Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Needing Help Removing Ad.Yieldmanager Malware

  1. #1
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default Needing Help Removing Ad.Yieldmanager Malware

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shawn at 18:09:24 on 2012-08-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2199 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [<NO NAME>]
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Shawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: Web-Based Email Tools - hxxp://email00.secureserver.net/Download.CAB
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 67.223.203.10 137.118.1.32
    TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC} : DhcpNameServer = 67.223.203.10 137.118.1.32
    TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\2456C6B696E6F574F505C65737F5D494D4F4F53596E636C6169627 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\84162727168637F5E4B434F594E6475627E65647 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\C696E6B6379737 : DhcpNameServer = 67.223.203.10 137.118.1.32
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [(Default)]
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Hosts: 93.115.241.28 www.google-analytics.com.
    Hosts: 93.115.241.28 ad-emea.doubleclick.net.
    Hosts: 93.115.241.28 www.statcounter.com.
    Hosts: 69.72.252.254 www.google-analytics.com.
    Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.mozilla.org/en-US/firefox...version=13.0.1
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    FF - plugin: C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-12 1153368]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-1 250056]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 113120]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
    S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-27 23:07:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEF46CEE-6F54-4085-B024-9A4E92E94C74}\offreg.dll
    2012-08-26 23:34:48 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEF46CEE-6F54-4085-B024-9A4E92E94C74}\mpengine.dll
    2012-08-25 22:36:37 9309624 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 03:31:05 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-08-14 23:49:58 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-14 23:49:58 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-14 23:49:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-14 23:49:53 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-14 23:49:53 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-14 23:49:53 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-14 23:49:51 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-14 23:49:50 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-14 23:49:50 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-14 23:49:50 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-14 23:49:49 956928 ----a-w- C:\Windows\System32\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-08-15 03:29:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 03:29:37 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-03 03:23:05 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-07-03 03:23:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 18:10:38.51 ===============

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-27 18:18:40
    -----------------------------
    18:18:40.716 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:18:40.716 Number of processors: 2 586 0x603
    18:18:40.716 ComputerName: SHAWN-LAPTOP UserName: Shawn
    18:18:41.528 Initialize success
    18:32:53.745 AVAST engine defs: 12082800
    18:33:13.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:33:13.152 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC72E Size: 305245MB BusType: 11
    18:33:13.183 Disk 0 MBR read successfully
    18:33:13.198 Disk 0 MBR scan
    18:33:13.214 Disk 0 unknown MBR code
    18:33:13.214 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    18:33:13.276 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 283974 MB offset 409600
    18:33:13.370 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20967 MB offset 581988352
    18:33:13.464 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    18:33:13.776 Disk 0 scanning C:\Windows\system32\drivers
    18:33:32.839 Service scanning
    18:34:18.750 Modules scanning
    18:34:18.765 Disk 0 trace - called modules:
    18:34:19.311 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    18:34:19.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040d1060]
    18:34:19.327 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80040d0870]
    18:34:19.342 5 hpdskflt.sys[fffff880019e5289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800403b060]
    18:34:20.497 AVAST engine scan C:\Windows
    18:34:24.038 AVAST engine scan C:\Windows\system32
    18:39:52.107 AVAST engine scan C:\Windows\system32\drivers
    18:40:12.480 AVAST engine scan C:\Users\Shawn
    18:41:49.520 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Documents\MBR.dat"
    18:41:49.614 The log file has been saved successfully to "C:\Users\Shawn\Documents\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Anti-Malware Team
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Please note that all instructions given are customised for this computer only.
    Tthe tools used may cause damage if used on a computer with different infections.


    If you think you have similar problems, please post a log in the Safer-Networking forum and wait for help.

    Failure to post replies within 3 days will result in this thread being closed.

    Hi sls0463 and welcome to Safer-Networking

    My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

    Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Read:
    How to back up or transfer your data on a Windows-based computer
    Backup your data - Vista
    Backup your data - windows 7

    Please observe these rules while we work:
    • Perform all actions in the order given.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with it till you're given the all clear.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

    If you can do these things, everything should go smoothly.
    • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
    • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

    It may be helpful to you to print out or take a copy of any instructions given.
    As sometimes it is necessary to go offline and you will lose access to them.
    If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    By the way, while waiting,
    1. Have you back up your registry with Erunt ?
    2. If you have Spybot-S&D installed, TeaTimer needs to be disabled so that its protection does not interfere with fixes. Could you disabled it?
      note:You can find the instruction to perform these two tasks here.
    3. Could you post the second log that was created by DDS. If You can't find it you may have to run the program again.


    =================================================================================
    Sorry for being late. Since the logs that I have with me are quite "old" now, I need latest logs. Please run the following tools and post back the latest logs.
    If you had downloaded these tools before, please delete them and download again because they are updated quite frequent.


    1. TDSSKiller
    Please download TDSSKiller.exe and save it to your Desktop.
    • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • When the TDSSKiller finish loading, click on Change parameters.
    • Tick the Detect TDLFS file system and click ok.
    • Click on Start Scan, the scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • To find the log go to Start > Computer > C:
    • Post the contents of that log in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT



    2. OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.
    • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Under Output, ensure that Minimal Output is selected.
    • Click the Scan All Users checkbox.
      Leave the remaining selections to the default settings.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    Thank you for your patience.
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  3. #3
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default OTL Scan

    OTL logfile created on: 9/14/2012 9:04:10 PM - Run 1
    OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Shawn\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
    7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.32 Gb Total Space | 207.69 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
    Drive D: | 20.48 Gb Total Space | 2.98 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 93.05 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

    Computer Name: SHAWN-LAPTOP | User Name: Shawn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Shawn\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Shawn\Desktop\tdsskiller.exe (Kaspersky Lab ZAO)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
    PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
    PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
    SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe (Andrea Electronics Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe (IDT, Inc.)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe (Andrea Electronics Corporation)
    SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
    DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
    DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
    DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories, Inc.)
    DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
    DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
    DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
    DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
    IE - HKLM\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://findgala.com/?&uid=5618&q={searchTerms}
    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.mozilla.org/en-US/firefox/14.0.1/whatsnew/?oldversion=13.0.1"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 18:43:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 21:20:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/17 18:06:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/17 18:06:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/31 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Extensions
    [2012/07/31 17:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\extensions
    [2012/01/05 21:22:40 | 000,001,210 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml
    [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml
    [2012/07/31 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/17 18:06:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/17 18:06:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2012/08/17 18:06:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - default_search_provider: Search Results ()
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/406
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/01/05 21:22:50 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 93.115.241.28 www.google-analytics.com.
    O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
    O1 - Hosts: 93.115.241.28 www.statcounter.com.
    O1 - Hosts: 69.72.252.254 www.google-analytics.com.
    O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    O1 - Hosts: 69.72.252.254 www.statcounter.com.
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email00.secureserver.net/Download.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.223.203.10 137.118.1.32
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}: DhcpNameServer = 67.223.203.10 137.118.1.32
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/14 21:02:42 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
    [2012/09/14 20:59:36 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\tdsskiller.exe
    [2012/09/14 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\erunt
    [2012/09/14 20:51:38 | 000,352,928 | ---- | C] (Softonic) -- C:\Users\Shawn\Documents\SoftonicDownloader_for_erunt.exe
    [2012/09/11 23:10:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
    [2012/09/11 23:10:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2012/09/11 23:10:49 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2012/09/11 23:10:49 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/08/27 21:52:02 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/08/27 21:52:02 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/08/27 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/08/27 21:51:59 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/08/27 21:51:58 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/08/27 21:51:57 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/08/27 21:51:55 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/08/27 21:51:55 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/08/27 20:28:54 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\Shawn\Desktop\aswclear.exe
    [2012/08/27 20:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/08/27 20:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/27 19:10:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/08/27 19:10:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/08/27 19:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/08/27 19:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/27 18:08:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/08/25 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\Phone Pics

