Jump to content

c:\Windows\svchost.exe can't restart computer


lman2

Recommended Posts

For the past couple of months my laptop has been acting weird. Everytime I try to update my laptop it either won't allow me too saying the updates failed "code FFFFFFFE". I recently downloaded malwarebytes and when I run a scan it says it found two problems, those being the svchost.exe file. When I try to remove them it says my laptop needs to be restarted for it to remove them. Only problem is for the last couple of months whenever I have tried to restart my laptop it will shut itself down but on starting back up it freezes on the hp screen where it says press esc for more options. I cannot do anything once it freezes on that screen so I just turn the power off and turn it back on. Im no computer genius but I'm sure this is not a good thing. I don't know what to do. Almost every solution I have seen requires me to restart my computer but that is not an option since it always freezes when I try to restart. It also occasionally freezes once I login, as well as the occasional random blue screen. I'm sure that the svchost.exe file has something to do with it, but wouldn't be suprised if there was an other underlying issue. I have searched for help for months. Any advice? Thanks for taking the time to read this, any help would be greatly appreciated as I don't have enough money to replace this laptop.

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

=====

Please post the contents of ComboFix.txt. and the log from TDSSKiller in your reply.

Link to post
Share on other sites

Thank you for your speedy reply. In your reply you said I may need to restart my computer, but as I said restarting my computer does no good. Whenever I have tried to fix it and a solution involved restarting it has never worked because it will freeze up on restart. Should I try anyway? As I said before I'm not exactly computer savy so please try to refrain from using terms I may not understand, the more basic the instruction the better. Also do you know about how long this process would take, id hate to start it and then have to cancel in the middle of it. Thanks again for your help. =D

Link to post
Share on other sites

Ok so I disabled my firewall and malwarebytes and then downloaded and ran Combofix, it said it was scanning, then it completed stages 1,2, and 3 but then the blue screen came on. Usually when the blue screen comes up it immediately tries to restart itself but never does cause as I said it freezes on restart. Yet this time it froze up on the blue screen so I had to just hit the power button to turn it off. I didn't even try to download the tdskiller cause you said it would probably ask me to reboot and as I said, that wont happen. Not sure what to do now...

Link to post
Share on other sites

Hello Iman2,

OK. Please try this instead.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Ok, so I ran the scan and got the logs. Not sure if this matters, but on the right side of the scanner where it said "file age" it was only selected at 30 days.Is that ok, or should I have had it scan files older than that? Anyways here are the logs I have so far,ill put them in two different posts

Link to post
Share on other sites

OTL Extras logfile created on: 11/7/2012 1:17:24 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Louis\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 64.46% Memory free

7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 445.80 Gb Total Space | 284.14 Gb Free Space | 63.74% Space Free | Partition Type: NTFS

Drive D: | 19.66 Gb Total Space | 2.86 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Drive E: | 3.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Drive G: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32

Computer Name: LOUIS-HP | User Name: Louis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{017DC992-1E01-4B20-A6E4-5A7C11B7EC82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0711DC59-D873-4041-8562-53632FC65A4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{074D1759-7202-48A1-841D-1AACDEAFA102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{147BC4F5-48F6-4263-8FE6-7EEF1BA0A7D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C5D859A-8B93-42A3-97C4-1235CAE30A21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{28EDA110-95A9-48EB-927C-830FCADE8175}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{313A4857-D558-4E73-8BA0-0890EF418376}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{32D61884-A0DD-44B6-A0DC-FE26E74B6FD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{34F26717-B593-49E0-B13B-2A239ED3656F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{39D2FB1B-9328-4CE4-9648-074C1581B677}" = rport=10243 | protocol=6 | dir=out | app=system |

"{3F7C0FB4-390A-4A20-91BF-2B83DE89BE6E}" = lport=10244 | protocol=6 | dir=in | app=system |

"{5123830D-78DB-4AE9-B5D7-A866098F816F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{51F4A67D-6CCF-4918-82FE-E457B88857B5}" = rport=445 | protocol=6 | dir=out | app=system |

"{52A325D9-C6E4-472E-A29F-4B5AB4681722}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{566F1AE5-EBD3-4580-9035-E1F7A3AA1218}" = rport=137 | protocol=17 | dir=out | app=system |

"{56F40FFF-FAAF-4C30-A13E-93097EA8D6D0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5943E1E7-3D84-4526-AD4F-FF41B476AC12}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{5D7F5138-8FE8-40F4-8E2A-D8ABEF856980}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5E140AC3-2E48-411C-908B-4DFBE4E76383}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6540AF16-D57F-4A6F-8872-2B3EF19DF2E1}" = lport=3390 | protocol=6 | dir=in | app=system |

"{660D1CAA-3DB8-4050-AB20-8D292B47DC69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{66664D1A-A99B-417F-9490-8A1D8074FCA2}" = lport=139 | protocol=6 | dir=in | app=system |

"{6871B833-A02B-4E4D-9102-C8A3EF5F9ED1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6E4900A2-00C4-4BD8-AF90-860292E0CB0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{718A6631-632B-405C-AAB7-67FC579786D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{78EDFC03-A61B-41A2-A458-79222360B769}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{78F798FB-69D3-49B7-82D2-A3D817833A20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7A41A0B2-960B-4FCD-8F15-1D8D1130CD91}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7C5DA828-C74C-41F5-8B95-303CDA11E140}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{7E15EE67-B803-4C53-8C32-FC5248508E21}" = lport=138 | protocol=17 | dir=in | app=system |

"{84B74441-B429-428D-9AAD-25C8B60E6D9B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{8992BCE9-B170-44C7-85BE-BA2C2E360728}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8C25DDF9-E9BC-4CA1-B5C5-777DA3CC8908}" = rport=139 | protocol=6 | dir=out | app=system |

"{9E0706CB-2144-45F1-A4BD-138229B9BEBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{A26005A6-0FCD-4FE4-A41C-163ECD8C2FFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A8D7800F-E76B-4B9D-B648-BFF18C377C1F}" = lport=137 | protocol=17 | dir=in | app=system |

"{AC04BB92-C131-4708-BB4A-3CA2BC51F75F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AE90F12C-96EB-49BA-A8CD-7CE6781BDB92}" = lport=10244 | protocol=6 | dir=in | app=system |

"{B0C24DF9-BCBF-4647-8A3D-AD375F4C0D40}" = lport=10243 | protocol=6 | dir=in | app=system |

"{B8B9AFD1-7BD6-430E-8C9E-03B080E0C467}" = lport=445 | protocol=6 | dir=in | app=system |

"{B8ED9C5D-A40B-4501-A54C-9F1D85EC4854}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B9361806-7975-4466-B7E7-2A8B0067F024}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B939F6F7-A316-4CBD-9C74-8163C7474D8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BC0301F7-9686-4C51-8A71-482202E9C89F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C0B961EE-A836-483D-BE95-5A0E8192645B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D1A8AC01-C5EE-47C0-B303-2A4011B66BB8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{D6A7AB3A-B374-4481-8E8D-D4281F84E936}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D952D781-DF1F-43E5-9EB5-73ECBF10960A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{E139FC5B-07A1-4FA2-B414-7CE5019CE2F8}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

"{E45222E0-16C9-4A99-8A63-26363860D06D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{FB27A09F-D2CA-42FD-A596-1954CD29D786}" = lport=445 | protocol=6 | dir=in | app=system |

"{FE2BB376-38D8-4475-834F-FFA4C4691701}" = rport=138 | protocol=17 | dir=out | app=system |

"{FE59F810-5E2A-435C-88D7-4EF6F20DD7DC}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04B01D2A-CEEB-4B2E-87A7-9B1685C1974C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0A47B230-D6E6-4723-951C-31E195D4AAC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{0AD14557-66F2-46CA-9465-A7CEE27395A1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{0ADCDD67-C44A-46C8-B56B-B66600CFBE2B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{13703457-9910-4CFB-A73A-825C638C1BA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{13AD54C1-BCEC-49CD-B2D7-7C7AA7DBB8CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{1561155B-0037-4700-8867-6953E721CCCF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{18A7B22B-D348-44ED-9993-4DD6C8D99808}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{1F987303-B0E6-4C45-88E1-F34769401296}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{237D6ED7-472B-41FF-BEEE-AB15B0F8E597}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{2A17F185-D980-4542-A325-B30A6339452B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2A56F978-E20F-4A7D-8F77-5D5BFFC35DCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3001E19E-1D7A-41F9-8015-71033E235F9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3277918D-48F1-41E7-8540-29BA528313DC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |

"{3D5DD04C-036F-4E5F-8493-B755DDDC134B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{3F29C488-4B59-446C-A0C7-1772F6541BE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{421235A6-03A0-4346-9104-1ABFD343BD44}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{43728195-5800-4EF1-AEF2-F97B066D080F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5301DF11-867C-4A4D-9871-442E019EB748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{57FB5B87-7426-4291-8608-9D7C9D448698}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{5D6A6B98-1F9A-4F9B-A0D8-221204A5F823}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5FCC2524-FFEE-4147-B84A-B3AE7617729C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{60A315AC-EE62-43E4-AEA0-E835C5B09395}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{62685AA2-136B-456A-9E52-1ED8187618EC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{67CE29DF-2E98-47AA-A2D6-1AF0A414099A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |

