PDA

View Full Version : Needing Help Removing Ad.Yieldmanager Malware



sls0463
2012-08-28, 02:47
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shawn at 18:09:24 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2199 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Shawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email00.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 67.223.203.10 137.118.1.32
TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC} : DhcpNameServer = 67.223.203.10 137.118.1.32
TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\2456C6B696E6F574F505C65737F5D494D4F4F53596E636C6169627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\84162727168637F5E4B434F594E6475627E65647 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}\C696E6B6379737 : DhcpNameServer = 67.223.203.10 137.118.1.32
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 93.115.241.28 www.google-analytics.com.
Hosts: 93.115.241.28 ad-emea.doubleclick.net.
Hosts: 93.115.241.28 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.mozilla.org/en-US/firefox/14.0.1/whatsnew/?oldversion=13.0.1
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-12 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-1 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-27 23:07:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEF46CEE-6F54-4085-B024-9A4E92E94C74}\offreg.dll
2012-08-26 23:34:48 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEF46CEE-6F54-4085-B024-9A4E92E94C74}\mpengine.dll
2012-08-25 22:36:37 9309624 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 03:31:05 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 23:49:58 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 23:49:58 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 23:49:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 23:49:53 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 23:49:53 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 23:49:53 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 23:49:51 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 23:49:50 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 23:49:50 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 23:49:50 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 23:49:49 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-08-15 03:29:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 03:29:37 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 03:23:05 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-03 03:23:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:10:38.51 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 18:18:40
-----------------------------
18:18:40.716 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:40.716 Number of processors: 2 586 0x603
18:18:40.716 ComputerName: SHAWN-LAPTOP UserName: Shawn
18:18:41.528 Initialize success
18:32:53.745 AVAST engine defs: 12082800
18:33:13.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:13.152 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC72E Size: 305245MB BusType: 11
18:33:13.183 Disk 0 MBR read successfully
18:33:13.198 Disk 0 MBR scan
18:33:13.214 Disk 0 unknown MBR code
18:33:13.214 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:33:13.276 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 283974 MB offset 409600
18:33:13.370 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20967 MB offset 581988352
18:33:13.464 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
18:33:13.776 Disk 0 scanning C:\Windows\system32\drivers
18:33:32.839 Service scanning
18:34:18.750 Modules scanning
18:34:18.765 Disk 0 trace - called modules:
18:34:19.311 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:34:19.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040d1060]
18:34:19.327 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80040d0870]
18:34:19.342 5 hpdskflt.sys[fffff880019e5289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800403b060]
18:34:20.497 AVAST engine scan C:\Windows
18:34:24.038 AVAST engine scan C:\Windows\system32
18:39:52.107 AVAST engine scan C:\Windows\system32\drivers
18:40:12.480 AVAST engine scan C:\Users\Shawn
18:41:49.520 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Documents\MBR.dat"
18:41:49.614 The log file has been saved successfully to "C:\Users\Shawn\Documents\aswMBR.txt"

torreattack
2012-09-02, 17:57
Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi sls0463 and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, while waiting,
Have you back up your registry with Erunt ?
If you have Spybot-S&D installed, TeaTimer needs to be disabled so that its protection does not interfere with fixes. Could you disabled it?
note:You can find the instruction to perform these two tasks here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).
Could you post the second log that was created by DDS. If You can't find it you may have to run the program again.

=================================================================================
Sorry for being late. Since the logs that I have with me are quite "old" now, I need latest logs. Please run the following tools and post back the latest logs.
If you had downloaded these tools before, please delete them and download again because they are updated quite frequent.


1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Thank you for your patience.
torreattack

sls0463
2012-09-15, 05:21
OTL logfile created on: 9/14/2012 9:04:10 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Shawn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.67% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.32 Gb Total Space | 207.69 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.98 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 93.05 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

Computer Name: SHAWN-LAPTOP | User Name: Shawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shawn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Shawn\Desktop\tdsskiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe (IDT, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
IE - HKLM\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://findgala.com/?&uid=5618&q={searchTerms}
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.mozilla.org/en-US/firefox/14.0.1/whatsnew/?oldversion=13.0.1"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 18:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/27 21:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/17 18:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/17 18:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/31 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Extensions
[2012/07/31 17:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\extensions
[2012/01/05 21:22:40 | 000,001,210 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml
[2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml
[2012/07/31 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/17 18:06:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/17 18:06:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/17 18:06:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Shawn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Shawn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/05 21:22:50 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.115.241.28 www.google-analytics.com.
O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.28 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email00.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.223.203.10 137.118.1.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C23CE40-43BD-435A-96DD-0088C571D6AC}: DhcpNameServer = 67.223.203.10 137.118.1.32
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 21:02:42 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
[2012/09/14 20:59:36 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\tdsskiller.exe
[2012/09/14 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\erunt
[2012/09/14 20:51:38 | 000,352,928 | ---- | C] (Softonic) -- C:\Users\Shawn\Documents\SoftonicDownloader_for_erunt.exe
[2012/09/11 23:10:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 23:10:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 23:10:49 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 23:10:49 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/27 21:52:02 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/27 21:52:02 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/27 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/27 21:51:59 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/27 21:51:58 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/27 21:51:57 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/27 21:51:55 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/27 21:51:55 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/27 20:28:54 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\Shawn\Desktop\aswclear.exe
[2012/08/27 20:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/27 20:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/27 19:10:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/27 19:10:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/27 19:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/27 19:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/27 18:08:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/25 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\Phone Pics

========== Files - Modified Within 30 Days ==========

[2012/09/14 21:06:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 21:02:42 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
[2012/09/14 20:59:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\tdsskiller.exe
[2012/09/14 20:56:02 | 000,736,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/14 20:56:02 | 000,630,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/14 20:56:02 | 000,109,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 20:55:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 20:55:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 20:53:51 | 000,513,320 | ---- | M] () -- C:\Users\Shawn\Desktop\erunt.zip
[2012/09/14 20:51:40 | 000,352,928 | ---- | M] (Softonic) -- C:\Users\Shawn\Documents\SoftonicDownloader_for_erunt.exe
[2012/09/14 20:48:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 20:48:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 20:47:13 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 20:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/01 13:28:12 | 000,050,919 | ---- | M] () -- C:\Users\Shawn\Desktop\CG.jpg.jpg
[2012/08/27 21:52:02 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/27 21:51:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/27 20:38:00 | 000,006,152 | ---- | M] () -- C:\Users\Shawn\Documents\cc_20120827_203753.reg
[2012/08/27 20:33:38 | 000,355,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/27 20:28:54 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\Shawn\Desktop\aswclear.exe
[2012/08/27 20:09:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/27 18:41:49 | 000,000,512 | ---- | M] () -- C:\Users\Shawn\Documents\MBR.dat
[2012/08/27 18:16:29 | 000,003,378 | ---- | M] () -- C:\Users\Shawn\Documents\Attach.zip
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 04:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 04:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/09/14 20:53:42 | 000,513,320 | ---- | C] () -- C:\Users\Shawn\Desktop\erunt.zip
[2012/09/01 13:29:13 | 000,050,919 | ---- | C] () -- C:\Users\Shawn\Desktop\CG.jpg.jpg
[2012/08/27 21:52:02 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/27 20:37:57 | 000,006,152 | ---- | C] () -- C:\Users\Shawn\Documents\cc_20120827_203753.reg
[2012/08/27 20:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/27 20:09:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/27 18:41:49 | 000,000,512 | ---- | C] () -- C:\Users\Shawn\Documents\MBR.dat
[2012/08/27 18:16:29 | 000,003,378 | ---- | C] () -- C:\Users\Shawn\Documents\Attach.zip
[2012/08/04 17:46:03 | 018,158,582 | ---- | C] () -- C:\Users\Shawn\Backup_of_gotrack.cdr
[2012/08/04 17:44:25 | 018,158,572 | ---- | C] () -- C:\Users\Shawn\gotrack.cdr
[2012/05/21 20:51:18 | 000,012,494 | ---- | C] () -- C:\Users\Shawn\mower.cdr
[2012/01/11 19:42:41 | 000,002,048 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
[2011/12/25 19:42:31 | 000,001,744 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
[2011/12/25 19:42:31 | 000,001,744 | -HS- | C] () -- C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
[2011/03/14 20:31:04 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/03/14 20:31:03 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/01/25 20:22:13 | 000,750,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 00:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/02 17:32:46 | 000,017,244 | ---- | C] () -- C:\Users\Shawn\Backup_of_di's room.cdr
[2011/01/02 15:56:06 | 000,017,240 | ---- | C] () -- C:\Users\Shawn\di's room.cdr
[2011/01/02 15:18:06 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011/01/02 15:18:04 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2010/12/12 20:59:42 | 000,005,187 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/18 15:19:39 | 000,000,000 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\wklnhst.dat

< End of report >

torreattack
2012-09-17, 13:47
Hi sls0463 :

Please don't take too long to reply.