    ========== Files - Modified Within 30 Days ==========

    [2012/09/14 21:06:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/14 21:02:42 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
    [2012/09/14 20:59:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\tdsskiller.exe
    [2012/09/14 20:56:02 | 000,736,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/14 20:56:02 | 000,630,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/14 20:56:02 | 000,109,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/14 20:55:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/14 20:55:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/14 20:53:51 | 000,513,320 | ---- | M] () -- C:\Users\Shawn\Desktop\erunt.zip
    [2012/09/14 20:51:40 | 000,352,928 | ---- | M] (Softonic) -- C:\Users\Shawn\Documents\SoftonicDownloader_for_erunt.exe
    [2012/09/14 20:48:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/14 20:48:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/14 20:47:13 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/14 20:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/01 13:28:12 | 000,050,919 | ---- | M] () -- C:\Users\Shawn\Desktop\CG.jpg.jpg
    [2012/08/27 21:52:02 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/08/27 21:51:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/08/27 20:38:00 | 000,006,152 | ---- | M] () -- C:\Users\Shawn\Documents\cc_20120827_203753.reg
    [2012/08/27 20:33:38 | 000,355,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/27 20:28:54 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\Shawn\Desktop\aswclear.exe
    [2012/08/27 20:09:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/27 18:41:49 | 000,000,512 | ---- | M] () -- C:\Users\Shawn\Documents\MBR.dat
    [2012/08/27 18:16:29 | 000,003,378 | ---- | M] () -- C:\Users\Shawn\Documents\Attach.zip
    [2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/08/21 04:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/08/21 04:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

    ========== Files Created - No Company Name ==========

    [2012/09/14 20:53:42 | 000,513,320 | ---- | C] () -- C:\Users\Shawn\Desktop\erunt.zip
    [2012/09/01 13:29:13 | 000,050,919 | ---- | C] () -- C:\Users\Shawn\Desktop\CG.jpg.jpg
    [2012/08/27 21:52:02 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/08/27 20:37:57 | 000,006,152 | ---- | C] () -- C:\Users\Shawn\Documents\cc_20120827_203753.reg
    [2012/08/27 20:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/08/27 20:09:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/27 18:41:49 | 000,000,512 | ---- | C] () -- C:\Users\Shawn\Documents\MBR.dat
    [2012/08/27 18:16:29 | 000,003,378 | ---- | C] () -- C:\Users\Shawn\Documents\Attach.zip
    [2012/08/04 17:46:03 | 018,158,582 | ---- | C] () -- C:\Users\Shawn\Backup_of_gotrack.cdr
    [2012/08/04 17:44:25 | 018,158,572 | ---- | C] () -- C:\Users\Shawn\gotrack.cdr
    [2012/05/21 20:51:18 | 000,012,494 | ---- | C] () -- C:\Users\Shawn\mower.cdr
    [2012/01/11 19:42:41 | 000,002,048 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
    [2011/12/25 19:42:31 | 000,001,744 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
    [2011/12/25 19:42:31 | 000,001,744 | -HS- | C] () -- C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
    [2011/03/14 20:31:04 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
    [2011/03/14 20:31:03 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
    [2011/01/25 20:22:13 | 000,750,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/24 00:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/02 17:32:46 | 000,017,244 | ---- | C] () -- C:\Users\Shawn\Backup_of_di's room.cdr
    [2011/01/02 15:56:06 | 000,017,240 | ---- | C] () -- C:\Users\Shawn\di's room.cdr
    [2011/01/02 15:18:06 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
    [2011/01/02 15:18:04 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
    [2010/12/12 20:59:42 | 000,005,187 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/07/18 15:19:39 | 000,000,000 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\wklnhst.dat

    < End of report >

  4. #4
    Anti-Malware Team
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi sls0463 :

    Please don't take too long to reply.

    1. Reminder
    a. I saw you are still running Spybot-S&D when running the OTL tool. Please disable the Spybot-S&D before we finish as it might interfere with our fix.
    b. Please do another Erunt backup.
    note:You can find the instruction to perform these two tasks here.



    2. Repost the logs
    Please post the logs that I asked in previous post:
    a. Extras.txt from OTL ==>You may find it at your Desktop
    b. TDSSKiller log ==>It is located at your C:\



    3. Malwarebytes' Anti-Malware (MBAM)
    As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform Quick scan, then click on Scan
    • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
    • Check all items then click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply.


    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
    Failure to reboot will prevent MBAM from removing all the malware.
    Note: If MBAM doesn't return after an update, please start it again.



    4. Checklist
    Please post:
    • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
    • Extra.txt
    • An update on your problems

    note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

    Thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  5. #5
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default Extra.txt Log

    OTL Extras logfile created on: 9/14/2012 9:04:10 PM - Run 1
    OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Shawn\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
    7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.32 Gb Total Space | 207.69 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
    Drive D: | 20.48 Gb Total Space | 2.98 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 93.05 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