"{6D45897D-AF40-4F91-A0D3-26532801C422}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7EB9E8C8-028C-45A3-8C96-1FB5877D6D71}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{8B506222-6E42-4EEA-98D4-D179A3D547EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8CD8D5DE-7FC8-4C96-B6F6-2278A873D87C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |

"{8F618C08-0BE6-40C1-9E3C-CE29D3ACBFDB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{91FC623E-F5F6-462E-AA4B-6688E18785B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{94CFFA55-092D-4361-9AB5-470ABD9A5FD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{978C5423-CBD3-4ED7-A765-CF538C7F6675}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{99E24E69-EB42-40A2-82BE-C7B2C4611DFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9A209952-F339-477D-B00B-C1171F9AED69}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{9A4CC89C-F1D0-4FE2-9F6F-EBFA453818F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{9A6C43AF-0F5E-41B4-B2C4-6F05A92B9F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A30F0D69-12F6-4309-8DC1-DA76EA61C633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A6BCC675-2899-4D02-82C4-CCB127C4C65B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AA8F5B20-138F-45C3-B799-495461F278BF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{AF128D1D-8EB7-48C9-B22A-D74432EFD2CE}" = protocol=6 | dir=out | app=system |

"{B00148B3-83B5-45CC-BE6B-A62B1A0387B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{B04BFF3C-F46C-40E9-A0CB-D5A492650A57}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{B14D2AAC-695E-4F0C-8F4C-1847F1B512BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B639A1EF-18BF-4ABC-A6E4-92E5AC87F057}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{BB3E9EB7-956A-4C01-BBFF-E259BF8B3CA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BCD6745C-D6B5-4DB3-9622-94B455A87241}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{BDC03E2A-337F-43C6-AD69-39807644E5FB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{C3F4C5D3-1C3F-4A3B-9F87-9572BE59391A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |

"{C5BE0AE7-AA65-4DAB-AE34-2ECE8C8DA5BB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{C69AD06F-999D-4724-A37F-3DA32D001F33}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{C7755E37-B7C6-4654-B596-32E384C8CE71}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{CAAE139C-815C-4D59-9544-D83586D2FC35}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{CD84EF7F-0ED4-43B9-B618-035D18E2CF30}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{D7959424-1533-410B-8651-4EFFF63A8D03}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{DA7BE0AC-7B22-4758-AEAF-C8A5D0C01A40}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{EA147B79-E41E-4638-8BA3-DD8E722BC236}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{F09F92F1-A70F-4C80-8BC7-0BA5BF3AD40D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F2FFF278-64F5-45F4-AE9C-3EBD59C564E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F622007B-B1BB-4666-9F9F-AC3056943672}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{F7E1E581-28AF-4FA8-8A29-CA85D80F82D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FB46CC9A-8304-44D6-8A37-D78FC6A29B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"TCP Query User{22BB9AD4-FE81-40E5-9A08-3E80DB0CAB4C}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe |

"UDP Query User{0F0C251C-B0D7-464F-A1C8-63C1A0269937}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager

"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard

"{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64

"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F052922-4BCE-4763-A540-00857554336D}" = Redist

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean

"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard

"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn

"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37

"{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding

"{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista

"{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix

"{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian

"{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese

"{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish

"{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech

"{E5AE53A7-1A79-4840-998F-A18042A2F568}" = HP Documentation

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"My HP Game Console" = HP Game Console

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Smart File Advisor_is1" = Smart File Advisor 1.1.1

"TurboTax 2011" = TurboTax 2011

"Verizon Media Manager" = Verizon Media Manager

"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"WT087328" = Blackhawk Striker 2

"WT087335" = Build-a-lot 2

"WT087342" = Dora's Carnival Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087373" = Jewel Quest 3

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087513" = Virtual Villagers - The Secret City

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

"101a9f93b8f0bb6f" = Curse Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/17/2012 6:34:50 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/17/2012 6:34:58 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/17/2012 6:35:02 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/17/2012 6:36:03 PM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/18/2012 12:59:23 AM | Computer Name = Louis-HP | Source = Application Error | ID = 1000

Description = Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time

stamp: 0x4c056071 Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time

stamp: 0x4c056071 Exception code: 0xc0000409 Fault offset: 0x0000000000042936 Faulting

process id: 0xfac Faulting application start time: 0x01ccd59de7910c97 Faulting application

path: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe Faulting

module path: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

Report

Id: 2ff3c8b0-4191-11e1-ab12-c7a75fd6d4fd

Error - 1/19/2012 12:18:26 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/19/2012 12:18:26 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 1/19/2012 3:46:48 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-RestartManager | ID = 10007

Description = Application or service 'HPWMISVC' could not be restarted.

Error - 1/19/2012 3:58:47 AM | Computer Name = Louis-HP | Source = Application Error | ID = 1000

Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:

0x4df6ef63 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4df6ef63

Exception

code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x70c Faulting application

start time: 0x01ccd67fe4bc447b Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP

Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP

Quick Launch\HPWMISVC.exe Report Id: 6a010efd-4273-11e1-b382-95bc88e849f4

Error - 1/19/2012 7:42:54 PM | Computer Name = Louis-HP | Source = Application Error | ID = 1000

Description = Faulting application name: firefox.exe, version: 1.9.2.4363, time

stamp: 0x4ee68c41 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x7e0 Faulting application

start time: 0x01ccd70152fe76ad Faulting application path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Faulting module path: unknown Report Id: 4dfb8cfd-42f7-11e1-a232-a5453fefeaf1

[ Hewlett-Packard Events ]

Error - 9/12/2012 3:40:47 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 9/25/2012 8:51:41 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 9/26/2012 12:01:46 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/26/2012 12:03:50 AM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/2/2012 8:54:43 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 10/9/2012 10:59:33 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/29/2012 4:27:43 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/30/2012 1:41:26 AM | Computer Name = Louis-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/30/2012 2:04:39 AM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/30/2012 8:27:59 PM | Computer Name = Louis-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]

Error - 5/29/2012 4:31:30 AM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/29/2012 12:47:36 PM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/27/2012 1:16:48 PM | Computer Name = Louis-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 9/1/2012 5:55:43 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 9/1/2012 5:55:56 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/6/2012 4:50:17 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = Lost connection to the service. Terminating!

Error - 10/6/2012 7:17:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 10/6/2012 7:17:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/17/2012 10:55:32 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 10/17/2012 10:55:41 PM | Computer Name = Louis-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

[ Media Center Events ]

Error - 6/1/2012 4:17:38 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0

Description = 4:17:24 PM - Error connecting to the internet. 4:17:24 PM - Unable

to contact server..

Error - 6/2/2012 1:31:26 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0

Description = 1:30:26 PM - Error connecting to the internet. 1:30:27 PM - Unable

to contact server..

Error - 6/8/2012 12:39:17 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 538

Description =

Error - 6/8/2012 12:53:08 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 538

Description =

Error - 6/8/2012 1:10:19 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 701

Description =

Error - 6/8/2012 1:10:19 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 700

Description =

Error - 6/8/2012 1:12:18 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-Media Center Extender | ID = 701

Description =

Error - 7/11/2012 5:20:12 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0

Description = 5:20:11 PM - Error connecting to the internet. 5:20:11 PM - Unable

to contact server..

Error - 7/11/2012 6:21:03 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0

Description = 6:21:03 PM - Error connecting to the internet. 6:21:03 PM - Unable

to contact server..

Error - 7/15/2012 1:46:33 PM | Computer Name = Louis-HP | Source = MCUpdate | ID = 0

Description = 1:46:32 PM - Error connecting to the internet. 1:46:32 PM - Unable

to contact server..

[ System Events ]

Error - 11/7/2012 12:42:24 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 12:42:24 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:13:06 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:19:47 AM | Computer Name = Louis-HP | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:16:00 AM on ?11/?7/?2012 was unexpected.