1. Reminder
a. I saw you are still running Spybot-S&D when running the OTL tool. Please disable the Spybot-S&D before we finish as it might interfere with our fix.
b. Please do another Erunt backup.
note:You can find the instruction to perform these two tasks here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).



2. Repost the logs
Please post the logs that I asked in previous post:
a. Extras.txt from OTL ==>You may find it at your Desktop
b. TDSSKiller log ==>It is located at your C:\



3. Malwarebytes' Anti-Malware (MBAM)
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.



4. Checklist
Please post:
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
Extra.txt
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

sls0463
2012-09-18, 03:25
OTL Extras logfile created on: 9/14/2012 9:04:10 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Shawn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
7.49 Gb Paging File | 5.82 Gb Available in Paging File | 77.67% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.32 Gb Total Space | 207.69 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.98 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 93.05 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

Computer Name: SHAWN-LAPTOP | User Name: Shawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C0F9F6-07E0-4B66-831F-8067B8DA9878}" = lport=137 | protocol=17 | dir=in | app=system |
"{162FAFEB-71B7-4593-ADC1-8A54D8229742}" = rport=138 | protocol=17 | dir=out | app=system |
"{20D770D1-0306-43C8-937C-09C729FB84AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{24F30A51-B517-4E67-9718-3973975DEAE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AA33406-6380-4751-83C9-77DE3BEC7412}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{462B2A25-4B24-4F9D-85B6-16CED061F4B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{732B3092-F5ED-4238-B17E-BA42340E0D52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DFF6F34-6F4D-4F1F-A3FA-75A085BF9835}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5F57FF9-BDEC-413E-8416-7C945304973F}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE88036B-4A46-49D6-98C5-570914F202C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C577DE21-B2DB-40B8-8556-39D59B833B33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D07CCBD3-BFD2-400A-B900-4F70EA5C4258}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E551CFE5-0245-4E46-99F1-18AF9A7FA983}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED68A228-E9F2-4047-83A5-2D1028E69741}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE4E3493-C353-478B-A9AC-B5CBE24610CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD0BFF27-E6F3-499A-B3CA-AA37CB3BE1A0}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000055B4-5563-484C-8D46-473AF300F27C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22FC7D1A-873E-4AE2-8762-FCBBEA90C984}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CD6A366-EAA1-4731-96A0-F016086326B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{4C2E0161-305D-4825-835C-50D09DDB35DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56CC29BF-34AB-4012-9A72-C8613D9A766A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56F2B4E3-1097-45D6-832A-24F899811D04}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5A3F4FBF-F170-4032-9A8B-5A54050EC4FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C05A244-808F-4FD1-ABCB-D9A3F15FA5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{61F80A5B-A5C8-4653-A6F0-D3D28136F485}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7FEA4F46-854A-4017-9912-AE59436C2219}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{809FDF7C-4428-4257-9E9C-EA3183A4886E}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{989AE661-676B-49E6-8992-C8C80F48BF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B40644D1-D49C-4749-B266-EE89442573FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C399381E-B4E6-4137-8987-B9228A869BFA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{CB8B7C1B-2A2E-4928-B39A-989E5E6805C7}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{CDC2D210-D09C-4EAA-A5BF-7C56250C0313}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{DACBC41D-6F30-4B61-992F-2E7746AB48D0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DBC07428-28A8-4AC3-9D1F-7ABC392A0483}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3526838-E54C-4206-B37F-35B20A7FE734}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E4A40AF2-A207-4640-A027-6E1E4E222C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5EE04DF-F380-47D6-A47B-6C29EF6841A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD9596BA-8D72-48A9-A6E5-29CC3262B233}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"TCP Query User{67F3E4F8-6C63-4DC5-A40A-4BD1BAA9B864}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{88D22CDE-D0A6-4F2D-A1D4-1ECBEA42EC79}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C1084716-DF44-4636-895C-F7B8A9709540}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{D138BC93-D777-4578-B8A3-333ECCB53E4D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{1DBA13A0-C34E-43E6-8CE0-ECDCCA6125DB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{76A63462-1B6B-4ADB-80BF-4D4D20B4825D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{A86D6EFF-F398-49A7-ACC4-B4F6038E9578}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CA3ED88D-76C3-447D-B75B-10E05B50C267}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8562DEED-6F07-DA09-A8B4-C2ADD27EB57C}" = ATI Catalyst Install Manager
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{C705B956-E853-9B81-147A-E7CBFBEB9537}" = ccc-utility64
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5BB2352543C023211B5CDA6229832626C218EB7F" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)
"79B5284AC8847651E6939E5B2FB1A473E6C9D19B" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1
"{00160409-78E1-11D2-B60F-006097C998E7}" = Microsoft Outlook 2000 SR-1
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0224236C-9A6B-83C7-3AEA-DAD43B057F5B}" = Catalyst Control Center Localization All
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E977F3C-9902-4980-A34B-A3A5EDF04EE1}" = H&R Block Kansas 2011
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EFF5E76-04E7-4CCB-BFBE-65C2607D1B82}" = H&R Block Missouri 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2D1EC4DD-5EE8-4CA0-A4DE-3BA029C55DFA}" = H&R Block Basic + Efile 2011
"{2F5BCD74-77C1-305E-70FD-8DE0F5D88167}" = Catalyst Control Center Graphics Light
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{30E6CFEE-EDB3-85B2-F6F9-D0AC32E5DF98}" = CCC Help Dutch
"{33780089-63F0-9584-2B02-0C0267798CFF}" = Catalyst Control Center Graphics Full Existing
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C1B592E-B9A7-BFD0-0B6B-3A8C8A251452}" = CCC Help Czech
"{3D808B52-67A6-EE16-E876-23A9BD19DD7A}" = CCC Help Norwegian
"{3EE5D508-587A-8B44-68D4-EB9818E86F31}" = Catalyst Control Center Core Implementation
"{400B5ED2-1745-FF34-94A0-3C268C1BFF6E}" = CCC Help Korean
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{421BEFF3-5178-41F5-8F63-7E6F60B54DB5}" = HP User Guides 0193
"{424D0DE6-670E-4744-99F9-3C84326F4C7B}" = H&R Block Kansas 2010
"{424E1499-55EF-A078-63CC-0F912248A120}" = CCC Help Russian
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABF263B-5913-FD00-48AC-2149D5F4EF50}" = ccc-core-static
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{521AB014-C3BB-F8FA-A112-AAEC4F4F5F76}" = CCC Help Hungarian
"{59EF562E-1038-D633-843A-B3DE7F1D8065}" = Catalyst Control Center Graphics Full New
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B24AEEE-83AA-DC7E-2FCD-C943D6C14133}" = Catalyst Control Center InstallProxy
"{5E015A25-1C72-7C59-23AF-4A2FE4EC4593}" = CCC Help Finnish
"{60314E2C-D2BB-59AE-85FF-459A951F7A85}" = CCC Help Chinese Standard
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69379F6A-4BC5-058A-A853-8C45E9AE650A}" = CCC Help Polish
"{6A1864D3-C66E-99B2-A7FA-CE21E3A4D3A2}" = CCC Help German
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72980902-A69C-3625-15B4-5DEA8D323151}" = CCC Help Italian
"{72BC233F-95BD-0DA6-3724-27A0191F3C9C}" = CCC Help Portuguese
"{77E919AB-E3AE-87E1-926D-F72C4A559985}" = CCC Help Swedish
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7B761517-8421-26A9-A6B4-BC8E48E16EF6}" = Catalyst Control Center Graphics Previews Vista
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A792FD8-0E1C-4A6D-B958-3C8D684D080E}" = H&R Block Missouri 2010
"{8B9EBBAD-3043-EBEF-3061-3732C0229DAA}" = CCC Help Japanese
"{8FA73674-A715-0E82-3516-1447B5384341}" = CCC Help Greek
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{998ABD69-A19E-5D36-4B02-0CDCCF0FECA5}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A67539A1-0696-498F-832E-ACEA50886C80}" = GB Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C21F6361-1194-F15F-113D-C9113BF50219}" = CCC Help Chinese Traditional
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C3F121A1-5750-E394-7035-753A1218CE8F}" = CCC Help French
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6942F6E-5396-9B1A-038C-FCFA52C8AF68}" = CCC Help Danish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE52A16C-8523-2701-1E1F-9657A1D5125F}" = CCC Help Turkish
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3640ED5-F612-9122-2D46-11AE34BD53AB}" = Catalyst Control Center Graphics Previews Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DB42F7-DBC0-13BA-70EE-8DDA41B86963}" = CCC Help English
"{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F92126D3-5BC3-A496-B621-75D39D66AC75}" = CCC Help Thai
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corel Applications" = Corel Applications
"Google Chrome" = Google Chrome
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Picasa 3" = Picasa 3
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"78601cde3e748eeb" = IQS
"HuluDesktop" = Hulu Desktop
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 6:36:18 PM | Computer Name = Shawn-Laptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 10/10/2011 9:29:32 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 9:29:32 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 9:30:01 PM | Computer Name = Shawn-Laptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 10/10/2011 11:35:07 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