    Computer Name: SHAWN-LAPTOP | User Name: Shawn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12C0F9F6-07E0-4B66-831F-8067B8DA9878}" = lport=137 | protocol=17 | dir=in | app=system |
    "{162FAFEB-71B7-4593-ADC1-8A54D8229742}" = rport=138 | protocol=17 | dir=out | app=system |
    "{20D770D1-0306-43C8-937C-09C729FB84AC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{24F30A51-B517-4E67-9718-3973975DEAE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3AA33406-6380-4751-83C9-77DE3BEC7412}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{462B2A25-4B24-4F9D-85B6-16CED061F4B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{732B3092-F5ED-4238-B17E-BA42340E0D52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8DFF6F34-6F4D-4F1F-A3FA-75A085BF9835}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A5F57FF9-BDEC-413E-8416-7C945304973F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AE88036B-4A46-49D6-98C5-570914F202C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C577DE21-B2DB-40B8-8556-39D59B833B33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D07CCBD3-BFD2-400A-B900-4F70EA5C4258}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E551CFE5-0245-4E46-99F1-18AF9A7FA983}" = rport=445 | protocol=6 | dir=out | app=system |
    "{ED68A228-E9F2-4047-83A5-2D1028E69741}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{EE4E3493-C353-478B-A9AC-B5CBE24610CA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{FD0BFF27-E6F3-499A-B3CA-AA37CB3BE1A0}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{000055B4-5563-484C-8D46-473AF300F27C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{22FC7D1A-873E-4AE2-8762-FCBBEA90C984}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{2CD6A366-EAA1-4731-96A0-F016086326B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{4C2E0161-305D-4825-835C-50D09DDB35DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56CC29BF-34AB-4012-9A72-C8613D9A766A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{56F2B4E3-1097-45D6-832A-24F899811D04}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{5A3F4FBF-F170-4032-9A8B-5A54050EC4FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5C05A244-808F-4FD1-ABCB-D9A3F15FA5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{61F80A5B-A5C8-4653-A6F0-D3D28136F485}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{7FEA4F46-854A-4017-9912-AE59436C2219}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{809FDF7C-4428-4257-9E9C-EA3183A4886E}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{989AE661-676B-49E6-8992-C8C80F48BF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{B40644D1-D49C-4749-B266-EE89442573FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C399381E-B4E6-4137-8987-B9228A869BFA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{CB8B7C1B-2A2E-4928-B39A-989E5E6805C7}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{CDC2D210-D09C-4EAA-A5BF-7C56250C0313}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{DACBC41D-6F30-4B61-992F-2E7746AB48D0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{DBC07428-28A8-4AC3-9D1F-7ABC392A0483}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E3526838-E54C-4206-B37F-35B20A7FE734}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{E4A40AF2-A207-4640-A027-6E1E4E222C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F5EE04DF-F380-47D6-A47B-6C29EF6841A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FD9596BA-8D72-48A9-A6E5-29CC3262B233}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
    "TCP Query User{67F3E4F8-6C63-4DC5-A40A-4BD1BAA9B864}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{88D22CDE-D0A6-4F2D-A1D4-1ECBEA42EC79}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{C1084716-DF44-4636-895C-F7B8A9709540}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{D138BC93-D777-4578-B8A3-333ECCB53E4D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{1DBA13A0-C34E-43E6-8CE0-ECDCCA6125DB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{76A63462-1B6B-4ADB-80BF-4D4D20B4825D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{A86D6EFF-F398-49A7-ACC4-B4F6038E9578}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{CA3ED88D-76C3-447D-B75B-10E05B50C267}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
    "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8562DEED-6F07-DA09-A8B4-C2ADD27EB57C}" = ATI Catalyst Install Manager
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{C705B956-E853-9B81-147A-E7CBFBEB9537}" = ccc-utility64
    "{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "5BB2352543C023211B5CDA6229832626C218EB7F" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)
    "79B5284AC8847651E6939E5B2FB1A473E6C9D19B" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1
    "{00160409-78E1-11D2-B60F-006097C998E7}" = Microsoft Outlook 2000 SR-1
    "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{0224236C-9A6B-83C7-3AEA-DAD43B057F5B}" = Catalyst Control Center Localization All
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0E977F3C-9902-4980-A34B-A3A5EDF04EE1}" = H&R Block Kansas 2011
    "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1EFF5E76-04E7-4CCB-BFBE-65C2607D1B82}" = H&R Block Missouri 2011
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
    "{2D1EC4DD-5EE8-4CA0-A4DE-3BA029C55DFA}" = H&R Block Basic + Efile 2011
    "{2F5BCD74-77C1-305E-70FD-8DE0F5D88167}" = Catalyst Control Center Graphics Light
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{30E6CFEE-EDB3-85B2-F6F9-D0AC32E5DF98}" = CCC Help Dutch
    "{33780089-63F0-9584-2B02-0C0267798CFF}" = Catalyst Control Center Graphics Full Existing
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C1B592E-B9A7-BFD0-0B6B-3A8C8A251452}" = CCC Help Czech
    "{3D808B52-67A6-EE16-E876-23A9BD19DD7A}" = CCC Help Norwegian
    "{3EE5D508-587A-8B44-68D4-EB9818E86F31}" = Catalyst Control Center Core Implementation
    "{400B5ED2-1745-FF34-94A0-3C268C1BFF6E}" = CCC Help Korean
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{421BEFF3-5178-41F5-8F63-7E6F60B54DB5}" = HP User Guides 0193
    "{424D0DE6-670E-4744-99F9-3C84326F4C7B}" = H&R Block Kansas 2010
    "{424E1499-55EF-A078-63CC-0F912248A120}" = CCC Help Russian
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ABF263B-5913-FD00-48AC-2149D5F4EF50}" = ccc-core-static
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{521AB014-C3BB-F8FA-A112-AAEC4F4F5F76}" = CCC Help Hungarian
    "{59EF562E-1038-D633-843A-B3DE7F1D8065}" = Catalyst Control Center Graphics Full New
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B24AEEE-83AA-DC7E-2FCD-C943D6C14133}" = Catalyst Control Center InstallProxy
    "{5E015A25-1C72-7C59-23AF-4A2FE4EC4593}" = CCC Help Finnish
    "{60314E2C-D2BB-59AE-85FF-459A951F7A85}" = CCC Help Chinese Standard
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{69379F6A-4BC5-058A-A853-8C45E9AE650A}" = CCC Help Polish
    "{6A1864D3-C66E-99B2-A7FA-CE21E3A4D3A2}" = CCC Help German
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72980902-A69C-3625-15B4-5DEA8D323151}" = CCC Help Italian
    "{72BC233F-95BD-0DA6-3724-27A0191F3C9C}" = CCC Help Portuguese
    "{77E919AB-E3AE-87E1-926D-F72C4A559985}" = CCC Help Swedish
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7B761517-8421-26A9-A6B4-BC8E48E16EF6}" = Catalyst Control Center Graphics Previews Vista
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A792FD8-0E1C-4A6D-B958-3C8D684D080E}" = H&R Block Missouri 2010
    "{8B9EBBAD-3043-EBEF-3061-3732C0229DAA}" = CCC Help Japanese
    "{8FA73674-A715-0E82-3516-1447B5384341}" = CCC Help Greek
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{998ABD69-A19E-5D36-4B02-0CDCCF0FECA5}" = CCC Help Spanish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A67539A1-0696-498F-832E-ACEA50886C80}" = GB Manager
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C21F6361-1194-F15F-113D-C9113BF50219}" = CCC Help Chinese Traditional
    "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
    "{C3F121A1-5750-E394-7035-753A1218CE8F}" = CCC Help French
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6942F6E-5396-9B1A-038C-FCFA52C8AF68}" = CCC Help Danish
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DE52A16C-8523-2701-1E1F-9657A1D5125F}" = CCC Help Turkish
    "{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3640ED5-F612-9122-2D46-11AE34BD53AB}" = Catalyst Control Center Graphics Previews Common
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1DB42F7-DBC0-13BA-70EE-8DDA41B86963}" = CCC Help English
    "{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
    "{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F92126D3-5BC3-A496-B621-75D39D66AC75}" = CCC Help Thai
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Corel Applications" = Corel Applications
    "Google Chrome" = Google Chrome
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "My HP Game Console" = HP Game Console
    "Pdf995" = Pdf995 (installed by H&R Block)
    "PdfEdit995" = PdfEdit995 (installed by H&R Block)
    "Picasa 3" = Picasa 3
    "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "78601cde3e748eeb" = IQS
    "HuluDesktop" = Hulu Desktop
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
    Upgrade. Security Essentials is not currently monitoring and helping to protect
    your computer. Please restart your computer and try again. Error code:0x80070643.
    Fatal error during installation.

    Error - 10/10/2011 9:29:32 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 9:29:32 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
    Upgrade. Security Essentials is not currently monitoring and helping to protect
    your computer. Please restart your computer and try again. Error code:0x80070643.
    Fatal error during installation.

    Error - 10/10/2011 11:35:07 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 10/10/2011 11:35:07 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    [ Hewlett-Packard Events ]
    Error - 2/23/2012 10:51:51 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 3/22/2012 9:15:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 3/22/2012 9:15:19 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/28/2012 9:30:43 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 6/28/2012 9:30:43 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/12/2012 9:55:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/12/2012 9:55:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/12/2012 9:55:20 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/12/2012 9:55:21 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 9/6/2012 9:07:46 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ HP Wireless Assistant Events ]
    Error - 6/20/2012 6:15:07 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/20/2012 6:15:11 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/20/2012 6:15:11 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 6/20/2012 10:31:26 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/21/2012 9:50:34 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/22/2012 7:13:47 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/23/2012 8:24:05 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/23/2012 8:34:24 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 6/23/2012 8:34:24 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 6/24/2012 9:33:00 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    [ System Events ]
    Error - 9/8/2012 12:56:38 AM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7034
    Description = The Google Update Service (gupdate) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/8/2012 12:57:07 AM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
    Description =

    Error - 9/9/2012 10:23:51 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
    Description =

    Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7038
    Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
    with the currently configured password due to the following error: %%50 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7000
    Description = The UPnP Device Host service failed to start due to the following
    error: %%1069

    Error - 9/12/2012 6:49:56 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7034
    Description = The Google Update Service (gupdate) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/13/2012 8:34:45 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
    Description =

    Error - 9/13/2012 8:55:06 PM | Computer Name = Shawn-Laptop | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.1007.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x8024001e Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 9/13/2012 8:55:06 PM | Computer Name = Shawn-Laptop | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.1007.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x8024001e Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.