Error - 11/7/2012 1:19:48 AM | Computer Name = LOUIS-HP | Source = BugCheck | ID = 1001

Description =

Error - 11/7/2012 1:20:12 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:20:46 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:20:46 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:21:53 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/7/2012 1:21:53 AM | Computer Name = Louis-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

< End of report >

Link to post
Share on other sites

OTL logfile created on: 11/7/2012 1:17:24 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Louis\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 64.46% Memory free

7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 445.80 Gb Total Space | 284.14 Gb Free Space | 63.74% Space Free | Partition Type: NTFS

Drive D: | 19.66 Gb Total Space | 2.86 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Drive E: | 3.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Drive G: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32

Computer Name: LOUIS-HP | User Name: Louis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/07 01:11:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe

PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/01/03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/06/25 01:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 12:28:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/16 12:27:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/10 00:05:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/09 23:11:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/09 23:10:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 23:10:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012/05/09 23:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/09 23:08:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/09 23:08:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/09 23:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/09 23:07:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/01/19 01:49:30 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011/03/03 17:20:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/03 17:18:40 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/03/03 17:18:39 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/26 17:38:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/05 17:10:14 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2012/07/05 17:10:08 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012/06/08 11:06:24 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/07/05 17:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2012/06/08 11:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2012/06/08 11:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 17:21:02 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2011/03/03 17:21:00 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2011/03/03 17:20:54 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/03/03 17:20:54 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/03 17:18:40 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/09/13 16:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/06/25 01:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/05/06 08:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/06/08 11:06:24 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {292D83CF-023C-4955-9AAC-ADDC18D857C1}

IE:64bit: - HKLM\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE:64bit: - HKLM\..\SearchScopes\{292D83CF-023C-4955-9AAC-ADDC18D857C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8

IE - HKLM\..\SearchScopes,DefaultScope = {292D83CF-023C-4955-9AAC-ADDC18D857C1}

IE - HKLM\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\..\SearchScopes\{292D83CF-023C-4955-9AAC-ADDC18D857C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {2CDD6A60-ED41-4E0D-92BA-3FECF9011986}

IE - HKCU\..\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}

IE - HKCU\..\SearchScopes\{20E6ED86-99FB-4690-9C06-FA38A8AFA0CC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=626EB91B-77C4-4EF5-9EB9-8701B2347060&apn_sauid=3485AD60-83F5-4B50-9C30-C92462E8BD0E

IE - HKCU\..\SearchScopes\{2CDD6A60-ED41-4E0D-92BA-3FECF9011986}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1

FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF - user.js..keyword.enabled: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:38:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 17:38:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:38:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 17:38:22 | 000,000,000 | ---D | M]

[2010/12/27 02:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Extensions

[2012/10/30 03:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions

[2012/10/15 19:25:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/10/30 03:35:28 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com

[2012/10/30 03:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/30 03:23:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/10/26 17:38:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/14 04:57:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/20 09:19:47 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4174BE0A-A7D0-4062-8AD1-A29666782BAF}: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/09/29 11:55:44 | 000,000,052 | -H-- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{732724fd-100c-11e0-9e5a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{732724fd-100c-11e0-9e5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2007/11/06 18:28:04 | 001,176,561 | -H-- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 01:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe

[2012/11/07 00:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/07 00:08:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/07 00:08:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/07 00:08:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/07 00:08:40 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/11/07 00:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/07 00:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/07 00:07:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/11/07 00:01:20 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Louis\Desktop\ComboFix.exe

[2012/11/06 01:28:29 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{F6C2881A-472C-4315-934B-BFC7CFD5E37D}

[2012/11/03 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{53AFA52D-E6D7-414B-8B58-172792755489}

[2012/10/31 13:21:38 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Macromedia

[2012/10/31 03:25:34 | 000,000,000 | ---D | C] -- C:\Users\Louis\Documents\My Curse

[2012/10/31 03:24:56 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

[2012/10/31 03:24:25 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Apps

[2012/10/31 03:24:24 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Deployment

[2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012/10/30 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2012/10/30 19:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net

[2012/10/30 03:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2012/10/30 03:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/10/30 03:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask

[2012/10/30 03:23:36 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/10/30 03:23:36 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/10/30 03:23:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/10/30 03:23:36 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/10/30 03:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/10/30 03:08:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe

[2012/10/29 01:02:39 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Roaming\Malwarebytes

[2012/10/29 01:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/10/29 01:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/10/29 01:02:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/10/29 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/10/26 17:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/10/19 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{B0E7EDFA-8D25-4F01-82D2-8CFD8C48A11C}

[2012/10/19 01:44:46 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\{D665F84E-08C6-4862-82FE-61ABD20CD259}

[2012/10/10 01:19:27 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/10/10 01:19:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/10/10 01:19:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/10/10 01:19:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/10/10 01:19:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/10/10 01:19:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/10/10 01:19:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/10/10 01:19:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/10/10 01:19:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/10/10 01:19:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/10/10 01:19:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/10/10 01:19:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 01:19:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 01:19:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/10/10 01:19:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 01:19:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 01:19:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 01:19:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 01:19:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 01:19:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 01:19:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 01:19:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 01:19:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 01:19:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 01:19:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 01:19:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 01:19:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 01:19:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 01:19:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 01:19:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 01:19:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 01:19:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 01:19:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 01:19:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 01:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 01:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 01:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 01:19:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 01:19:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 01:19:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 01:19:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 01:19:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 01:19:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 01:19:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 01:19:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 01:19:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/10/10 01:18:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/10 01:18:16 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/10 01:18:14 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/10/09 21:56:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[1 C:\Users\Louis\Documents\*.tmp files -> C:\Users\Louis\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 01:11:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe

[2012/11/07 00:28:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/07 00:28:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/07 00:26:42 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/07 00:26:42 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/07 00:26:42 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/07 00:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/07 00:19:28 | 488,450,754 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/07 00:19:27 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/07 00:01:28 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Louis\Desktop\ComboFix.exe

[2012/11/03 22:50:19 | 000,000,024 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\mbam.context.scan

[2012/10/31 13:16:19 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/10/31 13:16:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/10/31 13:12:51 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLouis.job

[2012/10/31 03:24:56 | 000,000,318 | ---- | M] () -- C:\Users\Louis\Desktop\Curse Client.appref-ms

[2012/10/30 19:35:14 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/10/30 03:22:42 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/10/30 03:22:42 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/10/30 03:22:42 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/10/30 03:22:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/10/30 03:22:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/10/29 01:02:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/26 22:50:02 | 000,002,048 | ---- | M] () -- C:\Users\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/10/24 13:47:02 | 000,007,168 | ---- | M] () -- C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/23 02:16:54 | 000,213,187 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg

[2012/10/20 12:43:07 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/10/10 02:07:52 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[1 C:\Users\Louis\Documents\*.tmp files -> C:\Users\Louis\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/07 00:08:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/07 00:08:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/07 00:08:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/07 00:08:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/07 00:08:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/03 22:50:19 | 000,000,024 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\mbam.context.scan

[2012/10/31 13:12:38 | 488,450,754 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/10/31 03:24:56 | 000,000,318 | ---- | C] () -- C:\Users\Louis\Desktop\Curse Client.appref-ms

[2012/10/30 19:35:09 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/10/29 01:02:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/20 12:43:07 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/21 14:49:58 | 000,213,187 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg

[2012/09/19 15:51:53 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI

[2012/05/23 16:43:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/04/17 21:29:08 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/07/20 19:43:58 | 000,024,209 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\UserTile.png

[2011/07/17 06:33:07 | 000,001,940 | ---- | C] () -- C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/03/29 00:18:20 | 000,001,854 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\GhostObjGAFix.xml

[2011/03/03 17:21:15 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/12/29 20:24:29 | 000,007,168 | ---- | C] () -- C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/21 03:09:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/11/21 03:00:57 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/11/21 03:00:57 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/10/06 15:33:13 | 000,001,024 | ---- | M] () -- C:\.rnd

[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2012/11/07 00:19:27 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/07 00:19:35 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

Hey Iman2,

Your logs indicate an infection.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    O4 - HKLM..\Run: [] File not found
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    :Commands
    [EmptyFlash]
    [Reboot]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If it freezes on the reboot please proceed with the next instruction.

=====

Then, please try running TDSSKiller but don't let it reboot. Post its log in your reply.

=====

Please post the OTL fix log and the log from TDSSKiller in your reply.

Link to post
Share on other sites

Ok so I ran OTL and did the scan you asked, but when it rebooted it froze. So then I did the TDSSKILLER I did the scan and when it found an infected file I hit skip instead of cure. This is the log I got when I pressed report

18:09:04.0962 2056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

18:09:05.0321 2056 ============================================================

18:09:05.0321 2056 Current date / time: 2012/11/07 18:09:05.0321

18:09:05.0321 2056 SystemInfo:

18:09:05.0321 2056

18:09:05.0321 2056 OS Version: 6.1.7601 ServicePack: 1.0

18:09:05.0321 2056 Product type: Workstation

18:09:05.0321 2056 ComputerName: LOUIS-HP

18:09:05.0321 2056 UserName: Louis

18:09:05.0321 2056 Windows directory: C:\Windows

18:09:05.0321 2056 System windows directory: C:\Windows

18:09:05.0321 2056 Running under WOW64

18:09:05.0321 2056 Processor architecture: Intel x64

18:09:05.0321 2056 Number of processors: 2

18:09:05.0321 2056 Page size: 0x1000

18:09:05.0321 2056 Boot type: Normal boot

18:09:05.0321 2056 ============================================================

18:09:06.0616 2056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:09:06.0616 2056 Drive \Device\Harddisk1\DR1 - Size: 0x1E6E80000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:09:06.0631 2056 ============================================================

18:09:06.0631 2056 \Device\Harddisk0\DR0:

18:09:06.0631 2056 MBR partitions:

18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B9C000

18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37C00000, BlocksNum 0x2752000