Error - 10/10/2011 11:35:07 PM | Computer Name = Shawn-Laptop | Source = MsiInstaller | ID = 11606
Description =

[ Hewlett-Packard Events ]
Error - 2/23/2012 10:51:51 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/22/2012 9:15:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/22/2012 9:15:19 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/28/2012 9:30:43 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/28/2012 9:30:43 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2012 9:55:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2012 9:55:18 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2012 9:55:20 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2012 9:55:21 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 9/6/2012 9:07:46 PM | Computer Name = Shawn-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Wireless Assistant Events ]
Error - 6/20/2012 6:15:07 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/20/2012 6:15:11 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/20/2012 6:15:11 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 6/20/2012 10:31:26 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/21/2012 9:50:34 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/22/2012 7:13:47 PM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/23/2012 8:24:05 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/23/2012 8:34:24 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 6/23/2012 8:34:24 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 6/24/2012 9:33:00 AM | Computer Name = Shawn-Laptop | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ System Events ]
Error - 9/8/2012 12:56:38 AM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/8/2012 12:57:07 AM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
Description =

Error - 9/9/2012 10:23:51 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
Description =

Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10005
Description =

Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 9/9/2012 11:26:45 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 9/12/2012 6:49:56 PM | Computer Name = Shawn-Laptop | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/13/2012 8:34:45 PM | Computer Name = Shawn-Laptop | Source = DCOM | ID = 10010
Description =

Error - 9/13/2012 8:55:06 PM | Computer Name = Shawn-Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.1007.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 9/13/2012 8:55:06 PM | Computer Name = Shawn-Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.1007.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

sls0463
2012-09-18, 03:36
19:29:07.0113 3524 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:29:09.0328 3524 ============================================================
19:29:09.0328 3524 Current date / time: 2012/09/17 19:29:09.0328
19:29:09.0328 3524 SystemInfo:
19:29:09.0328 3524
19:29:09.0328 3524 OS Version: 6.1.7601 ServicePack: 1.0
19:29:09.0328 3524 Product type: Workstation
19:29:09.0328 3524 ComputerName: SHAWN-LAPTOP
19:29:09.0328 3524 UserName: Shawn
19:29:09.0328 3524 Windows directory: C:\Windows
19:29:09.0328 3524 System windows directory: C:\Windows
19:29:09.0328 3524 Running under WOW64
19:29:09.0328 3524 Processor architecture: Intel x64
19:29:09.0328 3524 Number of processors: 2
19:29:09.0328 3524 Page size: 0x1000
19:29:09.0328 3524 Boot type: Normal boot
19:29:09.0328 3524 ============================================================
19:29:12.0151 3524 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:29:12.0245 3524 ============================================================
19:29:12.0245 3524 \Device\Harddisk0\DR0:
19:29:12.0261 3524 MBR partitions:
19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22AA3000
19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22B07000, BlocksNum 0x28F3800
19:29:12.0261 3524 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
19:29:12.0261 3524 ============================================================
19:29:12.0292 3524 C: <-> \Device\Harddisk0\DR0\Partition2
19:29:12.0370 3524 D: <-> \Device\Harddisk0\DR0\Partition3
19:29:12.0432 3524 E: <-> \Device\Harddisk0\DR0\Partition4
19:29:12.0432 3524 ============================================================
19:29:12.0432 3524 Initialize success
19:29:12.0432 3524 ============================================================
19:29:21.0434 0424 ============================================================
19:29:21.0434 0424 Scan started
19:29:21.0434 0424 Mode: Manual; TDLFS;
19:29:21.0434 0424 ============================================================
19:29:22.0370 0424 ================ Scan system memory ========================
19:29:22.0370 0424 System memory - ok
19:29:22.0370 0424 ================ Scan services =============================
19:29:22.0697 0424 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:29:22.0697 0424 1394ohci - ok
19:29:22.0760 0424 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:29:22.0760 0424 Accelerometer - ok
19:29:22.0791 0424 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:29:22.0806 0424 ACPI - ok
19:29:22.0853 0424 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:29:22.0853 0424 AcpiPmi - ok
19:29:23.0056 0424 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:23.0056 0424 AdobeFlashPlayerUpdateSvc - ok
19:29:23.0134 0424 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:23.0134 0424 adp94xx - ok
19:29:23.0196 0424 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:29:23.0196 0424 adpahci - ok
19:29:23.0212 0424 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:29:23.0212 0424 adpu320 - ok
19:29:23.0259 0424 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:29:23.0259 0424 AeLookupSvc - ok
19:29:23.0368 0424 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
19:29:23.0368 0424 AESTFilters - ok
19:29:23.0430 0424 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:29:23.0446 0424 AFD - ok
19:29:23.0508 0424 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:29:23.0508 0424 agp440 - ok
19:29:23.0524 0424 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:29:23.0524 0424 ALG - ok
19:29:23.0571 0424 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:29:23.0571 0424 aliide - ok
19:29:23.0618 0424 [ 0DE7BF2A2E64A841F9ABF9558870D9C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:29:23.0618 0424 AMD External Events Utility - ok
19:29:23.0649 0424 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:29:23.0649 0424 amdide - ok
19:29:23.0696 0424 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:29:23.0696 0424 AmdK8 - ok
19:29:24.0086 0424 [ F284DA3156166B45D02ACC3C228ADE1E ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
19:29:24.0132 0424 amdkmdag - ok
19:29:24.0226 0424 [ 91E1DAF0193BD2AB90B1B35C987237FE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:24.0226 0424 amdkmdap - ok
19:29:24.0273 0424 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:29:24.0288 0424 AmdPPM - ok
19:29:24.0320 0424 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:29:24.0320 0424 amdsata - ok
19:29:24.0366 0424 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:24.0366 0424 amdsbs - ok
19:29:24.0382 0424 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:29:24.0398 0424 amdxata - ok
19:29:24.0460 0424 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:29:24.0460 0424 AppID - ok
19:29:24.0491 0424 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:29:24.0491 0424 AppIDSvc - ok
19:29:24.0522 0424 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:29:24.0522 0424 Appinfo - ok
19:29:24.0585 0424 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:29:24.0585 0424 arc - ok
19:29:24.0600 0424 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:29:24.0616 0424 arcsas - ok
19:29:24.0694 0424 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:29:24.0694 0424 aswFsBlk - ok
19:29:24.0772 0424 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:29:24.0772 0424 aswMonFlt - ok
19:29:24.0819 0424 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:29:24.0819 0424 aswRdr - ok
19:29:24.0881 0424 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:29:24.0897 0424 aswSnx - ok
19:29:24.0928 0424 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:29:24.0928 0424 aswSP - ok
19:29:24.0959 0424 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:29:24.0959 0424 aswTdi - ok
19:29:24.0975 0424 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:24.0975 0424 AsyncMac - ok
19:29:25.0006 0424 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:29:25.0006 0424 atapi - ok
19:29:25.0068 0424 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:29:25.0068 0424 AtiHdmiService - ok
19:29:25.0115 0424 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:29:25.0115 0424 AtiPcie - ok
19:29:25.0162 0424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:29:25.0178 0424 AudioEndpointBuilder - ok
19:29:25.0193 0424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:29:25.0193 0424 AudioSrv - ok
19:29:25.0380 0424 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:29:25.0380 0424 avast! Antivirus - ok
19:29:25.0443 0424 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:29:25.0458 0424 AxInstSV - ok
19:29:25.0552 0424 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:29:25.0552 0424 b06bdrv - ok
19:29:25.0630 0424 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:25.0646 0424 b57nd60a - ok
19:29:25.0864 0424 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:29:25.0864 0424 BBSvc - ok
19:29:26.0036 0424 [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:29:26.0051 0424 BCM43XX - ok
19:29:26.0145 0424 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:29:26.0145 0424 BDESVC - ok
19:29:26.0348 0424 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:29:26.0348 0424 Beep - ok
19:29:26.0426 0424 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:29:26.0426 0424 BFE - ok
19:29:26.0644 0424 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:29:26.0660 0424 BITS - ok
19:29:26.0738 0424 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:26.0738 0424 blbdrive - ok
19:29:26.0800 0424 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:29:26.0800 0424 bowser - ok
19:29:26.0862 0424 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:26.0862 0424 BrFiltLo - ok
19:29:26.0894 0424 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:26.0894 0424 BrFiltUp - ok
19:29:26.0972 0424 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:29:26.0972 0424 Browser - ok
19:29:27.0050 0424 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:29:27.0050 0424 Brserid - ok
19:29:27.0096 0424 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:27.0096 0424 BrSerWdm - ok
19:29:27.0143 0424 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:27.0143 0424 BrUsbMdm - ok
19:29:27.0174 0424 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:27.0174 0424 BrUsbSer - ok
19:29:27.0237 0424 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
19:29:27.0237 0424 BTCFilterService - ok
19:29:27.0315 0424 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:29:27.0315 0424 BthEnum - ok
19:29:27.0346 0424 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:27.0362 0424 BTHMODEM - ok
19:29:27.0393 0424 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:29:27.0393 0424 BthPan - ok
19:29:27.0486 0424 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:29:27.0502 0424 BTHPORT - ok
19:29:27.0580 0424 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:29:27.0580 0424 bthserv - ok
19:29:27.0642 0424 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB

sls0463
2012-09-18, 03:36
C:\Windows\System32\Drivers\BTHUSB.sys
19:29:27.0642 0424 BTHUSB - ok
19:29:27.0674 0424 [ 17D2E427EA4D2ACB8AED728F72F75D5D ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
19:29:27.0689 0424 btwampfl - ok
19:29:27.0752 0424 [ C4DF9BC1FBF261CADB2C73181A17CCFF ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:29:27.0752 0424 btwaudio - ok
19:29:27.0798 0424 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:29:27.0798 0424 btwavdt - ok
19:29:27.0923 0424 [ 0AC0D9ADCE627225E2FEDF15676A0FAB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:29:27.0939 0424 btwdins - ok
19:29:27.0954 0424 [ 06E96CF5C046F7CAB4AA131DF6E2B9BC ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:29:27.0954 0424 btwl2cap - ok
19:29:27.0970 0424 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:29:27.0970 0424 btwrchid - ok
19:29:28.0001 0424 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:29:28.0001 0424 cdfs - ok
19:29:28.0079 0424 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:29:28.0079 0424 cdrom - ok
19:29:28.0142 0424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:29:28.0142 0424 CertPropSvc - ok
19:29:28.0204 0424 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
19:29:28.0204 0424 CinemaNow Service - ok
19:29:28.0282 0424 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:29:28.0282 0424 circlass - ok
19:29:28.0313 0424 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:29:28.0329 0424 CLFS - ok
19:29:28.0656 0424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:28.0672 0424 clr_optimization_v2.0.50727_32 - ok
19:29:28.0953 0424 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:28.0953 0424 clr_optimization_v2.0.50727_64 - ok
19:29:29.0046 0424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:29.0046 0424 clr_optimization_v4.0.30319_32 - ok
19:29:29.0109 0424 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:29.0109 0424 clr_optimization_v4.0.30319_64 - ok
19:29:29.0171 0424 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:29.0171 0424 CmBatt - ok
19:29:29.0202 0424 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:29:29.0202 0424 cmdide - ok
19:29:29.0296 0424 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:29:29.0296 0424 CNG - ok
19:29:29.0358 0424 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:29:29.0358 0424 Compbatt - ok
19:29:29.0421 0424 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:29:29.0421 0424 CompositeBus - ok
19:29:29.0452 0424 COMSysApp - ok
19:29:29.0499 0424 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:29.0499 0424 crcdisk - ok
19:29:29.0546 0424 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:29:29.0546 0424 CryptSvc - ok
19:29:29.0608 0424 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:29:29.0608 0424 dc3d - ok
19:29:29.0702 0424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:29:29.0717 0424 DcomLaunch - ok
19:29:29.0780 0424 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:29:29.0780 0424 defragsvc - ok
19:29:29.0811 0424 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:29:29.0811 0424 DfsC - ok
19:29:29.0826 0424 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:29:29.0842 0424 Dhcp - ok
19:29:29.0858 0424 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:29:29.0858 0424 discache - ok
19:29:29.0920 0424 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:29:29.0920 0424 Disk - ok
19:29:29.0998 0424 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:29:29.0998 0424 Dnscache - ok
19:29:30.0107 0424 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:29:30.0123 0424 dot3svc - ok
19:29:30.0154 0424 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:29:30.0154 0424 DPS - ok
19:29:30.0201 0424 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:29:30.0201 0424 drmkaud - ok
19:29:30.0248 0424 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
19:29:30.0263 0424 DVMIO - ok
19:29:30.0419 0424 [ 5EB46032ECA199F4721EB1915B5383C8 ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
19:29:30.0435 0424 DvmMDES - ok
19:29:30.0497 0424 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:29:30.0513 0424 DXGKrnl - ok
19:29:30.0560 0424 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:29:30.0560 0424 EapHost - ok
19:29:30.0653 0424 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:29:30.0684 0424 ebdrv - ok
19:29:30.0716 0424 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:29:30.0716 0424 EFS - ok
19:29:30.0825 0424 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:29:30.0825 0424 ehRecvr - ok
19:29:30.0856 0424 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:29:30.0872 0424 ehSched - ok
19:29:30.0996 0424 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:29:31.0012 0424 elxstor - ok
19:29:31.0043 0424 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:29:31.0043 0424 ErrDev - ok
19:29:31.0137 0424 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:29:31.0152 0424 EventSystem - ok
19:29:31.0199 0424 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:29:31.0199 0424 exfat - ok
19:29:31.0246 0424 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:29:31.0246 0424 fastfat - ok
19:29:31.0308 0424 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:29:31.0324 0424 Fax - ok
19:29:31.0355 0424 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:29:31.0355 0424 fdc - ok
19:29:31.0402 0424 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:29:31.0402 0424 fdPHost - ok
19:29:31.0433 0424 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:29:31.0449 0424 FDResPub - ok
19:29:31.0480 0424 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:29:31.0480 0424 FileInfo - ok
19:29:31.0496 0424 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:29:31.0496 0424 Filetrace - ok
19:29:31.0542 0424 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:31.0542 0424 flpydisk - ok
19:29:31.0620 0424 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:29:31.0620 0424 FltMgr - ok
19:29:31.0745 0424 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:29:31.0761 0424 FontCache - ok
19:29:31.0870 0424 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:31.0886 0424 FontCache3.0.0.0 - ok
19:29:31.0948 0424 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:29:31.0948 0424 FsDepends - ok
19:29:31.0995 0424 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:29:31.0995 0424 Fs_Rec - ok
19:29:32.0057 0424 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:29:32.0057 0424 fvevol - ok
19:29:32.0120 0424 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:32.0120 0424 gagp30kx - ok
19:29:32.0229 0424 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:29:32.0229 0424 GameConsoleService - ok
19:29:32.0354 0424 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:29:32.0369 0424 gpsvc - ok
19:29:32.0525 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:32.0525 0424 gupdate - ok
19:29:32.0556 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:32.0572 0424 gupdatem - ok
19:29:32.0634 0424 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:29:32.0650 0424 gusvc - ok
19:29:32.0666 0424 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:29:32.0666 0424 hcw85cir - ok
19:29:32.0712 0424 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:29:32.0712 0424 HdAudAddService - ok
19:29:32.0790 0424 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:29:32.0790 0424 HDAudBus - ok
19:29:32.0837 0424 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:32.0837 0424 HidBatt - ok
19:29:32.0868 0424 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:29:32.0884 0424 HidBth - ok
19:29:32.0915 0424 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:29:32.0931 0424 HidIr - ok
19:29:33.0040 0424 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:29:33.0040 0424 hidserv - ok
19:29:33.0087 0424 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:29:33.0087 0424 HidUsb - ok
19:29:33.0165 0424 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:29:33.0165 0424 hkmsvc - ok
19:29:33.0258 0424 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:29:33.0274 0424 HomeGroupListener - ok
19:29:33.0352 0424 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:29:33.0368 0424 HomeGroupProvider - ok
19:29:33.0477 0424 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:29:33.0477 0424 HP Health Check Service - ok
19:29:33.0570 0424 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:29:33.0570 0424 HP Wireless Assistant Service - ok
19:29:33.0633 0424 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:29:33.0633 0424 hpdskflt - ok
19:29:33.0680 0424 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:29:33.0680 0424 hpqwmiex - ok
19:29:33.0758 0424 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:29:33.0758 0424 HpSAMD - ok
19:29:33.0789 0424 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
19:29:33.0804 0424 hpsrv - ok
19:29:33.0851 0424 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:29:33.0851 0424 HPWMISVC - ok
19:29:34.0116 0424 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:29:34.0132 0424 HTTP - ok
19:29:34.0210 0424 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:29:34.0210 0424 hwpolicy - ok
19:29:34.0272 0424 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:29:34.0288 0424 i8042prt - ok
19:29:34.0335 0424 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:29:34.0350 0424 iaStorV - ok
19:29:34.0506 0424 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:34.0522 0424 idsvc - ok
19:29:34.0662 0424 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:29:34.0725 0424 igfx - ok
19:29:34.0787 0424 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:29:34.0787 0424 iirsp - ok
19:29:35.0006 0424 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:29:35.0021 0424 IKEEXT - ok
19:29:35.0068 0424 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:29:35.0068 0424 intelide - ok
19:29:35.0115 0424 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:29:35.0115 0424 intelppm - ok
19:29:35.0162 0424 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:29:35.0162 0424 IPBusEnum - ok
19:29:35.0208 0424 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:35.0208 0424 IpFilterDriver - ok
19:29:35.0349 0424 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:29:35.0364 0424 iphlpsvc - ok