    < End of report >

  6. #6
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default TDS Killer #1

    19:29:07.0113 3524 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    19:29:09.0328 3524 ============================================================
    19:29:09.0328 3524 Current date / time: 2012/09/17 19:29:09.0328
    19:29:09.0328 3524 SystemInfo:
    19:29:09.0328 3524
    19:29:09.0328 3524 OS Version: 6.1.7601 ServicePack: 1.0
    19:29:09.0328 3524 Product type: Workstation
    19:29:09.0328 3524 ComputerName: SHAWN-LAPTOP
    19:29:09.0328 3524 UserName: Shawn
    19:29:09.0328 3524 Windows directory: C:\Windows
    19:29:09.0328 3524 System windows directory: C:\Windows
    19:29:09.0328 3524 Running under WOW64
    19:29:09.0328 3524 Processor architecture: Intel x64
    19:29:09.0328 3524 Number of processors: 2
    19:29:09.0328 3524 Page size: 0x1000
    19:29:09.0328 3524 Boot type: Normal boot
    19:29:09.0328 3524 ============================================================
    19:29:12.0151 3524 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:29:12.0245 3524 ============================================================
    19:29:12.0245 3524 \Device\Harddisk0\DR0:
    19:29:12.0261 3524 MBR partitions:
    19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22AA3000
    19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22B07000, BlocksNum 0x28F3800
    19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    19:29:12.0261 3524 ============================================================
    19:29:12.0292 3524 C: <-> \Device\Harddisk0\DR0\Partition2
    19:29:12.0370 3524 D: <-> \Device\Harddisk0\DR0\Partition3
    19:29:12.0432 3524 E: <-> \Device\Harddisk0\DR0\Partition4
    19:29:12.0432 3524 ============================================================
    19:29:12.0432 3524 Initialize success
    19:29:12.0432 3524 ============================================================
    19:29:21.0434 0424 ============================================================
    19:29:21.0434 0424 Scan started
    19:29:21.0434 0424 Mode: Manual; TDLFS;
    19:29:21.0434 0424 ============================================================
    19:29:22.0370 0424 ================ Scan system memory ========================
    19:29:22.0370 0424 System memory - ok
    19:29:22.0370 0424 ================ Scan services =============================
    19:29:22.0697 0424 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:29:22.0697 0424 1394ohci - ok
    19:29:22.0760 0424 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    19:29:22.0760 0424 Accelerometer - ok
    19:29:22.0791 0424 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:29:22.0806 0424 ACPI - ok
    19:29:22.0853 0424 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:29:22.0853 0424 AcpiPmi - ok
    19:29:23.0056 0424 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:29:23.0056 0424 AdobeFlashPlayerUpdateSvc - ok
    19:29:23.0134 0424 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:29:23.0134 0424 adp94xx - ok
    19:29:23.0196 0424 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:29:23.0196 0424 adpahci - ok
    19:29:23.0212 0424 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:29:23.0212 0424 adpu320 - ok
    19:29:23.0259 0424 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:29:23.0259 0424 AeLookupSvc - ok
    19:29:23.0368 0424 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
    19:29:23.0368 0424 AESTFilters - ok
    19:29:23.0430 0424 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:29:23.0446 0424 AFD - ok
    19:29:23.0508 0424 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:29:23.0508 0424 agp440 - ok
    19:29:23.0524 0424 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:29:23.0524 0424 ALG - ok
    19:29:23.0571 0424 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:29:23.0571 0424 aliide - ok
    19:29:23.0618 0424 [ 0DE7BF2A2E64A841F9ABF9558870D9C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:29:23.0618 0424 AMD External Events Utility - ok
    19:29:23.0649 0424 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:29:23.0649 0424 amdide - ok
    19:29:23.0696 0424 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:29:23.0696 0424 AmdK8 - ok
    19:29:24.0086 0424 [ F284DA3156166B45D02ACC3C228ADE1E ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
    19:29:24.0132 0424 amdkmdag - ok
    19:29:24.0226 0424 [ 91E1DAF0193BD2AB90B1B35C987237FE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    19:29:24.0226 0424 amdkmdap - ok
    19:29:24.0273 0424 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:29:24.0288 0424 AmdPPM - ok
    19:29:24.0320 0424 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:29:24.0320 0424 amdsata - ok
    19:29:24.0366 0424 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:29:24.0366 0424 amdsbs - ok
    19:29:24.0382 0424 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:29:24.0398 0424 amdxata - ok
    19:29:24.0460 0424 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:29:24.0460 0424 AppID - ok
    19:29:24.0491 0424 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:29:24.0491 0424 AppIDSvc - ok
    19:29:24.0522 0424 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:29:24.0522 0424 Appinfo - ok
    19:29:24.0585 0424 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:29:24.0585 0424 arc - ok
    19:29:24.0600 0424 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:29:24.0616 0424 arcsas - ok
    19:29:24.0694 0424 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    19:29:24.0694 0424 aswFsBlk - ok
    19:29:24.0772 0424 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    19:29:24.0772 0424 aswMonFlt - ok
    19:29:24.0819 0424 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    19:29:24.0819 0424 aswRdr - ok
    19:29:24.0881 0424 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    19:29:24.0897 0424 aswSnx - ok
    19:29:24.0928 0424 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    19:29:24.0928 0424 aswSP - ok
    19:29:24.0959 0424 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    19:29:24.0959 0424 aswTdi - ok
    19:29:24.0975 0424 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:29:24.0975 0424 AsyncMac - ok
    19:29:25.0006 0424 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:29:25.0006 0424 atapi - ok
    19:29:25.0068 0424 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    19:29:25.0068 0424 AtiHdmiService - ok
    19:29:25.0115 0424 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    19:29:25.0115 0424 AtiPcie - ok
    19:29:25.0162 0424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:29:25.0178 0424 AudioEndpointBuilder - ok
    19:29:25.0193 0424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:29:25.0193 0424 AudioSrv - ok
    19:29:25.0380 0424 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    19:29:25.0380 0424 avast! Antivirus - ok
    19:29:25.0443 0424 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:29:25.0458 0424 AxInstSV - ok
    19:29:25.0552 0424 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:29:25.0552 0424 b06bdrv - ok
    19:29:25.0630 0424 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:29:25.0646 0424 b57nd60a - ok
    19:29:25.0864 0424 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    19:29:25.0864 0424 BBSvc - ok
    19:29:26.0036 0424 [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    19:29:26.0051 0424 BCM43XX - ok
    19:29:26.0145 0424 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:29:26.0145 0424 BDESVC - ok
    19:29:26.0348 0424 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:29:26.0348 0424 Beep - ok
    19:29:26.0426 0424 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:29:26.0426 0424 BFE - ok
    19:29:26.0644 0424 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:29:26.0660 0424 BITS - ok
    19:29:26.0738 0424 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:29:26.0738 0424 blbdrive - ok
    19:29:26.0800 0424 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:29:26.0800 0424 bowser - ok
    19:29:26.0862 0424 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:29:26.0862 0424 BrFiltLo - ok
    19:29:26.0894 0424 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:29:26.0894 0424 BrFiltUp - ok
    19:29:26.0972 0424 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:29:26.0972 0424 Browser - ok
    19:29:27.0050 0424 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:29:27.0050 0424 Brserid - ok
    19:29:27.0096 0424 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:29:27.0096 0424 BrSerWdm - ok
    19:29:27.0143 0424 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:29:27.0143 0424 BrUsbMdm - ok
    19:29:27.0174 0424 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:29:27.0174 0424 BrUsbSer - ok
    19:29:27.0237 0424 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
    19:29:27.0237 0424 BTCFilterService - ok
    19:29:27.0315 0424 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    19:29:27.0315 0424 BthEnum - ok
    19:29:27.0346 0424 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:29:27.0362 0424 BTHMODEM - ok
    19:29:27.0393 0424 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    19:29:27.0393 0424 BthPan - ok
    19:29:27.0486 0424 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    19:29:27.0502 0424 BTHPORT - ok
    19:29:27.0580 0424 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:29:27.0580 0424 bthserv - ok
    19:29:27.0642 0424 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB

  7. #7
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default TDS Killer #2

    C:\Windows\System32\Drivers\BTHUSB.sys
    19:29:27.0642 0424 BTHUSB - ok
    19:29:27.0674 0424 [ 17D2E427EA4D2ACB8AED728F72F75D5D ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
    19:29:27.0689 0424 btwampfl - ok
    19:29:27.0752 0424 [ C4DF9BC1FBF261CADB2C73181A17CCFF ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    19:29:27.0752 0424 btwaudio - ok
    19:29:27.0798 0424 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    19:29:27.0798 0424 btwavdt - ok
    19:29:27.0923 0424 [ 0AC0D9ADCE627225E2FEDF15676A0FAB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    19:29:27.0939 0424 btwdins - ok
    19:29:27.0954 0424 [ 06E96CF5C046F7CAB4AA131DF6E2B9BC ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    19:29:27.0954 0424 btwl2cap - ok
    19:29:27.0970 0424 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    19:29:27.0970 0424 btwrchid - ok
    19:29:28.0001 0424 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:29:28.0001 0424 cdfs - ok
    19:29:28.0079 0424 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    19:29:28.0079 0424 cdrom - ok
    19:29:28.0142 0424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:29:28.0142 0424 CertPropSvc - ok
    19:29:28.0204 0424 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    19:29:28.0204 0424 CinemaNow Service - ok
    19:29:28.0282 0424 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:29:28.0282 0424 circlass - ok
    19:29:28.0313 0424 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:29:28.0329 0424 CLFS - ok
    19:29:28.0656 0424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:29:28.0672 0424 clr_optimization_v2.0.50727_32 - ok
    19:29:28.0953 0424 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:29:28.0953 0424 clr_optimization_v2.0.50727_64 - ok
    19:29:29.0046 0424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:29:29.0046 0424 clr_optimization_v4.0.30319_32 - ok
    19:29:29.0109 0424 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:29:29.0109 0424 clr_optimization_v4.0.30319_64 - ok
    19:29:29.0171 0424 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:29:29.0171 0424 CmBatt - ok
    19:29:29.0202 0424 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:29:29.0202 0424 cmdide - ok
    19:29:29.0296 0424 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:29:29.0296 0424 CNG - ok
    19:29:29.0358 0424 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:29:29.0358 0424 Compbatt - ok
    19:29:29.0421 0424 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:29:29.0421 0424 CompositeBus - ok
    19:29:29.0452 0424 COMSysApp - ok
    19:29:29.0499 0424 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:29:29.0499 0424 crcdisk - ok
    19:29:29.0546 0424 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:29:29.0546 0424 CryptSvc - ok
    19:29:29.0608 0424 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    19:29:29.0608 0424 dc3d - ok
    19:29:29.0702 0424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:29:29.0717 0424 DcomLaunch - ok
    19:29:29.0780 0424 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:29:29.0780 0424 defragsvc - ok
    19:29:29.0811 0424 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:29:29.0811 0424 DfsC - ok
    19:29:29.0826 0424 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:29:29.0842 0424 Dhcp - ok
    19:29:29.0858 0424 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:29:29.0858 0424 discache - ok
    19:29:29.0920 0424 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:29:29.0920 0424 Disk - ok
    19:29:29.0998 0424 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:29:29.0998 0424 Dnscache - ok
    19:29:30.0107 0424 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:29:30.0123 0424 dot3svc - ok
    19:29:30.0154 0424 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:29:30.0154 0424 DPS - ok
    19:29:30.0201 0424 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:29:30.0201 0424 drmkaud - ok
    19:29:30.0248 0424 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
    19:29:30.0263 0424 DVMIO - ok
    19:29:30.0419 0424 [ 5EB46032ECA199F4721EB1915B5383C8 ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    19:29:30.0435 0424 DvmMDES - ok
    19:29:30.0497 0424 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:29:30.0513 0424 DXGKrnl - ok
    19:29:30.0560 0424 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:29:30.0560 0424 EapHost - ok
    19:29:30.0653 0424 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:29:30.0684 0424 ebdrv - ok
    19:29:30.0716 0424 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:29:30.0716 0424 EFS - ok
    19:29:30.0825 0424 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:29:30.0825 0424 ehRecvr - ok
    19:29:30.0856 0424 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:29:30.0872 0424 ehSched - ok
    19:29:30.0996 0424 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:29:31.0012 0424 elxstor - ok
    19:29:31.0043 0424 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:29:31.0043 0424 ErrDev - ok
    19:29:31.0137 0424 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:29:31.0152 0424 EventSystem - ok
    19:29:31.0199 0424 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:29:31.0199 0424 exfat - ok
    19:29:31.0246 0424 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:29:31.0246 0424 fastfat - ok
    19:29:31.0308 0424 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:29:31.0324 0424 Fax - ok
    19:29:31.0355 0424 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:29:31.0355 0424 fdc - ok
    19:29:31.0402 0424 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:29:31.0402 0424 fdPHost - ok
    19:29:31.0433 0424 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:29:31.0449 0424 FDResPub - ok
    19:29:31.0480 0424 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:29:31.0480 0424 FileInfo - ok
    19:29:31.0496 0424 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:29:31.0496 0424 Filetrace - ok
    19:29:31.0542 0424 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:29:31.0542 0424 flpydisk - ok
    19:29:31.0620 0424 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:29:31.0620 0424 FltMgr - ok
    19:29:31.0745 0424 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:29:31.0761 0424 FontCache - ok
    19:29:31.0870 0424 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:29:31.0886 0424 FontCache3.0.0.0 - ok
    19:29:31.0948 0424 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:29:31.0948 0424 FsDepends - ok
    19:29:31.0995 0424 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:29:31.0995 0424 Fs_Rec - ok
    19:29:32.0057 0424 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:29:32.0057 0424 fvevol - ok
    19:29:32.0120 0424 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:29:32.0120 0424 gagp30kx - ok
    19:29:32.0229 0424 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    19:29:32.0229 0424 GameConsoleService - ok
    19:29:32.0354 0424 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:29:32.0369 0424 gpsvc - ok
    19:29:32.0525 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:29:32.0525 0424 gupdate - ok
    19:29:32.0556 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:29:32.0572 0424 gupdatem - ok
    19:29:32.0634 0424 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:29:32.0650 0424 gusvc - ok
    19:29:32.0666 0424 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:29:32.0666 0424 hcw85cir - ok
    19:29:32.0712 0424 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:29:32.0712 0424 HdAudAddService - ok
    19:29:32.0790 0424 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:29:32.0790 0424 HDAudBus - ok
    19:29:32.0837 0424 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:29:32.0837 0424 HidBatt - ok
    19:29:32.0868 0424 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:29:32.0884 0424 HidBth - ok
    19:29:32.0915 0424 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:29:32.0931 0424 HidIr - ok
    19:29:33.0040 0424 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:29:33.0040 0424 hidserv - ok
    19:29:33.0087 0424 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    19:29:33.0087 0424 HidUsb - ok
    19:29:33.0165 0424 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:29:33.0165 0424 hkmsvc - ok
    19:29:33.0258 0424 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:29:33.0274 0424 HomeGroupListener - ok
    19:29:33.0352 0424 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:29:33.0368 0424 HomeGroupProvider - ok
    19:29:33.0477 0424 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    19:29:33.0477 0424 HP Health Check Service - ok
    19:29:33.0570 0424 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    19:29:33.0570 0424 HP Wireless Assistant Service - ok
    19:29:33.0633 0424 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    19:29:33.0633 0424 hpdskflt - ok
    19:29:33.0680 0424 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    19:29:33.0680 0424 hpqwmiex - ok
    19:29:33.0758 0424 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:29:33.0758 0424 HpSAMD - ok
    19:29:33.0789 0424 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
    19:29:33.0804 0424 hpsrv - ok
    19:29:33.0851 0424 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    19:29:33.0851 0424 HPWMISVC - ok
    19:29:34.0116 0424 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:29:34.0132 0424 HTTP - ok
    19:29:34.0210 0424 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:29:34.0210 0424 hwpolicy - ok
    19:29:34.0272 0424 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:29:34.0288 0424 i8042prt - ok
    19:29:34.0335 0424 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:29:34.0350 0424 iaStorV - ok
    19:29:34.0506 0424 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:29:34.0522 0424 idsvc - ok
    19:29:34.0662 0424 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:29:34.0725 0424 igfx - ok
    19:29:34.0787 0424 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:29:34.0787 0424 iirsp - ok
    19:29:35.0006 0424 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:29:35.0021 0424 IKEEXT - ok
    19:29:35.0068 0424 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:29:35.0068 0424 intelide - ok
    19:29:35.0115 0424 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:29:35.0115 0424 intelppm - ok
    19:29:35.0162 0424 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:29:35.0162 0424 IPBusEnum - ok
    19:29:35.0208 0424 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:29:35.0208 0424 IpFilterDriver - ok
    19:29:35.0349 0424 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:29:35.0364 0424 iphlpsvc - ok
    19:29:35.0411 0424 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:29:35.0411 0424 IPMIDRV - ok
    19:29:35.0442 0424 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:29:35.0458 0424 IPNAT - ok
