFF63A8D03}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{DA7BE0AC-7B22-4758-AEAF-C8A5D0C01A40}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{EA147B79-E41E-4638-8BA3-DD8E722BC236}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F09F92F1-A70F-4C80-8BC7-0BA5BF3AD40D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F2FFF278-64F5-45F4-AE9C-3EBD59C564E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F622007B-B1BB-4666-9F9F-AC3056943672}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F7E1E581-28AF-4FA8-8A29-CA85D80F82D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FB46CC9A-8304-44D6-8A37-D78FC6A29B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "TCP Query User{22BB9AD4-FE81-40E5-9A08-3E80DB0CAB4C}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe | "UDP Query User{0F0C251C-B0D7-464F-A1C8-63C1A0269937}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit) "{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager "{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard "{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64 "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F052922-4BCE-4763-A540-00857554336D}" = Redist "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean "{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard "{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37 "{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista "{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix "{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian "{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese "{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish "{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech "{E5AE53A7-1A79-4840-998F-A18042A2F568}" = HP Documentation "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "HP Photo Creations" = HP Photo Creations "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Smart File Advisor_is1" = Smart File Advisor 1.1.1 "TurboTax 2011" = TurboTax 2011 "Verizon Media Manager" = Verizon Media Manager "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "WT087328" = Blackhawk Striker 2 "WT087335" = Build-a-lot 2 "WT087342" = Dora's Carnival Adventure "WT087360" = Escape Rosecliff Island "WT087361" = FATE "WT087362" = Final Drive Nitro "WT087372" = Heroes of Hellas 2 - Olympia "WT087373" = Jewel Quest 3 "WT087379" = Jewel Quest Solitaire 2 "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087414" = Virtual Families "WT087415" = Wheel of Fortune 2 "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087513" = Virtual Villagers - The Secret City "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "101a9f93b8f0bb6f" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/17/2012 6:34:50 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/17/2012 6:34:58 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/17/2012 6:35:02 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/17/2012 6:36:03 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/18/2012 12:59:23 AM | Computer Name = Louis-HP | Source = Application Error | ID = 1000 Description = Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071 Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071 Exception code: 0xc0000409 Fault offset: 0x0000000000042936 Faulting process id: 0xfac Faulting application start time: 0x01ccd59de7910c97 Faulting application path: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe Faulting module path: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe Report Id: 2ff3c8b0-4191-11e1-ab12-c7a75fd6d4fd Error - 1/19/2012 12:18:26 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/19/2012 12:18:26 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/19/2012 3:46:48 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Application or service 'HPWMISVC' could not be restarted. Error - 1/19/2012 3:58:47 AM | Computer Name = Louis-HP | Source = Application Error | ID = 1000 Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4df6ef63 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4df6ef63 Exception code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x70c Faulting application start time: 0x01ccd67fe4bc447b Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe Report Id: 6a010efd-4273-11e1-b382-95bc88e849f4 Error - 1/19/2012 7:42:54 PM | Computer Name = Louis-HP | Source = Application Error | ID = 1000 Description = Faulting application name: firefox.exe, version: 1.9.2.4363, time stamp: 0x4ee68c41 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x7e0 Faulting application start time: 0x01ccd70152fe76ad Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: unknown Report Id: 4dfb8cfd-42f7-11e1-a232-a5453fefeaf1 [ Hewlett-Packard Events ] Error - 9/12/2012 3:40:47 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 9/25/2012 8:51:41 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 9/26/2012 12:01:46 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/26/2012 12:03:50 AM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() Error - 10/2/2012 8:54:43 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 10/9/2012 10:59:33 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() Error - 10/29/2012 4:27:43 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/30/2012 1:41:26 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/30/2012 2:04:39 AM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() Error - 10/30/2012 8:27:59 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() [ HP Wireless Assistant Events ] Error - 5/29/2012 4:31:30 AM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 5/29/2012 12:47:36 PM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 6/27/2012 1:16:48 PM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/1/2012 5:55:43 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 9/1/2012 5:55:56 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 10/6/2012 4:50:17 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = Lost connection to the service. Terminating! Error - 10/6/2012 7:17:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 10/6/2012 7:17:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 10/17/2012 10:55:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 10/17/2012 10:55:41 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... [ Media Center Events ] Error - 6/1/2012 4:17:38 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0 Description = 4:17:24 PM - Error connecting to the internet. 4:17:24 PM - Unable to contact server.. Error - 6/2/2012 1:31:26 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0 Description = 1:30:26 PM - Error connecting to the internet. 1:30:27 PM - Unable to contact server.. Error - 6/8/2012 12:39:17 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 538 Description = Error - 6/8/2012 12:53:08 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 538 Description = Error - 6/8/2012 1:10:19 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 701 Description = Error - 6/8/2012 1:10:19 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 700 Description = Error - 6/8/2012 1:12:18 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 701 Description = Error - 7/11/2012 5:20:12 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0 Description = 5:20:11 PM - Error connecting to the internet. 5:20:11 PM - Unable to contact server.. Error - 7/11/2012 6:21:03 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0 Description = 6:21:03 PM - Error connecting to the internet. 6:21:03 PM - Unable to contact server.. Error - 7/15/2012 1:46:33 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0 Description = 1:46:32 PM - Error connecting to the internet. 1:46:32 PM - Unable to contact server.. [ System Events ] Error - 11/7/2012 12:42:24 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 12:42:24 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:13:06 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:19:47 AM | Computer Name = Louis-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:16:00 AM on ?11/?7/?2012 was unexpected. Error - 11/7/2012 1:19:48 AM | Computer Name = LOUIS-HP | Source = BugCheck | ID = 1001 Description = Error - 11/7/2012 1:20:12 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:20:46 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:20:46 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:21:53 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/7/2012 1:21:53 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report >
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