19:29:35.0411 0424 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:29:35.0411 0424 IPMIDRV - ok
19:29:35.0442 0424 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:29:35.0458 0424 IPNAT - ok
19:29:35.0505 0424 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:29:35.0505 0424 IRENUM - ok
19:29:35.0552 0424 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:29:35.0552 0424 isapnp - ok
19:29:35.0583 0424 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:29:35.0583 0424 iScsiPrt - ok
19:29:35.0630 0424 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:29:35.0630 0424 kbdclass - ok
19:29:35.0676 0424 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:29:35.0676 0424 kbdhid - ok
19:29:35.0708 0424 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:29:35.0708 0424 KeyIso - ok
19:29:35.0754 0424 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:29:35.0770 0424 KSecDD - ok
19:29:35.0832 0424 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:29:35.0832 0424 KSecPkg - ok
19:29:35.0848 0424 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:29:35.0864 0424 ksthunk - ok
19:29:35.0895 0424 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:29:35.0910 0424 KtmRm - ok
19:29:35.0973 0424 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:29:35.0988 0424 LanmanServer - ok
19:29:36.0020 0424 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:29:36.0020 0424 LanmanWorkstation - ok
19:29:36.0098 0424 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:29:36.0098 0424 LightScribeService - ok
19:29:36.0160 0424 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:29:36.0160 0424 lltdio - ok
19:29:36.0207 0424 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:29:36.0207 0424 lltdsvc - ok
19:29:36.0238 0424 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:29:36.0238 0424 lmhosts - ok
19:29:36.0285 0424 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:36.0285 0424 LSI_FC - ok
19:29:36.0316 0424 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:36.0316 0424 LSI_SAS - ok
19:29:36.0347 0424 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:36.0347 0424 LSI_SAS2 - ok
19:29:36.0363 0424 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:36.0363 0424 LSI_SCSI - ok
19:29:36.0425 0424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:29:36.0441 0424 luafv - ok
19:29:36.0503 0424 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:29:36.0503 0424 MBAMProtector - ok
19:29:36.0581 0424 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:29:36.0597 0424 MBAMService - ok
19:29:36.0628 0424 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:29:36.0644 0424 Mcx2Svc - ok
19:29:36.0675 0424 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:29:36.0675 0424 megasas - ok
19:29:36.0768 0424 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:36.0768 0424 MegaSR - ok
19:29:36.0846 0424 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:29:36.0846 0424 MMCSS - ok
19:29:36.0878 0424 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:29:36.0878 0424 Modem - ok
19:29:36.0893 0424 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:29:36.0893 0424 monitor - ok
19:29:36.0956 0424 [ 93F5ADCAD940111F6D4D71AE1D9EC7F6 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
19:29:36.0956 0424 motccgp - ok
19:29:37.0018 0424 [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
19:29:37.0018 0424 motccgpfl - ok
19:29:37.0080 0424 [ DB83DC223B9133DA3E41AFCBDECC46B5 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
19:29:37.0080 0424 motmodem - ok
19:29:37.0143 0424 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
19:29:37.0143 0424 MotoHelper - ok
19:29:37.0174 0424 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
19:29:37.0174 0424 MotoSwitchService - ok
19:29:37.0205 0424 [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
19:29:37.0205 0424 Motousbnet - ok
19:29:37.0268 0424 [ 307727F9829FB46FF4BE0E4D1DAC5002 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
19:29:37.0268 0424 motusbdevice - ok
19:29:37.0314 0424 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:29:37.0314 0424 mouclass - ok
19:29:37.0377 0424 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:29:37.0377 0424 mouhid - ok
19:29:37.0424 0424 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:29:37.0424 0424 mountmgr - ok
19:29:37.0502 0424 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:29:37.0517 0424 MozillaMaintenance - ok
19:29:37.0626 0424 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:29:37.0642 0424 MpFilter - ok
19:29:37.0704 0424 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:29:37.0704 0424 mpio - ok
19:29:37.0736 0424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:29:37.0736 0424 mpsdrv - ok
19:29:37.0860 0424 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:29:37.0876 0424 MpsSvc - ok
19:29:37.0907 0424 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:29:37.0907 0424 MRxDAV - ok
19:29:37.0954 0424 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:37.0970 0424 mrxsmb - ok
19:29:38.0032 0424 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:38.0032 0424 mrxsmb10 - ok
19:29:38.0094 0424 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:38.0094 0424 mrxsmb20 - ok
19:29:38.0157 0424 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:29:38.0157 0424 msahci - ok
19:29:38.0204 0424 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:29:38.0204 0424 msdsm - ok
19:29:38.0235 0424 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:29:38.0235 0424 MSDTC - ok
19:29:38.0328 0424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:29:38.0328 0424 Msfs - ok
19:29:38.0375 0424 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:29:38.0375 0424 mshidkmdf - ok
19:29:38.0375 0424 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:29:38.0391 0424 msisadrv - ok
19:29:38.0438 0424 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:29:38.0453 0424 MSiSCSI - ok
19:29:38.0453 0424 msiserver - ok
19:29:38.0531 0424 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:29:38.0531 0424 MSKSSRV - ok
19:29:38.0812 0424 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:29:38.0812 0424 MsMpSvc - ok
19:29:38.0859 0424 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:38.0859 0424 MSPCLOCK - ok
19:29:38.0874 0424 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:29:38.0874 0424 MSPQM - ok
19:29:38.0906 0424 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:29:38.0921 0424 MsRPC - ok
19:29:38.0952 0424 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:29:38.0952 0424 mssmbios - ok
19:29:38.0984 0424 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:29:38.0984 0424 MSTEE - ok
19:29:39.0015 0424 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:39.0015 0424 MTConfig - ok
19:29:39.0062 0424 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:29:39.0062 0424 Mup - ok
19:29:39.0108 0424 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:29:39.0124 0424 napagent - ok
19:29:39.0202 0424 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:29:39.0218 0424 NativeWifiP - ok
19:29:39.0280 0424 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:29:39.0296 0424 NDIS - ok
19:29:39.0311 0424 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:39.0311 0424 NdisCap - ok
19:29:39.0358 0424 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:39.0358 0424 NdisTapi - ok
19:29:39.0389 0424 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:39.0389 0424 Ndisuio - ok
19:29:39.0436 0424 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:39.0436 0424 NdisWan - ok
19:29:39.0467 0424 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:29:39.0467 0424 NDProxy - ok
19:29:39.0639 0424 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:29:39.0639 0424 NetBIOS - ok
19:29:39.0826 0424 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:29:39.0826 0424 NetBT - ok
19:29:39.0857 0424 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:29:39.0857 0424 Netlogon - ok
19:29:39.0920 0424 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:29:39.0935 0424 Netman - ok
19:29:39.0951 0424 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:29:39.0951 0424 netprofm - ok
19:29:39.0982 0424 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:29:39.0982 0424 NetTcpPortSharing - ok
19:29:40.0169 0424 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:29:40.0200 0424 netw5v64 - ok
19:29:40.0263 0424 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:40.0263 0424 nfrd960 - ok
19:29:40.0341 0424 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:29:40.0356 0424 NisDrv - ok
19:29:40.0419 0424 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:29:40.0419 0424 NisSrv - ok
19:29:40.0466 0424 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:29:40.0481 0424 NlaSvc - ok
19:29:40.0528 0424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:29:40.0528 0424 Npfs - ok
19:29:40.0575 0424 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:29:40.0575 0424 nsi - ok
19:29:40.0590 0424 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:29:40.0590 0424 nsiproxy - ok
19:29:40.0700 0424 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:29:40.0715 0424 Ntfs - ok
19:29:40.0762 0424 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:29:40.0762 0424 Null - ok
19:29:40.0856 0424 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:29:40.0856 0424 nvraid - ok
19:29:40.0887 0424 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:29:40.0887 0424 nvstor - ok
19:29:40.0902 0424 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:29:40.0918 0424 nv_agp - ok
19:29:40.0934 0424 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:29:40.0934 0424 ohci1394 - ok
19:29:41.0012 0424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:29:41.0027 0424 p2pimsvc - ok
19:29:41.0090 0424 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:29:41.0105 0424 p2psvc - ok
19:29:41.0136 0424 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:29:41.0136 0424 Parport - ok
19:29:41.0168 0424 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:29:41.0168 0424 partmgr - ok
19:29:41.0230 0424 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:29:41.0230 0424 PcaSvc - ok
19:29:41.0308 0424 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:29:41.0308 0424 pci - ok
19:29:41.0339 0424 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:29:41.0339 0424 pciide - ok
19:29:41.0402 0424 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:41.0402 0424 pcmcia - ok
19:29:41.0433 0424 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:29:41.0433 0424 pcw - ok
19:29:41.0480 0424 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:29:41.0495 0424 PEAUTH - ok
19:29:41.0838 0424 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:29:41.0854 0424 PerfHost - ok
19:29:41.0994 0424 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:29:42.0026 0424 pla - ok
19:29:42.0104 0424 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:29:42.0104 0424 PlugPlay - ok
19:29:42.0150 0424 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:29:42.0150 0424 PNRPAutoReg - ok
19:29:42.0213 0424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:29:42.0213 0424 PNRPsvc - ok
19:29:42.0306 0424 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:29:42.0306 0424 Point64 - ok
19:29:42.0353 0424 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:29:42.0369 0424 PolicyAgent - ok
19:29:42.0416 0424 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:29:42.0431 0424 Power - ok
19:29:42.0494 0424 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:29:42.0494 0424 PptpMiniport - ok
19:29:42.0540 0424 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:29:42.0540 0424 Processor - ok
19:29:42.0618 0424 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:29:42.0634 0424 ProfSvc - ok
19:29:42.0650 0424 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:29:42.0665 0424 ProtectedStorage - ok
19:29:42.0696 0424 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:29:42.0696 0424 Psched - ok
19:29:42.0806 0424 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:29:42.0821 0424 ql2300 - ok
19:29:43.0024 0424 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:43.0024 0424 ql40xx - ok
19:29:43.0102 0424 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:29:43.0118 0424 QWAVE - ok
19:29:43.0242 0424 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:29:43.0258 0424 QWAVEdrv - ok
19:29:43.0274 0424 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:29:43.0289 0424 RasAcd - ok
19:29:43.0336 0424 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:43.0336 0424 RasAgileVpn - ok
19:29:43.0383 0424 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:29:43.0383 0424 RasAuto - ok
19:29:43.0414 0424 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:43.0414 0424 Rasl2tp - ok
19:29:43.0461 0424 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:29:43.0461 0424 RasMan - ok
19:29:43.0492 0424 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:43.0492 0424 RasPppoe - ok
19:29:43.0492 0424 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:29:43.0492 0424 RasSstp - ok
19:29:43.0554 0424 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:29:43.0554 0424 rdbss - ok
19:29:43.0570 0424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:43.0586 0424 rdpbus - ok
19:29:43.0601 0424 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:43.0601 0424 RDPCDD - ok
19:29:43.0664 0424 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:29:43.0664 0424 RDPENCDD - ok
19:29:43.0695 0424 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:29:43.0710 0424 RDPREFMP - ok
19:29:43.0742 0424 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:29:43.0742 0424 RDPWD - ok
19:29:43.0820 0424 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:29:43.0835 0424 rdyboost - ok
19:29:43.0882 0424 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:29:43.0882 0424 RemoteAccess - ok
19:29:43.0976 0424 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:29:43.0991 0424 RemoteRegistry - ok
19:29:44.0054 0424 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:44.0054 0424 RFCOMM - ok
19:29:44.0116 0424 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:29:44.0116 0424 RpcEptMapper - ok
19:29:44.0194 0424 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:29:44.0194 0424 RpcLocator - ok
19:29:44.0272 0424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:29:44.0288 0424 RpcSs - ok
19:29:44.0397 0424 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:29:44.0397 0424 rspndr - ok
19:29:44.0475 0424 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:29:44.0475 0424 RSUSBSTOR - ok
19:29:44.0506 0424 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:44.0522 0424 RTL8167 - ok
19:29:44.0537 0424 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:29:44.0537 0424 SamSs - ok
19:29:44.0584 0424 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:29:44.0584 0424 sbp2port - ok
19:29:45.0036 0424 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:29:45.0052 0424 SBSDWSCService - ok
19:29:45.0130 0424 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:29:45.0146 0424 SCardSvr - ok
19:29:45.0208 0424 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:29:45.0208 0424 scfilter - ok
19:29:45.0489 0424 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:29:45.0504 0424 Schedule - ok
19:29:45.0582 0424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:29:45.0582 0424 SCPolicySvc - ok
19:29:45.0660 0424 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:29:45.0676 0424 sdbus - ok
19:29:45.0770 0424 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:29:45.0770 0424 SDRSVC - ok
19:29:45.0988 0424 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:29:45.0988 0424 SeaPort - ok
19:29:46.0066 0424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:29:46.0066 0424 secdrv - ok
19:29:46.0128 0424 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:29:46.0144 0424 seclogon - ok
19:29:46.0206 0424 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:29:46.0206 0424 SENS - ok
19:29:46.0316 0424 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:29:46.0331 0424 SensrSvc - ok
19:29:46.0409 0424 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:29:46.0409 0424 Serenum - ok
19:29:46.0456 0424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:29:46.0456 0424 Serial - ok
19:29:46.0534 0424 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:29:46.0534 0424 sermouse - ok
19:29:46.0643 0424 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:29:46.0659 0424 SessionEnv - ok
19:29:46.0706 0424 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:29:46.0706 0424 sffdisk - ok
19:29:46.0737 0424 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:29:46.0752 0424 sffp_mmc - ok
19:29:46.0784 0424 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:29:46.0784 0424 sffp_sd - ok
19:29:46.0815 0424 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:46.0830 0424 sfloppy - ok
19:29:46.0940 0424 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:29:46.0955 0424 SharedAccess - ok
19:29:47.0018 0424 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:47.0033 0424 ShellHWDetection - ok
19:29:47.0127 0424 [ 720088AAD691FF1D90BE8EC28727F6CA ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
19:29:47.0142 0424 silabenm - ok
19:29:47.0174 0424 [ 3A639FC33AD3D4897C301130214D7FF0 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
19:29:47.0174 0424 silabser - ok
19:29:47.0252 0424 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:47.0252 0424 SiSRaid2 - ok
19:29:47.0330 0424 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:47.0330 0424 SiSRaid4 - ok
19:29:47.0423 0424 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:29:47.0439 0424 Smb - ok
19:29:47.0517 0424 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:29:47.0517 0424 SNMPTRAP - ok
19:29:47.0564 0424 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:29:47.0564 0424 spldr - ok
19:29:47.0688 0424 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:29:47.0704 0424 Spooler - ok
19:29:48.0172 0424 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:29:48.0188 0424 sppsvc - ok
19:29:48.0266 0424 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:29:48.0266 0424 sppuinotify - ok
19:29:48.0344 0424 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:29:48.0359 0424 srv - ok
19:29:48.0453 0424 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:29:48.0468 0424 srv2 - ok
19:29:48.0593 0424 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:29:48.0609 0424 SrvHsfHDA - ok
19:29:48.0968 0424 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:29:48.0983 0424 SrvHsfV92 - ok
19:29:49.0186 0424 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:29:49.0202 0424 SrvHsfWinac - ok
19:29:49.0248 0424 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:29:49.0248 0424 srvnet - ok
19:29:49.0389 0424 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:29:49.0404 0424 SSDPSRV - ok
19:29:49.0451 0424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:29:49.0451 0424 SstpSvc - ok
19:29:49.0748 0424 [ 7F30633A5AEC81140DBC6DAAAEBD0CBE ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
19:29:49.0748 0424 STacSV - ok
19:29:49.0794 0424 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:29:49.0794 0424 stexstor - ok
19:29:49.0982 0424 [ F991751C2477257BBCEDB364A0F449B4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:29:49.0982 0424 STHDA - ok
19:29:50.0075 0424 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:29:50.0091 0424 stisvc - ok
19:29:50.0153 0424 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:29:50.0153 0424 swenum - ok
19:29:50.0247 0424 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:29:50.0262 0424 swprv - ok
19:29:50.0356 0424 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:29:50.0356 0424 SynTP - ok
19:29:50.0434 0424 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:29:50.0450 0424 SysMain - ok
19:29:50.0496 0424 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:50.0512 0424 TabletInputService - ok
19:29:50.0637 0424 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:29:50.0637 0424 TapiSrv - ok
19:29:50.0684 0424 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:29:50.0684 0424 TBS - ok
19:29:50.0793 0424 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:29:50.0824 0424 Tcpip - ok