    19:29:35.0505 0424 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:29:35.0505 0424 IRENUM - ok
    19:29:35.0552 0424 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:29:35.0552 0424 isapnp - ok
    19:29:35.0583 0424 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:29:35.0583 0424 iScsiPrt - ok
    19:29:35.0630 0424 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    19:29:35.0630 0424 kbdclass - ok
    19:29:35.0676 0424 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    19:29:35.0676 0424 kbdhid - ok
    19:29:35.0708 0424 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:29:35.0708 0424 KeyIso - ok
    19:29:35.0754 0424 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:29:35.0770 0424 KSecDD - ok
    19:29:35.0832 0424 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:29:35.0832 0424 KSecPkg - ok
    19:29:35.0848 0424 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:29:35.0864 0424 ksthunk - ok
    19:29:35.0895 0424 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:29:35.0910 0424 KtmRm - ok
    19:29:35.0973 0424 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:29:35.0988 0424 LanmanServer - ok
    19:29:36.0020 0424 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:29:36.0020 0424 LanmanWorkstation - ok
    19:29:36.0098 0424 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    19:29:36.0098 0424 LightScribeService - ok
    19:29:36.0160 0424 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:29:36.0160 0424 lltdio - ok
    19:29:36.0207 0424 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:29:36.0207 0424 lltdsvc - ok
    19:29:36.0238 0424 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:29:36.0238 0424 lmhosts - ok
    19:29:36.0285 0424 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:29:36.0285 0424 LSI_FC - ok
    19:29:36.0316 0424 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:29:36.0316 0424 LSI_SAS - ok
    19:29:36.0347 0424 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:29:36.0347 0424 LSI_SAS2 - ok
    19:29:36.0363 0424 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:29:36.0363 0424 LSI_SCSI - ok
    19:29:36.0425 0424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:29:36.0441 0424 luafv - ok
    19:29:36.0503 0424 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    19:29:36.0503 0424 MBAMProtector - ok
    19:29:36.0581 0424 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:29:36.0597 0424 MBAMService - ok
    19:29:36.0628 0424 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:29:36.0644 0424 Mcx2Svc - ok
    19:29:36.0675 0424 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:29:36.0675 0424 megasas - ok
    19:29:36.0768 0424 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:29:36.0768 0424 MegaSR - ok
    19:29:36.0846 0424 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:29:36.0846 0424 MMCSS - ok
    19:29:36.0878 0424 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:29:36.0878 0424 Modem - ok
    19:29:36.0893 0424 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:29:36.0893 0424 monitor - ok
    19:29:36.0956 0424 [ 93F5ADCAD940111F6D4D71AE1D9EC7F6 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
    19:29:36.0956 0424 motccgp - ok
    19:29:37.0018 0424 [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
    19:29:37.0018 0424 motccgpfl - ok
    19:29:37.0080 0424 [ DB83DC223B9133DA3E41AFCBDECC46B5 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
    19:29:37.0080 0424 motmodem - ok
    19:29:37.0143 0424 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    19:29:37.0143 0424 MotoHelper - ok
    19:29:37.0174 0424 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
    19:29:37.0174 0424 MotoSwitchService - ok
    19:29:37.0205 0424 [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
    19:29:37.0205 0424 Motousbnet - ok
    19:29:37.0268 0424 [ 307727F9829FB46FF4BE0E4D1DAC5002 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
    19:29:37.0268 0424 motusbdevice - ok
    19:29:37.0314 0424 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    19:29:37.0314 0424 mouclass - ok
    19:29:37.0377 0424 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:29:37.0377 0424 mouhid - ok
    19:29:37.0424 0424 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:29:37.0424 0424 mountmgr - ok
    19:29:37.0502 0424 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    19:29:37.0517 0424 MozillaMaintenance - ok
    19:29:37.0626 0424 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:29:37.0642 0424 MpFilter - ok
    19:29:37.0704 0424 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:29:37.0704 0424 mpio - ok
    19:29:37.0736 0424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:29:37.0736 0424 mpsdrv - ok
    19:29:37.0860 0424 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:29:37.0876 0424 MpsSvc - ok
    19:29:37.0907 0424 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:29:37.0907 0424 MRxDAV - ok
    19:29:37.0954 0424 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:29:37.0970 0424 mrxsmb - ok
    19:29:38.0032 0424 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:29:38.0032 0424 mrxsmb10 - ok
    19:29:38.0094 0424 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:29:38.0094 0424 mrxsmb20 - ok
    19:29:38.0157 0424 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:29:38.0157 0424 msahci - ok
    19:29:38.0204 0424 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:29:38.0204 0424 msdsm - ok
    19:29:38.0235 0424 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:29:38.0235 0424 MSDTC - ok
    19:29:38.0328 0424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:29:38.0328 0424 Msfs - ok
    19:29:38.0375 0424 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:29:38.0375 0424 mshidkmdf - ok
    19:29:38.0375 0424 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:29:38.0391 0424 msisadrv - ok
    19:29:38.0438 0424 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:29:38.0453 0424 MSiSCSI - ok
    19:29:38.0453 0424 msiserver - ok
    19:29:38.0531 0424 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:29:38.0531 0424 MSKSSRV - ok
    19:29:38.0812 0424 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:29:38.0812 0424 MsMpSvc - ok
    19:29:38.0859 0424 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:29:38.0859 0424 MSPCLOCK - ok
    19:29:38.0874 0424 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:29:38.0874 0424 MSPQM - ok
    19:29:38.0906 0424 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:29:38.0921 0424 MsRPC - ok
    19:29:38.0952 0424 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:29:38.0952 0424 mssmbios - ok
    19:29:38.0984 0424 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:29:38.0984 0424 MSTEE - ok
    19:29:39.0015 0424 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:29:39.0015 0424 MTConfig - ok
    19:29:39.0062 0424 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:29:39.0062 0424 Mup - ok
    19:29:39.0108 0424 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:29:39.0124 0424 napagent - ok
    19:29:39.0202 0424 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:29:39.0218 0424 NativeWifiP - ok
    19:29:39.0280 0424 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:29:39.0296 0424 NDIS - ok
    19:29:39.0311 0424 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:29:39.0311 0424 NdisCap - ok
    19:29:39.0358 0424 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:29:39.0358 0424 NdisTapi - ok
    19:29:39.0389 0424 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:29:39.0389 0424 Ndisuio - ok
    19:29:39.0436 0424 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:29:39.0436 0424 NdisWan - ok
    19:29:39.0467 0424 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:29:39.0467 0424 NDProxy - ok
    19:29:39.0639 0424 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:29:39.0639 0424 NetBIOS - ok
    19:29:39.0826 0424 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:29:39.0826 0424 NetBT - ok
    19:29:39.0857 0424 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:29:39.0857 0424 Netlogon - ok
    19:29:39.0920 0424 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:29:39.0935 0424 Netman - ok
    19:29:39.0951 0424 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:29:39.0951 0424 netprofm - ok
    19:29:39.0982 0424 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:29:39.0982 0424 NetTcpPortSharing - ok
    19:29:40.0169 0424 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    19:29:40.0200 0424 netw5v64 - ok
    19:29:40.0263 0424 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:29:40.0263 0424 nfrd960 - ok
    19:29:40.0341 0424 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:29:40.0356 0424 NisDrv - ok
    19:29:40.0419 0424 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    19:29:40.0419 0424 NisSrv - ok
    19:29:40.0466 0424 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:29:40.0481 0424 NlaSvc - ok
    19:29:40.0528 0424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:29:40.0528 0424 Npfs - ok
    19:29:40.0575 0424 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:29:40.0575 0424 nsi - ok
    19:29:40.0590 0424 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:29:40.0590 0424 nsiproxy - ok
    19:29:40.0700 0424 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:29:40.0715 0424 Ntfs - ok
    19:29:40.0762 0424 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:29:40.0762 0424 Null - ok
    19:29:40.0856 0424 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:29:40.0856 0424 nvraid - ok
    19:29:40.0887 0424 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:29:40.0887 0424 nvstor - ok
    19:29:40.0902 0424 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:29:40.0918 0424 nv_agp - ok
    19:29:40.0934 0424 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:29:40.0934 0424 ohci1394 - ok
    19:29:41.0012 0424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:29:41.0027 0424 p2pimsvc - ok
    19:29:41.0090 0424 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:29:41.0105 0424 p2psvc - ok
    19:29:41.0136 0424 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:29:41.0136 0424 Parport - ok
    19:29:41.0168 0424 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:29:41.0168 0424 partmgr - ok
    19:29:41.0230 0424 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:29:41.0230 0424 PcaSvc - ok
    19:29:41.0308 0424 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:29:41.0308 0424 pci - ok
    19:29:41.0339 0424 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:29:41.0339 0424 pciide - ok
    19:29:41.0402 0424 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:29:41.0402 0424 pcmcia - ok
    19:29:41.0433 0424 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:29:41.0433 0424 pcw - ok
    19:29:41.0480 0424 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:29:41.0495 0424 PEAUTH - ok
    19:29:41.0838 0424 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:29:41.0854 0424 PerfHost - ok