Ok, so I ran the scan and got the logs. Not sure if this matters, but on the right side of the scanner where it said "file age" it was only selected at 30 days.Is that ok, or should I have had it scan files older than that? Anyways here are the logs I have so far,ill put them in two different posts
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

Ok so I disabled my firewall and malwarebytes and then downloaded and ran Combofix, it said it was scanning, then it completed stages 1,2, and 3 but then the blue screen came on. Usually when the blue screen comes up it immediately tries to restart itself but never does cause as I said it freezes on restart. Yet this time it froze up on the blue screen so I had to just hit the power button to turn it off. I didn't even try to download the tdskiller cause you said it would probably ask me to reboot and as I said, that wont happen. Not sure what to do now...
c:\Windows\svchost.exe can't restart computer

lman2 replied to lman2's topic in Resolved Malware Removal Logs

Thank you for your speedy reply. In your reply you said I may need to restart my computer, but as I said restarting my computer does no good. Whenever I have tried to fix it and a solution involved restarting it has never worked because it will freeze up on restart. Should I try anyway? As I said before I'm not exactly computer savy so please try to refrain from using terms I may not understand, the more basic the instruction the better. Also do you know about how long this process would take, id hate to start it and then have to cancel in the middle of it. Thanks again for your help. =D
c:\Windows\svchost.exe can't restart computer

lman2 posted a topic in Resolved Malware Removal Logs

For the past couple of months my laptop has been acting weird. Everytime I try to update my laptop it either won't allow me too saying the updates failed "code FFFFFFFE". I recently downloaded malwarebytes and when I run a scan it says it found two problems, those being the svchost.exe file. When I try to remove them it says my laptop needs to be restarted for it to remove them. Only problem is for the last couple of months whenever I have tried to restart my laptop it will shut itself down but on starting back up it freezes on the hp screen where it says press esc for more options. I cannot do anything once it freezes on that screen so I just turn the power off and turn it back on. Im no computer genius but I'm sure this is not a good thing. I don't know what to do. Almost every solution I have seen requires me to restart my computer but that is not an option since it always freezes when I try to restart. It also occasionally freezes once I login, as well as the occasional random blue screen. I'm sure that the svchost.exe file has something to do with it, but wouldn't be suprised if there was an other underlying issue. I have searched for help for months. Any advice? Thanks for taking the time to read this, any help would be greatly appreciated as I don't have enough money to replace this laptop.

Sign In

lman2

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by lman2

c:\Windows\svchost.exe can't restart computer

help please

Computer help

c:\Windows\svchost.exe can't restart computer

Computer help

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

c:\Windows\svchost.exe can't restart computer

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information