18:09:06.0631 2056 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

18:09:06.0631 2056 \Device\Harddisk1\DR1:

18:09:06.0631 2056 MBR partitions:

18:09:06.0631 2056 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2001, BlocksNum 0xF353FF

18:09:06.0631 2056 ============================================================

18:09:06.0663 2056 C: <-> \Device\Harddisk0\DR0\Partition2

18:09:06.0709 2056 D: <-> \Device\Harddisk0\DR0\Partition3

18:09:06.0725 2056 F: <-> \Device\Harddisk0\DR0\Partition4

18:09:06.0725 2056 ============================================================

18:09:06.0725 2056 Initialize success

18:09:06.0725 2056 ============================================================

18:11:16.0860 1436 ============================================================

18:11:16.0860 1436 Scan started

18:11:16.0860 1436 Mode: Manual;

18:11:16.0860 1436 ============================================================

18:11:17.0578 1436 ================ Scan system memory ========================

18:11:17.0578 1436 System memory - ok

18:11:17.0578 1436 ================ Scan services =============================

18:11:17.0781 1436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:11:17.0781 1436 1394ohci - ok

18:11:17.0812 1436 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

18:11:17.0812 1436 Accelerometer - ok

18:11:17.0890 1436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:11:17.0906 1436 ACPI - ok

18:11:17.0968 1436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:11:17.0968 1436 AcpiPmi - ok

18:11:18.0030 1436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:11:18.0046 1436 adp94xx - ok

18:11:18.0108 1436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:11:18.0108 1436 adpahci - ok

18:11:18.0140 1436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:11:18.0155 1436 adpu320 - ok

18:11:18.0264 1436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:11:18.0264 1436 AeLookupSvc - ok

18:11:18.0389 1436 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

18:11:18.0389 1436 AESTFilters - ok

18:11:18.0467 1436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:11:18.0483 1436 AFD - ok

18:11:18.0545 1436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:11:18.0545 1436 agp440 - ok

18:11:18.0576 1436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:11:18.0576 1436 ALG - ok

18:11:18.0623 1436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:11:18.0623 1436 aliide - ok

18:11:18.0686 1436 [ 09FCD2C758F1AD3DF931AB9D944FE348 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

18:11:18.0686 1436 AMD External Events Utility - ok

18:11:18.0701 1436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:11:18.0701 1436 amdide - ok

18:11:18.0764 1436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:11:18.0764 1436 AmdK8 - ok

18:11:19.0029 1436 [ 2E76D0A912AB09CA5586AB23E466A25F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

18:11:19.0216 1436 amdkmdag - ok

18:11:19.0278 1436 [ DD3C0C1B62DA0736482501C4BCDCD1F8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

18:11:19.0278 1436 amdkmdap - ok

18:11:19.0356 1436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:11:19.0356 1436 AmdPPM - ok

18:11:19.0419 1436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:11:19.0434 1436 amdsata - ok

18:11:19.0497 1436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:11:19.0497 1436 amdsbs - ok

18:11:19.0528 1436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:11:19.0528 1436 amdxata - ok

18:11:19.0606 1436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:11:19.0606 1436 AppID - ok

18:11:19.0637 1436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:11:19.0653 1436 AppIDSvc - ok

18:11:19.0684 1436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:11:19.0700 1436 Appinfo - ok

18:11:19.0840 1436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:11:19.0840 1436 Apple Mobile Device - ok

18:11:19.0934 1436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

18:11:19.0934 1436 arc - ok

18:11:19.0965 1436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:11:19.0965 1436 arcsas - ok

18:11:20.0012 1436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:11:20.0012 1436 AsyncMac - ok

18:11:20.0058 1436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:11:20.0058 1436 atapi - ok

18:11:20.0199 1436 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys

18:11:20.0308 1436 athr - ok

18:11:20.0402 1436 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

18:11:20.0402 1436 AtiHdmiService - ok

18:11:20.0464 1436 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys

18:11:20.0464 1436 AtiPcie - ok

18:11:20.0542 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:11:20.0558 1436 AudioEndpointBuilder - ok

18:11:20.0589 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:11:20.0589 1436 AudioSrv - ok

18:11:20.0667 1436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:11:20.0667 1436 AxInstSV - ok

18:11:20.0729 1436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:11:20.0745 1436 b06bdrv - ok

18:11:20.0807 1436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:11:20.0823 1436 b57nd60a - ok

18:11:20.0885 1436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:11:20.0885 1436 BDESVC - ok

18:11:20.0901 1436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:11:20.0901 1436 Beep - ok

18:11:21.0041 1436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

18:11:21.0072 1436 BFE - ok

18:11:21.0135 1436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

18:11:21.0166 1436 BITS - ok

18:11:21.0228 1436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:11:21.0228 1436 blbdrive - ok

18:11:21.0431 1436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:11:21.0447 1436 Bonjour Service - ok

18:11:21.0509 1436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:11:21.0509 1436 bowser - ok

18:11:21.0540 1436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:11:21.0540 1436 BrFiltLo - ok

18:11:21.0572 1436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:11:21.0572 1436 BrFiltUp - ok

18:11:21.0618 1436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:11:21.0618 1436 Browser - ok

18:11:21.0650 1436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:11:21.0665 1436 Brserid - ok

18:11:21.0681 1436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:11:21.0681 1436 BrSerWdm - ok

18:11:21.0712 1436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:11:21.0712 1436 BrUsbMdm - ok

18:11:21.0728 1436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:11:21.0728 1436 BrUsbSer - ok

18:11:21.0759 1436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:11:21.0759 1436 BTHMODEM - ok

18:11:21.0790 1436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:11:21.0806 1436 bthserv - ok

18:11:21.0837 1436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:11:21.0837 1436 cdfs - ok

18:11:21.0899 1436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

18:11:21.0915 1436 cdrom - ok

18:11:21.0962 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:11:21.0977 1436 CertPropSvc - ok

18:11:22.0055 1436 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

18:11:22.0071 1436 CinemaNow Service - ok

18:11:22.0133 1436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:11:22.0133 1436 circlass - ok

18:11:22.0180 1436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:11:22.0180 1436 CLFS - ok

18:11:22.0258 1436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:11:22.0258 1436 clr_optimization_v2.0.50727_32 - ok

18:11:22.0305 1436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:11:22.0305 1436 clr_optimization_v2.0.50727_64 - ok

18:11:22.0398 1436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:11:22.0398 1436 clr_optimization_v4.0.30319_32 - ok

18:11:22.0430 1436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:11:22.0430 1436 clr_optimization_v4.0.30319_64 - ok

18:11:22.0508 1436 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

18:11:22.0508 1436 clwvd - ok

18:11:22.0554 1436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:11:22.0554 1436 CmBatt - ok

18:11:22.0601 1436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:11:22.0601 1436 cmdide - ok

18:11:22.0648 1436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:11:22.0648 1436 CNG - ok

18:11:22.0726 1436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:11:22.0726 1436 Compbatt - ok

18:11:22.0773 1436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:11:22.0788 1436 CompositeBus - ok

18:11:22.0804 1436 COMSysApp - ok

18:11:22.0851 1436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:11:22.0851 1436 crcdisk - ok

18:11:22.0913 1436 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:11:22.0913 1436 CryptSvc - ok

18:11:22.0976 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:11:22.0991 1436 DcomLaunch - ok

18:11:23.0038 1436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:11:23.0038 1436 defragsvc - ok

18:11:23.0085 1436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:11:23.0085 1436 DfsC - ok

18:11:23.0147 1436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:11:23.0163 1436 Dhcp - ok

18:11:23.0194 1436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:11:23.0194 1436 discache - ok

18:11:23.0272 1436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:11:23.0272 1436 Disk - ok

18:11:23.0319 1436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:11:23.0334 1436 Dnscache - ok

18:11:23.0381 1436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:11:23.0381 1436 dot3svc - ok

18:11:23.0428 1436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:11:23.0428 1436 DPS - ok

18:11:23.0506 1436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:11:23.0506 1436 drmkaud - ok

18:11:23.0568 1436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:11:23.0584 1436 DXGKrnl - ok

18:11:23.0646 1436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:11:23.0646 1436 EapHost - ok

18:11:23.0756 1436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:11:23.0849 1436 ebdrv - ok

18:11:23.0880 1436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:11:23.0880 1436 EFS - ok

18:11:23.0958 1436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:11:23.0974 1436 ehRecvr - ok

18:11:24.0021 1436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:11:24.0021 1436 ehSched - ok

18:11:24.0083 1436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:11:24.0099 1436 elxstor - ok

18:11:24.0130 1436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:11:24.0130 1436 ErrDev - ok

18:11:24.0224 1436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:11:24.0224 1436 EventSystem - ok

18:11:24.0255 1436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:11:24.0255 1436 exfat - ok

18:11:24.0286 1436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:11:24.0286 1436 fastfat - ok

18:11:24.0364 1436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:11:24.0395 1436 Fax - ok

18:11:24.0411 1436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:11:24.0411 1436 fdc - ok

18:11:24.0473 1436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:11:24.0489 1436 fdPHost - ok

18:11:24.0536 1436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:11:24.0536 1436 FDResPub - ok

18:11:24.0551 1436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:11:24.0551 1436 FileInfo - ok

18:11:24.0582 1436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:11:24.0582 1436 Filetrace - ok

18:11:24.0598 1436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:11:24.0598 1436 flpydisk - ok

18:11:24.0660 1436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:11:24.0676 1436 FltMgr - ok

18:11:24.0738 1436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

18:11:24.0770 1436 FontCache - ok

18:11:24.0848 1436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:11:24.0848 1436 FontCache3.0.0.0 - ok

18:11:24.0879 1436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:11:24.0879 1436 FsDepends - ok

18:11:24.0910 1436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:11:24.0910 1436 Fs_Rec - ok

18:11:24.0988 1436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:11:24.0988 1436 fvevol - ok

18:11:25.0035 1436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:11:25.0050 1436 gagp30kx - ok

18:11:25.0128 1436 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

18:11:25.0128 1436 GameConsoleService - ok

18:11:25.0206 1436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:11:25.0206 1436 GEARAspiWDM - ok

18:11:25.0269 1436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:11:25.0300 1436 gpsvc - ok

18:11:25.0331 1436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:11:25.0331 1436 hcw85cir - ok

18:11:25.0409 1436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:11:25.0409 1436 HdAudAddService - ok

18:11:25.0472 1436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

18:11:25.0472 1436 HDAudBus - ok

18:11:25.0487 1436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:11:25.0487 1436 HidBatt - ok

18:11:25.0518 1436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:11:25.0518 1436 HidBth - ok

18:11:25.0534 1436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:11:25.0534 1436 HidIr - ok

18:11:25.0565 1436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

18:11:25.0565 1436 hidserv - ok

18:11:25.0643 1436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:11:25.0643 1436 HidUsb - ok

18:11:25.0690 1436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:11:25.0690 1436 hkmsvc - ok

18:11:25.0737 1436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:11:25.0752 1436 HomeGroupListener - ok

18:11:25.0784 1436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:11:25.0799 1436 HomeGroupProvider - ok

18:11:25.0924 1436 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:11:25.0924 1436 HP Support Assistant Service - ok

18:11:26.0018 1436 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

18:11:26.0018 1436 HP Wireless Assistant Service - ok

18:11:26.0142 1436 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:11:26.0142 1436 HPDrvMntSvc.exe - ok

18:11:26.0174 1436 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

18:11:26.0174 1436 hpdskflt - ok

18:11:26.0220 1436 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

18:11:26.0236 1436 hpqwmiex - ok

18:11:26.0330 1436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:11:26.0345 1436 HpSAMD - ok

18:11:26.0439 1436 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe

18:11:26.0439 1436 hpsrv - ok

18:11:26.0610 1436 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

18:11:26.0610 1436 HPWMISVC - ok

18:11:26.0704 1436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:11:26.0720 1436 HTTP - ok

18:11:26.0766 1436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:11:26.0766 1436 hwpolicy - ok

18:11:26.0813 1436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:11:26.0829 1436 i8042prt - ok

18:11:26.0876 1436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:11:26.0891 1436 iaStorV - ok

18:11:26.0954 1436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:11:26.0985 1436 idsvc - ok

18:11:27.0188 1436 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

18:11:27.0312 1436 igfx - ok

18:11:27.0375 1436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:11:27.0375 1436 iirsp - ok

18:11:27.0437 1436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:11:27.0468 1436 IKEEXT - ok

18:11:27.0484 1436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:11:27.0484 1436 intelide - ok

18:11:27.0562 1436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:11:27.0562 1436 intelppm - ok

18:11:27.0687 1436 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

18:11:27.0687 1436 IntuitUpdateServiceV4 - ok

18:11:27.0734 1436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:11:27.0734 1436 IPBusEnum - ok

18:11:27.0780 1436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:11:27.0780 1436 IpFilterDriver - ok

18:11:27.0843 1436 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:11:27.0858 1436 iphlpsvc - ok

18:11:27.0890 1436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:11:27.0890 1436 IPMIDRV - ok

18:11:27.0921 1436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:11:27.0921 1436 IPNAT - ok

18:11:28.0030 1436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:11:28.0046 1436 iPod Service - ok

18:11:28.0092 1436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:11:28.0092 1436 IRENUM - ok

18:11:28.0155 1436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:11:28.0155 1436 isapnp - ok

18:11:28.0202 1436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:11:28.0217 1436 iScsiPrt - ok

18:11:28.0248 1436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:11:28.0264 1436 kbdclass - ok

18:11:28.0311 1436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:11:28.0311 1436 kbdhid - ok

18:11:28.0326 1436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:11:28.0326 1436 KeyIso - ok

18:11:28.0373 1436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:11:28.0373 1436 KSecDD - ok

18:11:28.0404 1436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:11:28.0420 1436 KSecPkg - ok

18:11:28.0451 1436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:11:28.0451 1436 ksthunk - ok

18:11:28.0514 1436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:11:28.0514 1436 KtmRm - ok

18:11:28.0607 1436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:11:28.0623 1436 LanmanServer - ok

18:11:28.0685 1436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:11:28.0685 1436 LanmanWorkstation - ok

18:11:28.0763 1436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:11:28.0763 1436 lltdio - ok

18:11:28.0794 1436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:11:28.0810 1436 lltdsvc - ok

18:11:28.0857 1436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:11:28.0857 1436 lmhosts - ok

18:11:28.0966 1436 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

18:11:28.0966 1436 LMIGuardianSvc - ok

18:11:29.0028 1436 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

18:11:29.0028 1436 LMIInfo - ok

18:11:29.0044 1436 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

18:11:29.0044 1436 LMIMaint - ok

18:11:29.0091 1436 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

18:11:29.0106 1436 lmimirr - ok

18:11:29.0123 1436 LMIRfsClientNP - ok

18:11:29.0154 1436 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

18:11:29.0154 1436 LMIRfsDriver - ok

18:11:29.0201 1436 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

18:11:29.0217 1436 LogMeIn - ok

18:11:29.0295 1436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:11:29.0295 1436 LSI_FC - ok

18:11:29.0326 1436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:11:29.0326 1436 LSI_SAS - ok

18:11:29.0357 1436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:11:29.0357 1436 LSI_SAS2 - ok

18:11:29.0388 1436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:11:29.0388 1436 LSI_SCSI - ok

18:11:29.0497 1436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:11:29.0497 1436 luafv - ok

18:11:29.0575 1436 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

18:11:29.0575 1436 MBAMProtector - ok

18:11:29.0685 1436 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

18:11:29.0685 1436 MBAMScheduler - ok

18:11:29.0716 1436 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:11:29.0731 1436 MBAMService - ok

18:11:29.0809 1436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:11:29.0809 1436 Mcx2Svc - ok

18:11:29.0841 1436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:11:29.0841 1436 megasas - ok

18:11:29.0872 1436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:11:29.0887 1436 MegaSR - ok

18:11:29.0919 1436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:11:29.0919 1436 MMCSS - ok

18:11:29.0934 1436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:11:29.0950 1436 Modem - ok

18:11:29.0997 1436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:11:29.0997 1436 monitor - ok

18:11:30.0059 1436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:11:30.0059 1436 mouclass - ok

18:11:30.0106 1436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:11:30.0106 1436 mouhid - ok

18:11:30.0153 1436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:11:30.0153 1436 mountmgr - ok

18:11:30.0293 1436 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:11:30.0293 1436 MozillaMaintenance - ok

18:11:30.0340 1436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:11:30.0340 1436 mpio - ok

18:11:30.0387 1436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:11:30.0387 1436 mpsdrv - ok

18:11:30.0449 1436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:11:30.0480 1436 MpsSvc - ok

18:11:30.0543 1436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:11:30.0543 1436 MRxDAV - ok

18:11:30.0605 1436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:11:30.0605 1436 mrxsmb - ok

18:11:30.0652 1436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:11:30.0667 1436 mrxsmb10 - ok

18:11:30.0699 1436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:11:30.0699 1436 mrxsmb20 - ok

18:11:30.0745 1436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:11:30.0745 1436 msahci - ok

18:11:30.0777 1436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:11:30.0777 1436 msdsm - ok

18:11:30.0792 1436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:11:30.0808 1436 MSDTC - ok

18:11:30.0855 1436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:11:30.0870 1436 Msfs - ok

18:11:30.0886 1436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:11:30.0886 1436 mshidkmdf - ok

18:11:30.0933 1436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:11:30.0933 1436 msisadrv - ok

18:11:30.0964 1436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:11:30.0964 1436 MSiSCSI - ok

18:11:30.0979 1436 msiserver - ok

18:11:31.0011 1436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:11:31.0011 1436 MSKSSRV - ok

18:11:31.0042 1436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:11:31.0042 1436 MSPCLOCK - ok

18:11:31.0057 1436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:11:31.0057 1436 MSPQM - ok

18:11:31.0120 1436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:11:31.0120 1436 MsRPC - ok

18:11:31.0167 1436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:11:31.0167 1436 mssmbios - ok

18:11:31.0182 1436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:11:31.0198 1436 MSTEE - ok

18:11:31.0213 1436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:11:31.0213 1436 MTConfig - ok

18:11:31.0260 1436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:11:31.0260 1436 Mup - ok

18:11:31.0323 1436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:11:31.0338 1436 napagent - ok

18:11:31.0385 1436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:11:31.0401 1436 NativeWifiP - ok

18:11:31.0463 1436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:11:31.0510 1436 NDIS - ok

18:11:31.0588 1436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:11:31.0588 1436 NdisCap - ok

18:11:31.0635 1436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:11:31.0635 1436 NdisTapi - ok

18:11:31.0775 1436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:11:31.0775 1436 Ndisuio - ok

18:11:31.0947 1436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:11:31.0947 1436 NdisWan - ok

18:11:32.0040 1436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:11:32.0056 1436 NDProxy - ok

18:11:32.0212 1436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:11:32.0212 1436 NetBIOS - ok

18:11:32.0383 1436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:11:32.0399 1436 NetBT - ok

18:11:32.0430 1436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:11:32.0446 1436 Netlogon - ok

18:11:32.0758 1436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:11:32.0758 1436 Netman - ok

18:11:32.0945 1436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:11:32.0961 1436 netprofm - ok

18:11:33.0023 1436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:11:33.0023 1436 NetTcpPortSharing - ok

18:11:33.0226 1436 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

18:11:33.0366 1436 netw5v64 - ok

18:11:33.0413 1436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:11:33.0429 1436 nfrd960 - ok

18:11:33.0491 1436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:11:33.0491 1436 NlaSvc - ok

18:11:33.0522 1436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:11:33.0522 1436 Npfs - ok

18:11:33.0553 1436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:11:33.0553 1436 nsi - ok

18:11:33.0585 1436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:11:33.0585 1436 nsiproxy - ok

18:11:33.0678 1436 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:11:33.0741 1436 Ntfs - ok

18:11:33.0787 1436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:11:33.0787 1436 Null - ok

18:11:33.0819 1436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:11:33.0834 1436 nvraid - ok

18:11:33.0850 1436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:11:33.0865 1436 nvstor - ok

18:11:33.0881 1436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:11:33.0881 1436 nv_agp - ok

18:11:33.0928 1436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:11:33.0928 1436 ohci1394 - ok

18:11:34.0021 1436 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:11:34.0037 1436 ose - ok

18:11:34.0255 1436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:11:34.0380 1436 osppsvc - ok

18:11:34.0443 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:11:34.0458 1436 p2pimsvc - ok

18:11:34.0505 1436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:11:34.0505 1436 p2psvc - ok

18:11:34.0536 1436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:11:34.0536 1436 Parport - ok

18:11:34.0583 1436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:11:34.0583 1436 partmgr - ok

18:11:34.0614 1436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:11:34.0614 1436 PcaSvc - ok

18:11:34.0661 1436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:11:34.0661 1436 pci - ok

18:11:34.0708 1436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:11:34.0708 1436 pciide - ok

18:11:34.0755 1436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:11:34.0755 1436 pcmcia - ok

18:11:34.0786 1436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:11:34.0786 1436 pcw - ok

18:11:34.0833 1436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:11:34.0848 1436 PEAUTH - ok

18:11:34.0942 1436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:11:34.0942 1436 PerfHost - ok

18:11:35.0035 1436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:11:35.0082 1436 pla - ok

18:11:35.0160 1436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:11:35.0176 1436 PlugPlay - ok

18:11:35.0191 1436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:11:35.0191 1436 PNRPAutoReg - ok

18:11:35.0207 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:11:35.0223 1436 PNRPsvc - ok

18:11:35.0269 1436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:11:35.0285 1436 PolicyAgent - ok

18:11:35.0332 1436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:11:35.0332 1436 Power - ok

18:11:35.0363 1436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:11:35.0379 1436 PptpMiniport - ok

18:11:35.0394 1436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:11:35.0394 1436 Processor - ok

18:11:35.0441 1436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:11:35.0441 1436 ProfSvc - ok

18:11:35.0457 1436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:11:35.0457 1436 ProtectedStorage - ok

18:11:35.0535 1436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:11:35.0535 1436 Psched - ok

18:11:35.0613 1436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:11:35.0675 1436 ql2300 - ok

18:11:35.0706 1436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:11:35.0706 1436 ql40xx - ok

18:11:35.0737 1436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:11:35.0753 1436 QWAVE - ok

18:11:35.0769 1436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:11:35.0784 1436 QWAVEdrv - ok

18:11:35.0800 1436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:11:35.0800 1436 RasAcd - ok

18:11:35.0831 1436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:11:35.0847 1436 RasAgileVpn - ok

18:11:35.0862 1436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:11:35.0862 1436 RasAuto - ok

18:11:35.0909 1436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:11:35.0925 1436 Rasl2tp - ok

18:11:35.0971 1436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:11:35.0971 1436 RasMan - ok

18:11:36.0018 1436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:11:36.0018 1436 RasPppoe - ok

18:11:36.0065 1436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:11:36.0065 1436 RasSstp - ok

18:11:36.0112 1436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:11:36.0127 1436 rdbss - ok

18:11:36.0143 1436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:11:36.0143 1436 rdpbus - ok

18:11:36.0159 1436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:11:36.0159 1436 RDPCDD - ok

18:11:36.0174 1436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:11:36.0174 1436 RDPENCDD - ok

18:11:36.0190 1436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:11:36.0205 1436 RDPREFMP - ok

18:11:36.0237 1436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:11:36.0237 1436 RDPWD - ok

18:11:36.0299 1436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:11:36.0315 1436 rdyboost - ok

18:11:36.0346 1436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:11:36.0346 1436 RemoteAccess - ok

18:11:36.0377 1436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:11:36.0377 1436 RemoteRegistry - ok

18:11:36.0408 1436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:11:36.0408 1436 RpcEptMapper - ok

18:11:36.0455 1436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:11:36.0455 1436 RpcLocator - ok

18:11:36.0533 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:11:36.0533 1436 RpcSs - ok

18:11:36.0658 1436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:11:36.0689 1436 rspndr - ok

18:11:36.0939 1436 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

18:11:36.0939 1436 RSUSBSTOR - ok

18:11:37.0001 1436 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

18:11:37.0017 1436 RTL8167 - ok

18:11:37.0032 1436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:11:37.0032 1436 SamSs - ok

18:11:37.0079 1436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:11:37.0079 1436 sbp2port - ok

18:11:37.0126 1436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:11:37.0126 1436 SCardSvr - ok

18:11:37.0157 1436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:11:37.0157 1436 scfilter - ok

18:11:37.0235 1436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:11:37.0266 1436 Schedule - ok

18:11:37.0313 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:11:37.0313 1436 SCPolicySvc - ok

18:11:37.0375 1436 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

18:11:37.0391 1436 sdbus - ok

18:11:37.0438 1436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:11:37.0453 1436 SDRSVC - ok

18:11:37.0469 1436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:11:37.0469 1436 secdrv - ok

18:11:37.0516 1436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:11:37.0516 1436 seclogon - ok

18:11:37.0578 1436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

18:11:37.0578 1436 SENS - ok

18:11:37.0641 1436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:11:37.0641 1436 SensrSvc - ok

18:11:37.0656 1436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:11:37.0656 1436 Serenum - ok

18:11:37.0687 1436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:11:37.0687 1436 Serial - ok

18:11:37.0734 1436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:11:37.0750 1436 sermouse - ok

18:11:37.0812 1436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:11:37.0812 1436 SessionEnv - ok

18:11:37.0843 1436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:11:37.0859 1436 sffdisk - ok

18:11:37.0875 1436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:11:37.0875 1436 sffp_mmc - ok

18:11:37.0890 1436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:11:37.0890 1436 sffp_sd - ok

18:11:37.0906 1436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:11:37.0906 1436 sfloppy - ok

18:11:37.0937 1436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:11:37.0953 1436 SharedAccess - ok

18:11:37.0999 1436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:11:37.0999 1436 ShellHWDetection - ok

18:11:38.0046 1436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:11:38.0062 1436 SiSRaid2 - ok

18:11:38.0093 1436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:11:38.0093 1436 SiSRaid4 - ok

18:11:38.0140 1436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:11:38.0140 1436 Smb - ok

18:11:38.0187 1436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:11:38.0187 1436 SNMPTRAP - ok

18:11:38.0202 1436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:11:38.0202 1436 spldr - ok

18:11:38.0249 1436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:11:38.0265 1436 Spooler - ok

18:11:38.0405 1436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:11:38.0514 1436 sppsvc - ok

18:11:38.0561 1436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:11:38.0561 1436 sppuinotify - ok

18:11:38.0608 1436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:11:38.0608 1436 srv - ok

18:11:38.0670 1436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:11:38.0686 1436 srv2 - ok

18:11:38.0748 1436 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

18:11:38.0748 1436 SrvHsfHDA - ok

18:11:38.0811 1436 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:11:38.0857 1436 SrvHsfV92 - ok

18:11:38.0889 1436 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:11:38.0904 1436 SrvHsfWinac - ok

18:11:38.0935 1436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:11:38.0935 1436 srvnet - ok

18:11:38.0998 1436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:11:38.0998 1436 SSDPSRV - ok

18:11:39.0013 1436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:11:39.0013 1436 SstpSvc - ok

18:11:39.0107 1436 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

18:11:39.0123 1436 STacSV - ok

18:11:39.0138 1436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:11:39.0138 1436 stexstor - ok

18:11:39.0216 1436 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

18:11:39.0232 1436 STHDA - ok

18:11:39.0294 1436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:11:39.0310 1436 stisvc - ok

18:11:39.0357 1436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:11:39.0357 1436 swenum - ok

18:11:39.0403 1436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:11:39.0419 1436 swprv - ok

18:11:39.0528 1436 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

18:11:39.0544 1436 SynTP - ok

18:11:39.0622 1436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:11:39.0684 1436 SysMain - ok

18:11:39.0731 1436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:11:39.0731 1436 TabletInputService - ok

18:11:39.0778 1436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:11:39.0793 1436 TapiSrv - ok

18:11:39.0825 1436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:11:39.0840 1436 TBS - ok

18:11:39.0918 1436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:11:39.0965 1436 Tcpip - ok

18:11:40.0043 1436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:11:40.0074 1436 TCPIP6 - ok

18:11:40.0121 1436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:11:40.0121 1436 tcpipreg - ok

18:11:40.0152 1436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:11:40.0152 1436 TDPIPE - ok

18:11:40.0199 1436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:11:40.0199 1436 TDTCP - ok

18:11:40.0246 1436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:11:40.0246 1436 tdx - ok

18:11:40.0261 1436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:11:40.0261 1436 TermDD - ok

18:11:40.0308 1436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:11:40.0355 1436 TermService - ok

18:11:40.0386 1436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:11:40.0386 1436 Themes - ok

18:11:40.0402 1436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:11:40.0402 1436 THREADORDER - ok

18:11:40.0433 1436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:11:40.0433 1436 TrkWks - ok

18:11:40.0495 1436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:11:40.0495 1436 TrustedInstaller - ok

18:11:40.0558 1436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:11:40.0558 1436 tssecsrv - ok

18:11:40.0620 1436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:11:40.0620 1436 TsUsbFlt - ok

18:11:40.0698 1436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:11:40.0698 1436 tunnel - ok

18:11:40.0729 1436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:11:40.0729 1436 uagp35 - ok

18:11:40.0776 1436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:11:40.0776 1436 udfs - ok

18:11:40.0854 1436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:11:40.0870 1436 UI0Detect - ok

18:11:40.0885 1436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:11:40.0885 1436 uliagpkx - ok

18:11:40.0948 1436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:11:40.0948 1436 umbus - ok

18:11:41.0026 1436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:11:41.0026 1436 UmPass - ok

18:11:41.0041 1436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:11:41.0057 1436 upnphost - ok

18:11:41.0119 1436 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

18:11:41.0119 1436 USBAAPL64 - ok

18:11:41.0166 1436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:11:41.0166 1436 usbccgp - ok

18:11:41.0213 1436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:11:41.0213 1436 usbcir - ok

18:11:41.0260 1436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:11:41.0260 1436 usbehci - ok

18:11:41.0338 1436 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

18:11:41.0338 1436 usbfilter - ok

18:11:41.0385 1436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:11:41.0400 1436 usbhub - ok

18:11:41.0416 1436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

18:11:41.0416 1436 usbohci - ok

18:11:41.0463 1436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:11:41.0478 1436 usbprint - ok

18:11:41.0525 1436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:11:41.0525 1436 USBSTOR - ok

18:11:41.0556 1436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:11:41.0556 1436 usbuhci - ok

18:11:41.0619 1436 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

18:11:41.0619 1436 usbvideo - ok

18:11:41.0650 1436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:11:41.0650 1436 UxSms - ok

18:11:41.0665 1436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:11:41.0665 1436 VaultSvc - ok

18:11:41.0728 1436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:11:41.0743 1436 vdrvroot - ok

18:11:41.0790 1436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:11:41.0821 1436 vds - ok

18:11:41.0931 1436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:11:41.0946 1436 vga - ok

18:11:41.0993 1436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:11:42.0024 1436 VgaSave - ok

18:11:42.0102 1436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:11:42.0102 1436 vhdmp - ok

18:11:42.0149 1436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:11:42.0149 1436 viaide - ok

18:11:42.0196 1436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:11:42.0211 1436 volmgr - ok

18:11:42.0243 1436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:11:42.0258 1436 volmgrx - ok

18:11:42.0274 1436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:11:42.0289 1436 volsnap - ok

18:11:42.0336 1436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:11:42.0352 1436 vsmraid - ok

18:11:42.0430 1436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:11:42.0492 1436 VSS - ok

18:11:42.0539 1436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

18:11:42.0539 1436 vwifibus - ok

18:11:42.0586 1436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

18:11:42.0601 1436 vwififlt - ok

18:11:42.0664 1436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

18:11:42.0664 1436 vwifimp - ok

18:11:42.0711 1436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:11:42.0726 1436 W32Time - ok

18:11:42.0757 1436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:11:42.0773 1436 WacomPen - ok

18:11:42.0835 1436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:11:42.0835 1436 WANARP - ok

18:11:42.0867 1436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:11:42.0867 1436 Wanarpv6 - ok

18:11:42.0960 1436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:11:43.0007 1436 WatAdminSvc - ok

18:11:43.0085 1436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:11:43.0132 1436 wbengine - ok

18:11:43.0179 1436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:11:43.0179 1436 WbioSrvc - ok

18:11:43.0225 1436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:11:43.0241 1436 wcncsvc - ok

18:11:43.0257 1436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:11:43.0257 1436 WcsPlugInService - ok

18:11:43.0303 1436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:11:43.0303 1436 Wd - ok

18:11:43.0335 1436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:11:43.0350 1436 Wdf01000 - ok

18:11:43.0381 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:11:43.0397 1436 WdiServiceHost - ok

18:11:43.0397 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:11:43.0413 1436 WdiSystemHost - ok

18:11:43.0459 1436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:11:43.0459 1436 WebClient - ok

18:11:43.0491 1436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:11:43.0491 1436 Wecsvc - ok

18:11:43.0506 1436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:11:43.0522 1436 wercplsupport - ok

18:11:43.0537 1436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:11:43.0553 1436 WerSvc - ok

18:11:43.0615 1436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:11:43.0615 1436 WfpLwf - ok

18:11:43.0631 1436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:11:43.0631 1436 WIMMount - ok

18:11:43.0647 1436 WinDefend - ok

18:11:43.0662 1436 WinHttpAutoProxySvc - ok

18:11:43.0709 1436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:11:43.0709 1436 Winmgmt - ok

18:11:43.0818 1436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:11:43.0881 1436 WinRM - ok

18:11:43.0959 1436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

18:11:43.0959 1436 WinUsb - ok

18:11:44.0021 1436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:11:44.0068 1436 Wlansvc - ok

18:11:44.0193 1436 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:11:44.0255 1436 wlidsvc - ok

18:11:44.0302 1436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:11:44.0302 1436 WmiAcpi - ok

18:11:44.0349 1436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:11:44.0349 1436 wmiApSrv - ok

18:11:44.0395 1436 WMPNetworkSvc - ok

18:11:44.0427 1436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:11:44.0442 1436 WPCSvc - ok

18:11:44.0473 1436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:11:44.0489 1436 WPDBusEnum - ok

18:11:44.0520 1436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:11:44.0520 1436 ws2ifsl - ok

18:11:44.0536 1436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

18:11:44.0551 1436 wscsvc - ok

18:11:44.0551 1436 WSearch - ok

18:11:44.0692 1436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:11:44.0754 1436 wuauserv - ok

18:11:44.0770 1436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:11:44.0770 1436 WudfPf - ok

18:11:44.0817 1436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:11:44.0832 1436 WUDFRd - ok

18:11:44.0879 1436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:11:44.0879 1436 wudfsvc - ok

18:11:44.0926 1436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:11:44.0941 1436 WwanSvc - ok

18:11:45.0019 1436 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

18:11:45.0019 1436 yukonw7 - ok

18:11:45.0066 1436 ================ Scan global ===============================

18:11:45.0113 1436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:11:45.0160 1436 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:11:45.0175 1436 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:11:45.0207 1436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:11:45.0253 1436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:11:45.0253 1436 [Global] - ok

18:11:45.0253 1436 ================ Scan MBR ==================================

18:11:45.0269 1436 [ 35A4FA451025305A24E864AAA8E364C9 ] \Device\Harddisk0\DR0

18:11:45.0269 1436 Suspicious mbr (Forged): \Device\Harddisk0\DR0

18:11:45.0331 1436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

18:11:45.0331 1436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

18:11:46.0096 1436 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

18:11:46.0111 1436 \Device\Harddisk1\DR1 - ok

18:11:46.0127 1436 ================ Scan VBR ==================================

18:11:46.0127 1436 [ 16795E6681B3C0DBAC67CA2B76316316 ] \Device\Harddisk0\DR0\Partition1

18:11:46.0127 1436 \Device\Harddisk0\DR0\Partition1 - ok

18:11:46.0158 1436 [ 0A2DDA0C23F99C9D13F2F88F1B7B931E ] \Device\Harddisk0\DR0\Partition2

18:11:46.0158 1436 \Device\Harddisk0\DR0\Partition2 - ok

18:11:46.0189 1436 [ 3FFFABA10CF32E8846FBFDCFA1DCE3F9 ] \Device\Harddisk0\DR0\Partition3

18:11:46.0189 1436 \Device\Harddisk0\DR0\Partition3 - ok

18:11:46.0205 1436 [ 677FCD79C456EB44806EDEB52B4232EC ] \Device\Harddisk0\DR0\Partition4

18:11:46.0221 1436 \Device\Harddisk0\DR0\Partition4 - ok

18:11:46.0221 1436 [ 27389A4D29D8CE922F3E6FD194F65191 ] \Device\Harddisk1\DR1\Partition1

18:11:46.0221 1436 \Device\Harddisk1\DR1\Partition1 - ok

18:11:46.0221 1436 ============================================================

18:11:46.0221 1436 Scan finished

18:11:46.0221 1436 ============================================================

18:11:46.0252 3632 Detected object count: 1

18:11:46.0252 3632 Actual detected object count: 1

18:14:07.0463 3632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

18:14:07.0463 3632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

Link to post
Share on other sites

Hey Iman2. :)

Just the infection I was expecting to see. ;)

Please re-run TDSSKiller.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip. Click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

Link to post
Share on other sites

Wow it actually rebooted. First time in a very long time! When it booted back up I just reopened TDSSKILLER and went to report. This is the log that was there. On a second note I just bought an old alienware computer that was running windows xp and had a bunch of viruses. I nstalled windows 7 and it seems to be running smoother. Just downloaded malwayrebytes on it. Should I also download tdsskiller and OLS on it too? Or do you have any other antivirus/malware etc programs I should download on it?

20:27:55.0992 3412 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:27:56.0460 3412 ============================================================

20:27:56.0460 3412 Current date / time: 2012/11/07 20:27:56.0460

20:27:56.0460 3412 SystemInfo:

20:27:56.0460 3412

20:27:56.0460 3412 OS Version: 6.1.7601 ServicePack: 1.0

20:27:56.0460 3412 Product type: Workstation

20:27:56.0460 3412 ComputerName: LOUIS-HP

20:27:56.0460 3412 UserName: Louis

20:27:56.0460 3412 Windows directory: C:\Windows

20:27:56.0460 3412 System windows directory: C:\Windows

20:27:56.0460 3412 Running under WOW64

20:27:56.0460 3412 Processor architecture: Intel x64

20:27:56.0460 3412 Number of processors: 2

20:27:56.0460 3412 Page size: 0x1000

20:27:56.0460 3412 Boot type: Normal boot

20:27:56.0460 3412 ============================================================

20:27:59.0206 3412 BG loaded

20:28:00.0469 3412 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:28:00.0469 3412 Drive \Device\Harddisk1\DR1 - Size: 0x1E6E80000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:28:00.0469 3412 ============================================================

20:28:00.0469 3412 \Device\Harddisk0\DR0:

20:28:00.0469 3412 MBR partitions:

20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B9C000

20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37C00000, BlocksNum 0x2752000

20:28:00.0469 3412 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

20:28:00.0469 3412 \Device\Harddisk1\DR1:

20:28:00.0469 3412 MBR partitions:

20:28:00.0469 3412 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2001, BlocksNum 0xF353FF

20:28:00.0469 3412 ============================================================

20:28:00.0797 3412 C: <-> \Device\Harddisk0\DR0\Partition2

20:28:01.0639 3412 D: <-> \Device\Harddisk0\DR0\Partition3

20:28:01.0686 3412 F: <-> \Device\Harddisk0\DR0\Partition4

20:28:01.0686 3412 ============================================================

20:28:01.0686 3412 Initialize success

20:28:01.0686 3412 ============================================================

Link to post
Share on other sites

Hey Iman2. :)

Wow it actually rebooted. First time in a very long time! When it booted back up I just reopened TDSSKILLER and went to report. This is the log that was there

Sounds like the infection should be gone.

On a second note I just bought an old alienware computer that was running windows xp and had a bunch of viruses. I nstalled windows 7 and it seems to be running smoother. Just downloaded malwayrebytes on it. Should I also download tdsskiller and OLS on it too? Or do you have any other antivirus/malware etc programs I should download on it?

I suggest making a separate topic here in the forums and a helper such as myself can go through the computer with you and make sure all is fine. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste the contents of the log as a reply to this topic.

Do any issues remain on this computer?

Link to post
Share on other sites

ok I did the scan, took more than 2 hours. Says it found 15 threats, here are the logs

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=29f46ba74dfe73449032d4007f17d00c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-08 05:27:27

# local_time=2012-11-08 12:27:27 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 103886436 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=264046

# found=15

# cleaned=0

# scan_time=9460

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\07.11.2012_20.24.41\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Louis\AppData\Local\Temp\Av-test.txt Eicar test file (unable to clean) 00000000000000000000000000000000 I

C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5d1375c1-15a3c105 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-71e37dac Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Louis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b4d836b-1c6c5faa Java/Agent.BV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Louis\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

C:\Windows\Temp\jar_cache3442685919197725160.tmp Java/Exploit.CVE-2012-1723.CU trojan (unable to clean) 00000000000000000000000000000000 I

C:\Windows\Temp\MZHTOL Java/Exploit.CVE-2012-1723.CU trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Hey Iman2,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Then, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

=====

In your reply I would like to see the contents of the logs from OTL and AdwCleaner please.

Link to post
Share on other sites

these are the otl logs

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 312685323 bytes

->Temporary Internet Files folder emptied: 10659893 bytes

->FireFox cache emptied: 398475750 bytes

->Flash cache emptied: 0 bytes

User: Louis

->Temp folder emptied: 12485209 bytes

->Temporary Internet Files folder emptied: 9569196 bytes

->Java cache emptied: 337170 bytes

->FireFox cache emptied: 422679202 bytes

->Flash cache emptied: 19909 bytes

User: Mcx1-LOUIS-HP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 245945 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 222862009 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119186 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,326.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 0 bytes

User: Louis

->Flash cache emptied: 0 bytes

User: Mcx1-LOUIS-HP

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest

User: Louis

->Java cache emptied: 0 bytes

User: Mcx1-LOUIS-HP

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11082012_183449

Files\Folders moved on Reboot...

C:\Users\Louis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

these are the ad cleaner logs

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 18:50:06

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Louis - LOUIS-HP

# Boot Mode : Normal

# Running from : C:\Users\Louis\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Program Files (x86)\QuestScan

Folder Found : C:\ProgramData\Ask

Folder Found : C:\Users\Louis\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Louis\AppData\LocalLow\Conduit

Folder Found : C:\Users\Louis\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Louis\AppData\LocalLow\ShoppingReport2

Folder Found : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\Mp3Tube

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Found : HKCU\Software\AppDataLow\Software\Toolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}

Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}

Key Found : HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Ask.com");

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_r[...]

Found : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");

*************************

AdwCleaner[R1].txt - [5690 octets] - [08/11/2012 18:50:06]

########## EOF - C:\AdwCleaner[R1].txt - [5750 octets] ##########

Link to post
Share on other sites

Hey Iman2,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

=====

Next, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=====

Please post the contents of both logs in your reply. Do any issues remain on your computer?

Link to post
Share on other sites

adcleaner logs

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 20:29:59

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Louis - LOUIS-HP

# Boot Mode : Normal

# Running from : C:\Users\Louis\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\QuestScan

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Louis\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Louis\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Louis\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Louis\AppData\LocalLow\ShoppingReport2

Folder Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\prefs.js

C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_r[...]

Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");

*************************

AdwCleaner[R1].txt - [5797 octets] - [08/11/2012 18:50:06]

AdwCleaner[s1].txt - [5698 octets] - [08/11/2012 20:29:59]

########## EOF - C:\AdwCleaner[s1].txt - [5758 octets] ##########

Link to post
Share on other sites

system check

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (16.0.2)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hello Iman2,

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel >Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

=====

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

=====

Please let me know how the updates go and if any issues remain.

Link to post
Share on other sites

the updates downloaded great, thanks so much for your help. Any suggestions on how to keep my laptop virus/malware free in the future? Any programs I should download? BTW all the programs I downloaded during this whole process, should I keep them and run them again for rutine scans, or should I delete them?

Link to post
Share on other sites

Howdy Iman2,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.