    19:29:41.0994 0424 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:29:42.0026 0424 pla - ok
    19:29:42.0104 0424 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:29:42.0104 0424 PlugPlay - ok
    19:29:42.0150 0424 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:29:42.0150 0424 PNRPAutoReg - ok
    19:29:42.0213 0424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:29:42.0213 0424 PNRPsvc - ok
    19:29:42.0306 0424 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    19:29:42.0306 0424 Point64 - ok
    19:29:42.0353 0424 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:29:42.0369 0424 PolicyAgent - ok
    19:29:42.0416 0424 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:29:42.0431 0424 Power - ok
    19:29:42.0494 0424 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:29:42.0494 0424 PptpMiniport - ok
    19:29:42.0540 0424 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:29:42.0540 0424 Processor - ok
    19:29:42.0618 0424 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:29:42.0634 0424 ProfSvc - ok
    19:29:42.0650 0424 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:29:42.0665 0424 ProtectedStorage - ok
    19:29:42.0696 0424 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:29:42.0696 0424 Psched - ok
    19:29:42.0806 0424 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:29:42.0821 0424 ql2300 - ok
    19:29:43.0024 0424 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:29:43.0024 0424 ql40xx - ok
    19:29:43.0102 0424 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:29:43.0118 0424 QWAVE - ok
    19:29:43.0242 0424 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:29:43.0258 0424 QWAVEdrv - ok
    19:29:43.0274 0424 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:29:43.0289 0424 RasAcd - ok
    19:29:43.0336 0424 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:29:43.0336 0424 RasAgileVpn - ok
    19:29:43.0383 0424 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:29:43.0383 0424 RasAuto - ok
    19:29:43.0414 0424 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:29:43.0414 0424 Rasl2tp - ok
    19:29:43.0461 0424 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:29:43.0461 0424 RasMan - ok
    19:29:43.0492 0424 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:29:43.0492 0424 RasPppoe - ok
    19:29:43.0492 0424 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:29:43.0492 0424 RasSstp - ok
    19:29:43.0554 0424 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:29:43.0554 0424 rdbss - ok
    19:29:43.0570 0424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:29:43.0586 0424 rdpbus - ok
    19:29:43.0601 0424 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:29:43.0601 0424 RDPCDD - ok
    19:29:43.0664 0424 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:29:43.0664 0424 RDPENCDD - ok
    19:29:43.0695 0424 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:29:43.0710 0424 RDPREFMP - ok
    19:29:43.0742 0424 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:29:43.0742 0424 RDPWD - ok
    19:29:43.0820 0424 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:29:43.0835 0424 rdyboost - ok
    19:29:43.0882 0424 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:29:43.0882 0424 RemoteAccess - ok
    19:29:43.0976 0424 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:29:43.0991 0424 RemoteRegistry - ok
    19:29:44.0054 0424 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    19:29:44.0054 0424 RFCOMM - ok
    19:29:44.0116 0424 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:29:44.0116 0424 RpcEptMapper - ok
    19:29:44.0194 0424 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:29:44.0194 0424 RpcLocator - ok
    19:29:44.0272 0424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:29:44.0288 0424 RpcSs - ok
    19:29:44.0397 0424 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:29:44.0397 0424 rspndr - ok
    19:29:44.0475 0424 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    19:29:44.0475 0424 RSUSBSTOR - ok
    19:29:44.0506 0424 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:29:44.0522 0424 RTL8167 - ok
    19:29:44.0537 0424 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:29:44.0537 0424 SamSs - ok
    19:29:44.0584 0424 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:29:44.0584 0424 sbp2port - ok
    19:29:45.0036 0424 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    19:29:45.0052 0424 SBSDWSCService - ok
    19:29:45.0130 0424 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:29:45.0146 0424 SCardSvr - ok
    19:29:45.0208 0424 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:29:45.0208 0424 scfilter - ok
    19:29:45.0489 0424 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:29:45.0504 0424 Schedule - ok
    19:29:45.0582 0424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:29:45.0582 0424 SCPolicySvc - ok
    19:29:45.0660 0424 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    19:29:45.0676 0424 sdbus - ok
    19:29:45.0770 0424 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:29:45.0770 0424 SDRSVC - ok
    19:29:45.0988 0424 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    19:29:45.0988 0424 SeaPort - ok
    19:29:46.0066 0424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:29:46.0066 0424 secdrv - ok
    19:29:46.0128 0424 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:29:46.0144 0424 seclogon - ok
    19:29:46.0206 0424 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:29:46.0206 0424 SENS - ok
    19:29:46.0316 0424 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:29:46.0331 0424 SensrSvc - ok
    19:29:46.0409 0424 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:29:46.0409 0424 Serenum - ok
    19:29:46.0456 0424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:29:46.0456 0424 Serial - ok
    19:29:46.0534 0424 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:29:46.0534 0424 sermouse - ok
    19:29:46.0643 0424 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:29:46.0659 0424 SessionEnv - ok
    19:29:46.0706 0424 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:29:46.0706 0424 sffdisk - ok
    19:29:46.0737 0424 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:29:46.0752 0424 sffp_mmc - ok
    19:29:46.0784 0424 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:29:46.0784 0424 sffp_sd - ok
    19:29:46.0815 0424 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:29:46.0830 0424 sfloppy - ok
    19:29:46.0940 0424 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:29:46.0955 0424 SharedAccess - ok
    19:29:47.0018 0424 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:29:47.0033 0424 ShellHWDetection - ok
    19:29:47.0127 0424 [ 720088AAD691FF1D90BE8EC28727F6CA ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
    19:29:47.0142 0424 silabenm - ok
    19:29:47.0174 0424 [ 3A639FC33AD3D4897C301130214D7FF0 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
    19:29:47.0174 0424 silabser - ok
    19:29:47.0252 0424 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:29:47.0252 0424 SiSRaid2 - ok
    19:29:47.0330 0424 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:29:47.0330 0424 SiSRaid4 - ok
    19:29:47.0423 0424 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:29:47.0439 0424 Smb - ok
    19:29:47.0517 0424 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:29:47.0517 0424 SNMPTRAP - ok
    19:29:47.0564 0424 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:29:47.0564 0424 spldr - ok
    19:29:47.0688 0424 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:29:47.0704 0424 Spooler - ok
    19:29:48.0172 0424 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:29:48.0188 0424 sppsvc - ok
    19:29:48.0266 0424 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:29:48.0266 0424 sppuinotify - ok
    19:29:48.0344 0424 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:29:48.0359 0424 srv - ok
    19:29:48.0453 0424 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:29:48.0468 0424 srv2 - ok
    19:29:48.0593 0424 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    19:29:48.0609 0424 SrvHsfHDA - ok
    19:29:48.0968 0424 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    19:29:48.0983 0424 SrvHsfV92 - ok
    19:29:49.0186 0424 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    19:29:49.0202 0424 SrvHsfWinac - ok
    19:29:49.0248 0424 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:29:49.0248 0424 srvnet - ok
    19:29:49.0389 0424 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:29:49.0404 0424 SSDPSRV - ok
    19:29:49.0451 0424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:29:49.0451 0424 SstpSvc - ok
    19:29:49.0748 0424 [ 7F30633A5AEC81140DBC6DAAAEBD0CBE ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
    19:29:49.0748 0424 STacSV - ok
    19:29:49.0794 0424 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:29:49.0794 0424 stexstor - ok
    19:29:49.0982 0424 [ F991751C2477257BBCEDB364A0F449B4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    19:29:49.0982 0424 STHDA - ok
    19:29:50.0075 0424 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:29:50.0091 0424 stisvc - ok
    19:29:50.0153 0424 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:29:50.0153 0424 swenum - ok
    19:29:50.0247 0424 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:29:50.0262 0424 swprv - ok
    19:29:50.0356 0424 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    19:29:50.0356 0424 SynTP - ok
    19:29:50.0434 0424 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:29:50.0450 0424 SysMain - ok
    19:29:50.0496 0424 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:29:50.0512 0424 TabletInputService - ok
    19:29:50.0637 0424 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:29:50.0637 0424 TapiSrv - ok
    19:29:50.0684 0424 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:29:50.0684 0424 TBS - ok
    19:29:50.0793 0424 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:29:50.0824 0424 Tcpip - ok
    19:29:51.0183 0424 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:29:51.0198 0424 TCPIP6 - ok
    19:29:51.0245 0424 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:29:51.0245 0424 tcpipreg - ok
    19:29:51.0323 0424 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:29:51.0323 0424 TDPIPE - ok
    19:29:51.0401 0424 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:29:51.0401 0424 TDTCP - ok
    19:29:51.0448 0424 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:29:51.0448 0424 tdx - ok
    19:29:51.0510 0424 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:29:51.0510 0424 TermDD - ok
    19:29:51.0666 0424 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:29:51.0682 0424 TermService - ok
    19:29:51.0729 0424 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:29:51.0744 0424 Themes - ok
    19:29:51.0822 0424 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:29:51.0822 0424 THREADORDER - ok