19:29:51.0183 0424 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:29:51.0198 0424 TCPIP6 - ok
19:29:51.0245 0424 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:29:51.0245 0424 tcpipreg - ok
19:29:51.0323 0424 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:29:51.0323 0424 TDPIPE - ok
19:29:51.0401 0424 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:29:51.0401 0424 TDTCP - ok
19:29:51.0448 0424 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:29:51.0448 0424 tdx - ok
19:29:51.0510 0424 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:29:51.0510 0424 TermDD - ok
19:29:51.0666 0424 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:29:51.0682 0424 TermService - ok
19:29:51.0729 0424 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:29:51.0744 0424 Themes - ok
19:29:51.0822 0424 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:29:51.0822 0424 THREADORDER - ok
19:29:51.0854 0424 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:29:51.0869 0424 TrkWks - ok
19:29:51.0932 0424 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:51.0932 0424 TrustedInstaller - ok
19:29:51.0978 0424 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:51.0978 0424 tssecsrv - ok
19:29:52.0072 0424 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:29:52.0072 0424 TsUsbFlt - ok
19:29:52.0119 0424 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:29:52.0134 0424 tunnel - ok
19:29:52.0181 0424 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:29:52.0181 0424 uagp35 - ok
19:29:52.0275 0424 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:29:52.0275 0424 udfs - ok
19:29:52.0322 0424 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:29:52.0322 0424 UI0Detect - ok
19:29:52.0337 0424 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:29:52.0337 0424 uliagpkx - ok
19:29:52.0400 0424 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:29:52.0400 0424 umbus - ok
19:29:52.0462 0424 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:29:52.0462 0424 UmPass - ok
19:29:52.0571 0424 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:29:52.0587 0424 upnphost - ok
19:29:52.0618 0424 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:52.0634 0424 usbccgp - ok
19:29:52.0680 0424 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:29:52.0680 0424 usbcir - ok
19:29:52.0696 0424 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:29:52.0696 0424 usbehci - ok
19:29:52.0758 0424 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:29:52.0758 0424 usbfilter - ok
19:29:52.0774 0424 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:29:52.0774 0424 usbhub - ok
19:29:52.0852 0424 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:29:52.0852 0424 usbohci - ok
19:29:52.0930 0424 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:29:52.0930 0424 usbprint - ok
19:29:52.0977 0424 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:29:52.0992 0424 usbscan - ok
19:29:53.0039 0424 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
19:29:53.0039 0424 USBSTOR - ok
19:29:53.0086 0424 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:29:53.0086 0424 usbuhci - ok
19:29:53.0133 0424 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:29:53.0148 0424 usbvideo - ok
19:29:53.0211 0424 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:29:53.0211 0424 UxSms - ok
19:29:53.0226 0424 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:29:53.0226 0424 VaultSvc - ok
19:29:53.0273 0424 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:29:53.0289 0424 vdrvroot - ok
19:29:53.0429 0424 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:29:53.0429 0424 vds - ok
19:29:53.0476 0424 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:53.0492 0424 vga - ok
19:29:53.0507 0424 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:29:53.0507 0424 VgaSave - ok
19:29:53.0585 0424 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:29:53.0601 0424 vhdmp - ok
19:29:53.0648 0424 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:29:53.0648 0424 viaide - ok
19:29:53.0694 0424 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:29:53.0694 0424 volmgr - ok
19:29:53.0804 0424 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:29:53.0804 0424 volmgrx - ok
19:29:53.0897 0424 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:29:53.0897 0424 volsnap - ok
19:29:53.0975 0424 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:53.0975 0424 vsmraid - ok
19:29:54.0443 0424 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:29:54.0474 0424 VSS - ok
19:29:54.0552 0424 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:54.0552 0424 vwifibus - ok
19:29:54.0568 0424 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:54.0584 0424 vwififlt - ok
19:29:54.0662 0424 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:29:54.0677 0424 W32Time - ok
19:29:54.0724 0424 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:29:54.0724 0424 WacomPen - ok
19:29:54.0771 0424 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:29:54.0786 0424 WANARP - ok
19:29:54.0786 0424 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:29:54.0786 0424 Wanarpv6 - ok
19:29:54.0880 0424 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:29:54.0896 0424 WatAdminSvc - ok
19:29:55.0083 0424 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:29:55.0114 0424 wbengine - ok
19:29:55.0176 0424 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:29:55.0192 0424 WbioSrvc - ok
19:29:55.0270 0424 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:29:55.0286 0424 wcncsvc - ok
19:29:55.0332 0424 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:55.0332 0424 WcsPlugInService - ok
19:29:55.0379 0424 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:29:55.0379 0424 Wd - ok
19:29:55.0582 0424 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:29:55.0598 0424 Wdf01000 - ok
19:29:55.0629 0424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:29:55.0644 0424 WdiServiceHost - ok
19:29:55.0644 0424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:29:55.0660 0424 WdiSystemHost - ok
19:29:55.0754 0424 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:29:55.0769 0424 WebClient - ok
19:29:55.0832 0424 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:29:55.0832 0424 Wecsvc - ok
19:29:55.0863 0424 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:29:55.0863 0424 wercplsupport - ok
19:29:55.0910 0424 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:29:55.0925 0424 WerSvc - ok
19:29:55.0972 0424 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:55.0972 0424 WfpLwf - ok
19:29:56.0003 0424 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:29:56.0003 0424 WIMMount - ok
19:29:56.0034 0424 WinDefend - ok
19:29:56.0050 0424 WinHttpAutoProxySvc - ok
19:29:56.0378 0424 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:29:56.0378 0424 Winmgmt - ok
19:29:56.0658 0424 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:29:56.0674 0424 WinRM - ok
19:29:56.0752 0424 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:56.0752 0424 WinUsb - ok
19:29:56.0814 0424 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:29:56.0846 0424 Wlansvc - ok
19:29:57.0189 0424 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:57.0220 0424 wlidsvc - ok
19:29:57.0251 0424 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:29:57.0251 0424 WmiAcpi - ok
19:29:57.0345 0424 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:29:57.0345 0424 wmiApSrv - ok
19:29:57.0423 0424 WMPNetworkSvc - ok
19:29:57.0548 0424 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:29:57.0548 0424 WPCSvc - ok
19:29:57.0610 0424 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:29:57.0626 0424 WPDBusEnum - ok
19:29:57.0657 0424 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:29:57.0657 0424 ws2ifsl - ok
19:29:57.0672 0424 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:29:57.0688 0424 wscsvc - ok
19:29:57.0688 0424 WSearch - ok
19:29:57.0984 0424 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:29:58.0016 0424 wuauserv - ok
19:29:58.0047 0424 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:29:58.0047 0424 WudfPf - ok
19:29:58.0094 0424 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:58.0094 0424 WUDFRd - ok
19:29:58.0172 0424 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:29:58.0172 0424 wudfsvc - ok
19:29:58.0234 0424 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:29:58.0250 0424 WwanSvc - ok
19:29:58.0421 0424 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:29:58.0421 0424 YahooAUService - ok
19:29:58.0499 0424 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:29:58.0515 0424 yukonw7 - ok
19:29:58.0546 0424 ================ Scan global ===============================
19:29:58.0577 0424 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:29:58.0640 0424 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:29:58.0655 0424 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:29:58.0702 0424 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:29:58.0780 0424 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:29:58.0796 0424 [Global] - ok
19:29:58.0796 0424 ================ Scan MBR ==================================
19:29:58.0827 0424 [ BDD3CFA7D4C103871B2A8A57BD6DA235 ] \Device\Harddisk0\DR0
19:29:59.0622 0424 \Device\Harddisk0\DR0 - ok
19:29:59.0622 0424 ================ Scan VBR ==================================
19:29:59.0654 0424 [ 1AFBF4A297084A4FF4363FB6BB258BF8 ] \Device\Harddisk0\DR0\Partition1
19:29:59.0654 0424 \Device\Harddisk0\DR0\Partition1 - ok
19:29:59.0669 0424 [ 05E4B7EDDDC82CC3D0A07D48EC870EBA ] \Device\Harddisk0\DR0\Partition2
19:29:59.0685 0424 \Device\Harddisk0\DR0\Partition2 - ok
19:29:59.0716 0424 [ A19864966E39CA2505B9D5F4A6D183A9 ] \Device\Harddisk0\DR0\Partition3
19:29:59.0716 0424 \Device\Harddisk0\DR0\Partition3 - ok
19:29:59.0732 0424 [ F15AF17865D63C90FFD4B7652B59240A ] \Device\Harddisk0\DR0\Partition4
19:29:59.0794 0424 \Device\Harddisk0\DR0\Partition4 - ok
19:29:59.0810 0424 ============================================================
19:29:59.0810 0424 Scan finished
19:29:59.0810 0424 ============================================================
19:29:59.0825 5004 Detected object count: 0
19:29:59.0825 5004 Actual detected object count: 0

sls0463
2012-09-18, 03:55
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shawn :: SHAWN-LAPTOP [administrator]

9/17/2012 7:44:18 PM
mbam-log-2012-09-17 (19-44-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215525
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

torreattack
2012-09-18, 10:17
hi sls0463:

You did not provide me an update about your computer problem.



Are you running two antivirus? Avast and MSE? Are they able to update and run?
What is the symptoms that make you think you are infected? Any re-direction, strange sound, email hacked, pop-up?
Since when this incident happen?
Any other issue?

thanks,
torreattack

sls0463
2012-09-19, 02:59
I am running Avast (based on an earlier recommendation from the forum).

I am still getting the pop up in the lower left corner.

I occasionally get a redirect.

The ad.yieldmanager popup started about 4 weeks ago.

THANK YOU for taking the time to try and help me. I do appreciate it.

torreattack
2012-09-20, 01:37
Hi sls0463 :

1. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
Click start>> Control Panel >> Under Programs, click on Uninstall a program.
Locate the following program(s):


Adobe Reader 9.3.3
Java(TM) 6 Update 17
Microsoft Security Essentials
Java(TM) 6 Update 22

Select the program above and click on Uninstall to uninstall it.NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://findgala.com/?&uid=5618&q={searchTerms}
IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
[2012/01/05 21:22:40 | 000,001,210 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml
[2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml
[2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms}
CHR - homepage: http://www.searchnu.com/406
O1 - Hosts: 93.115.241.28 www.google-analytics.com.
O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.28 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O4 - HKLM..\Run: [] File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Web-Based Email Tools http://email00.secureserver.net/Download.CAB (Reg Error: Key error.)

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[ResetHosts]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


3. SystemLook
Please download SystemLook from one of the links below, and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe)
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.



4. Do you know these folder?
C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

Thanks,
torreattack

sls0463
2012-09-20, 04:06
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D3676F2-C158-46AA-904C-C97C63544026}\ not found.
Registry key HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}\ not found.
File C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml not found.
File C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
93.115.241.28 www.google-analytics.com. removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Web-Based Email Tools
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shawn\Desktop\cmd.bat deleted successfully.
C:\Users\Shawn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shawn
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 3383645 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 839201393 bytes

Total Files Cleaned = 804.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.61.4 log created on 09192012_200118

Files\Folders moved on Reboot...
File\Folder C:\Users\Shawn\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PG1EZX7O\showthread[2].htm moved successfully.
C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Shawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

sls0463
2012-09-20, 04:20
SystemLook 30.07.11 by jpshortstuff
Log created at 20:10 on 19/09/2012 by Shawn
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\Users\Shawn\AppData\Local\Ilivid Player d------ [00:27 28/07/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Shawn\AppData\LocalLow\DataMngr d------ [00:26 28/07/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

sls0463
2012-09-20, 04:21
I don't know what these folders are.....

4. Do you know these folder?
C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

torreattack
2012-09-20, 18:15
Hi sls0463 :

1. Reset Google Chrome
Open the Google Chrome browser.
Click the spanner icon on the browser toolbar.
Click Options.
In the Google Chrome Options window, click the basics.
Click manage search engines
Under Default search options, click on any search engine (but not the searchqu.com or Search Results) and click on the make default
Now, click the Search Results () and click x and the right hand side of the same row to remove the searchqu.com search engine.
Close the browser.
Note: Don't forget to change your default homepage too. You may read how to change your homepage in google chrome here (http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95314)



2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-1057294972-859772879-3047662534-1001\Software\Trolltech]

:Files
ipconfig /flushdns /c
C:\Users\Shawn\AppData\Local\Ilivid Player
C:\Users\Shawn\AppData\LocalLow\DataMngr
C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


3. SystemLook
Please make sure SystemLook is located on your Desktop.
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.



4. re-scan with OTL
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop. Disable you antivirus if needed.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of OTL.txt ONLY in your next reply.



5. Checklist
Please post:
Any problem to reset goolge chrome
OTL fix log
SystemLook log
OTL.txt only
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

torreattack
2012-09-23, 17:44
Hi sls0463:

It has been 2 days since my last post to you.
Do you still need help with this problem?
Do you need more time?
Are you having problems understanding or following my instructions?

thanks,
torreattack

sls0463
2012-09-26, 01:27
I will need a couple of days to do this. Been out of town.

I do appreciate your help.

torreattack
2012-09-30, 19:50
still need time?

tashi
2012-10-05, 20:01
Hello sls0463,

This thread has been closed due to inactivity and will not be re-opened.

If you still require help, please start a new topic and include the DDS & aswMBR logs with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.