    19:29:51.0854 0424 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:29:51.0869 0424 TrkWks - ok
    19:29:51.0932 0424 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:29:51.0932 0424 TrustedInstaller - ok
    19:29:51.0978 0424 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:29:51.0978 0424 tssecsrv - ok
    19:29:52.0072 0424 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:29:52.0072 0424 TsUsbFlt - ok
    19:29:52.0119 0424 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:29:52.0134 0424 tunnel - ok
    19:29:52.0181 0424 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:29:52.0181 0424 uagp35 - ok
    19:29:52.0275 0424 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:29:52.0275 0424 udfs - ok
    19:29:52.0322 0424 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:29:52.0322 0424 UI0Detect - ok
    19:29:52.0337 0424 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:29:52.0337 0424 uliagpkx - ok
    19:29:52.0400 0424 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:29:52.0400 0424 umbus - ok
    19:29:52.0462 0424 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:29:52.0462 0424 UmPass - ok
    19:29:52.0571 0424 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:29:52.0587 0424 upnphost - ok
    19:29:52.0618 0424 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:29:52.0634 0424 usbccgp - ok
    19:29:52.0680 0424 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:29:52.0680 0424 usbcir - ok
    19:29:52.0696 0424 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:29:52.0696 0424 usbehci - ok
    19:29:52.0758 0424 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    19:29:52.0758 0424 usbfilter - ok
    19:29:52.0774 0424 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:29:52.0774 0424 usbhub - ok
    19:29:52.0852 0424 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    19:29:52.0852 0424 usbohci - ok
    19:29:52.0930 0424 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:29:52.0930 0424 usbprint - ok
    19:29:52.0977 0424 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:29:52.0992 0424 usbscan - ok
    19:29:53.0039 0424 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    19:29:53.0039 0424 USBSTOR - ok
    19:29:53.0086 0424 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:29:53.0086 0424 usbuhci - ok
    19:29:53.0133 0424 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    19:29:53.0148 0424 usbvideo - ok
    19:29:53.0211 0424 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:29:53.0211 0424 UxSms - ok
    19:29:53.0226 0424 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:29:53.0226 0424 VaultSvc - ok
    19:29:53.0273 0424 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:29:53.0289 0424 vdrvroot - ok
    19:29:53.0429 0424 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:29:53.0429 0424 vds - ok
    19:29:53.0476 0424 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:29:53.0492 0424 vga - ok
    19:29:53.0507 0424 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:29:53.0507 0424 VgaSave - ok
    19:29:53.0585 0424 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:29:53.0601 0424 vhdmp - ok
    19:29:53.0648 0424 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:29:53.0648 0424 viaide - ok
    19:29:53.0694 0424 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:29:53.0694 0424 volmgr - ok
    19:29:53.0804 0424 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:29:53.0804 0424 volmgrx - ok
    19:29:53.0897 0424 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:29:53.0897 0424 volsnap - ok
    19:29:53.0975 0424 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:29:53.0975 0424 vsmraid - ok
    19:29:54.0443 0424 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:29:54.0474 0424 VSS - ok
    19:29:54.0552 0424 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:29:54.0552 0424 vwifibus - ok
    19:29:54.0568 0424 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:29:54.0584 0424 vwififlt - ok
    19:29:54.0662 0424 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:29:54.0677 0424 W32Time - ok
    19:29:54.0724 0424 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:29:54.0724 0424 WacomPen - ok
    19:29:54.0771 0424 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:29:54.0786 0424 WANARP - ok
    19:29:54.0786 0424 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:29:54.0786 0424 Wanarpv6 - ok
    19:29:54.0880 0424 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:29:54.0896 0424 WatAdminSvc - ok
    19:29:55.0083 0424 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:29:55.0114 0424 wbengine - ok
    19:29:55.0176 0424 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:29:55.0192 0424 WbioSrvc - ok
    19:29:55.0270 0424 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:29:55.0286 0424 wcncsvc - ok
    19:29:55.0332 0424 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:29:55.0332 0424 WcsPlugInService - ok
    19:29:55.0379 0424 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:29:55.0379 0424 Wd - ok
    19:29:55.0582 0424 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:29:55.0598 0424 Wdf01000 - ok
    19:29:55.0629 0424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:29:55.0644 0424 WdiServiceHost - ok
    19:29:55.0644 0424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:29:55.0660 0424 WdiSystemHost - ok
    19:29:55.0754 0424 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:29:55.0769 0424 WebClient - ok
    19:29:55.0832 0424 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:29:55.0832 0424 Wecsvc - ok
    19:29:55.0863 0424 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:29:55.0863 0424 wercplsupport - ok
    19:29:55.0910 0424 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:29:55.0925 0424 WerSvc - ok
    19:29:55.0972 0424 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:29:55.0972 0424 WfpLwf - ok
    19:29:56.0003 0424 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:29:56.0003 0424 WIMMount - ok
    19:29:56.0034 0424 WinDefend - ok
    19:29:56.0050 0424 WinHttpAutoProxySvc - ok
    19:29:56.0378 0424 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:29:56.0378 0424 Winmgmt - ok
    19:29:56.0658 0424 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:29:56.0674 0424 WinRM - ok
    19:29:56.0752 0424 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:29:56.0752 0424 WinUsb - ok
    19:29:56.0814 0424 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:29:56.0846 0424 Wlansvc - ok
    19:29:57.0189 0424 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:29:57.0220 0424 wlidsvc - ok
    19:29:57.0251 0424 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:29:57.0251 0424 WmiAcpi - ok
    19:29:57.0345 0424 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:29:57.0345 0424 wmiApSrv - ok
    19:29:57.0423 0424 WMPNetworkSvc - ok
    19:29:57.0548 0424 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:29:57.0548 0424 WPCSvc - ok
    19:29:57.0610 0424 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:29:57.0626 0424 WPDBusEnum - ok
    19:29:57.0657 0424 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:29:57.0657 0424 ws2ifsl - ok
    19:29:57.0672 0424 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:29:57.0688 0424 wscsvc - ok
    19:29:57.0688 0424 WSearch - ok
    19:29:57.0984 0424 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:29:58.0016 0424 wuauserv - ok
    19:29:58.0047 0424 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:29:58.0047 0424 WudfPf - ok
    19:29:58.0094 0424 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:29:58.0094 0424 WUDFRd - ok
    19:29:58.0172 0424 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:29:58.0172 0424 wudfsvc - ok
    19:29:58.0234 0424 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:29:58.0250 0424 WwanSvc - ok
    19:29:58.0421 0424 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:29:58.0421 0424 YahooAUService - ok
    19:29:58.0499 0424 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    19:29:58.0515 0424 yukonw7 - ok
    19:29:58.0546 0424 ================ Scan global ===============================
    19:29:58.0577 0424 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:29:58.0640 0424 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:29:58.0655 0424 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:29:58.0702 0424 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:29:58.0780 0424 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:29:58.0796 0424 [Global] - ok
    19:29:58.0796 0424 ================ Scan MBR ==================================
    19:29:58.0827 0424 [ BDD3CFA7D4C103871B2A8A57BD6DA235 ] \Device\Harddisk0\DR0
    19:29:59.0622 0424 \Device\Harddisk0\DR0 - ok
    19:29:59.0622 0424 ================ Scan VBR ==================================
    19:29:59.0654 0424 [ 1AFBF4A297084A4FF4363FB6BB258BF8 ] \Device\Harddisk0\DR0\Partition1
    19:29:59.0654 0424 \Device\Harddisk0\DR0\Partition1 - ok
    19:29:59.0669 0424 [ 05E4B7EDDDC82CC3D0A07D48EC870EBA ] \Device\Harddisk0\DR0\Partition2
    19:29:59.0685 0424 \Device\Harddisk0\DR0\Partition2 - ok
    19:29:59.0716 0424 [ A19864966E39CA2505B9D5F4A6D183A9 ] \Device\Harddisk0\DR0\Partition3
    19:29:59.0716 0424 \Device\Harddisk0\DR0\Partition3 - ok
    19:29:59.0732 0424 [ F15AF17865D63C90FFD4B7652B59240A ] \Device\Harddisk0\DR0\Partition4
    19:29:59.0794 0424 \Device\Harddisk0\DR0\Partition4 - ok
    19:29:59.0810 0424 ============================================================
    19:29:59.0810 0424 Scan finished
    19:29:59.0810 0424 ============================================================
    19:29:59.0825 5004 Detected object count: 0
    19:29:59.0825 5004 Actual detected object count: 0

  8. #8
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default MBAM Scan

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Shawn :: SHAWN-LAPTOP [administrator]

    9/17/2012 7:44:18 PM
    mbam-log-2012-09-17 (19-44-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215525
    Time elapsed: 10 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  9. #9
    Anti-Malware Team
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    hi sls0463:

    You did not provide me an update about your computer problem.


    1. Are you running two antivirus? Avast and MSE? Are they able to update and run?
    2. What is the symptoms that make you think you are infected? Any re-direction, strange sound, email hacked, pop-up?
    3. Since when this incident happen?
    4. Any other issue?


    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  10. #10
    Junior Member
    Join Date
    Aug 2012
    Posts
    14

    Default Update

    I am running Avast (based on an earlier recommendation from the forum).

    I am still getting the pop up in the lower left corner.

    I occasionally get a redirect.

    The ad.yieldmanager popup started about 4 weeks ago.

    THANK YOU for taking the time to try and help me. I do appreciate it.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •