Happili.com redirects. Help -- Trojan.Tracur

Indyultra · May 1, 2012

Getting the Happili.com redirects. Here is my DDS and ATTACH.txt. Thanks in advanced Chris

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Chris at 21:34:00 on 2012-04-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3727 [GMT -4:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files\AVAST Software\Avast\AvastNet.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Chris\Desktop\OTL.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVAST Software\Avast\setup\avast.setup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mWinlogon: Userinit=userinit.exe,

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll

Trusted Zone: intuit.com\ttlc

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9AC693E0-6DB0-488D-B05A-C2C72A854909} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-6 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-23 133944]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-18 44768]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-4-18 134920]

R2 avast! Net Client Service;avast! Net Client Service;C:\Program Files\AVAST Software\Avast\AvastNet.exe [2012-4-18 195160]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-6 2413056]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 HP8207_8307;HP-HP8207_8307;C:\Windows\system32\DRIVERS\HP8207_8307.sys --> C:\Windows\system32\DRIVERS\HP8207_8307.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-11 24176]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253088]

S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-30 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-30 8456]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]

S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-05-01 00:25:32 -------- d-----w- C:\Windows\pss

2012-04-29 20:09:17 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFBC3D13-B080-45CB-ABE6-5EF0955FC533}\mpengine.dll

2012-04-24 00:26:16 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2012-04-24 00:17:49 -------- d-----w- C:\Windows\SysWow64\kodak

2012-04-24 00:15:54 -------- d-----w- C:\Windows\SysWow64\spool

2012-04-24 00:02:30 -------- d-----w- C:\ProgramData\Eastman Kodak Company

2012-04-24 00:01:46 -------- d-----w- C:\Program Files (x86)\Kodak

2012-04-24 00:01:34 -------- d-----w- C:\Program Files\Bonjour

2012-04-24 00:01:34 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-04-23 23:32:52 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe

2012-04-23 23:32:51 133944 ----a-w- C:\Windows\SysWow64\atashost.exe

2012-04-23 23:32:22 -------- d-----w- C:\ProgramData\WebEx

2012-04-22 20:45:38 495104 ----a-w- C:\Windows\puppy.exe

2012-04-22 20:45:37 903680 ----a-w- C:\Windows\puppy.scr

2012-04-22 20:45:37 -------- d-----w- C:\Windows\puppy Uninstaller

2012-04-19 00:37:05 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2012-04-19 00:36:42 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2012-04-12 07:02:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-12 07:02:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-12 07:02:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-12 07:02:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-12 07:00:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 07:00:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 07:00:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 07:00:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 07:00:33 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 07:00:33 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 07:00:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-09 17:44:03 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-09 17:19:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-01 13:20:52 -------- d-----w- C:\Program Files (x86)\LSoft Technologies

2012-04-01 02:01:25 -------- d-----w- C:\Program Files\Xilisoft

.

==================== Find3M ====================

.

2012-05-01 00:32:58 78848 ----a-w- C:\Windows\KMSEmulator.exe

2012-04-13 22:44:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-06 23:02:45 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-27 21:04:42 153538494 ------w- C:\Users\Chris\HDS_Navionics_Background_Chart_Update.exe

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-03 00:46:48 249856 ------w- C:\Windows\Setup1.exe

2012-02-03 00:46:47 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-03-30 16:40:34 517976 ----a-w- C:\Program Files\DXSETUP.exe

2011-03-30 16:40:32 95576 ----a-w- C:\Program Files\DSETUP.dll

2011-03-30 16:40:32 1566040 ----a-w- C:\Program Files\dsetup32.dll

.

============= FINISH: 21:35:09.60 ===============

Attach.txt

Maurice Naggar · May 1, 2012

Hello Indyultra,

These steps are for IndyUltra only. If you are a casual viewer, do NOT try this on your system!

If you are not IndyUltra and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Please un-install µTorrent and any other peer-to-peer filesharing app, and confirm that for me.

Looks like you have Spybot Search & Destroy installed. Make veru sure that Tea Timer is OFF otherwise it will interfere with cleanup.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSITx64.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

I am going to have you get a fresh copy of Combofix, save it first, and then run a special script.

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=109364
KILLALL::
Collect::[4]
C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll
Driver::
Adobe
File::
C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll
DDS::
uRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer
dRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 6

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & C:\Combofix.txt

Use separate replies as needed if logs do not fit into one reply box.

Indyultra · May 1, 2012

ComboFix 12-05-01.02 - Chris 05/01/2012 16:45:01.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4062 [GMT -4:00]

Running from: c:\users\Chris\Desktop\Programs\Malware\Combo-Fix.exe

Command switches used :: c:\users\Chris\Desktop\Programs\Malware\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Roaming

c:\users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll

c:\users\Chris\HDS_Navionics_Background_Chart_Update.exe

c:\windows\system32\drivers\etc\hosts.txt

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

.

2012-05-01 20:49 . 2012-05-01 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-01 20:49 . 2012-05-01 20:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-05-01 20:35 . 2012-05-01 20:35 -------- d-----w- C:\rsit

2012-05-01 20:35 . 2012-05-01 20:35 -------- d-----w- c:\program files\trend micro

2012-05-01 20:33 . 2012-05-01 20:33 -------- d-----w- c:\program files (x86)\ERUNT

2012-05-01 20:16 . 2012-05-01 20:16 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla

2012-05-01 20:16 . 2012-05-01 20:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-01 06:40 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C36FC8E-A6A1-4544-9593-83524605502C}\mpengine.dll

2012-04-24 00:26 . 2011-06-16 21:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2012-04-24 00:17 . 2012-04-24 00:18 -------- d-----w- c:\windows\SysWow64\kodak

2012-04-24 00:15 . 2012-04-24 00:15 -------- d-----w- c:\windows\SysWow64\spool

2012-04-24 00:02 . 2012-04-24 00:02 -------- d-----w- c:\programdata\Eastman Kodak Company

2012-04-24 00:01 . 2012-04-24 00:15 -------- d-----w- c:\program files (x86)\Kodak

2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\programdata\Apple

2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\program files\Bonjour

2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\program files (x86)\Bonjour

2012-04-23 23:32 . 2012-04-23 23:32 215864 ----a-w- c:\windows\SysWow64\atsckernel.exe

2012-04-23 23:32 . 2012-04-23 23:32 133944 ----a-w- c:\windows\SysWow64\atashost.exe

2012-04-23 23:32 . 2012-04-23 23:59 -------- d-----w- c:\programdata\WebEx

2012-04-22 20:45 . 2008-02-20 20:49 495104 ----a-w- c:\windows\puppy.exe

2012-04-22 20:45 . 2012-04-22 20:45 -------- d-----w- c:\windows\puppy Uninstaller

2012-04-22 20:45 . 2008-02-20 20:50 903680 ----a-w- c:\windows\puppy.scr

2012-04-12 07:02 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-12 07:02 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 07:02 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 07:02 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-09 17:44 . 2012-04-13 22:44 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-09 17:19 . 2012-04-13 22:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-01 20:51 . 2011-12-24 00:02 78848 ----a-w- c:\windows\KMSEmulator.exe

2012-04-13 22:44 . 2011-12-06 21:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 19:56 . 2011-12-15 19:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 23:15 . 2011-11-29 00:20 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-25 09:01 . 2012-02-23 22:34 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 09:09 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 09:09 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 09:09 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 09:09 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 17:59 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 17:59 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 17:59 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-03 00:46 . 2012-02-03 00:46 249856 ------w- c:\windows\Setup1.exe

2012-02-03 00:46 . 2012-02-03 00:46 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-03-30 16:40 . 2011-03-30 16:40 517976 ----a-w- c:\program files\DXSETUP.exe

2011-03-30 16:40 . 2011-03-30 16:40 95576 ----a-w- c:\program files\DSETUP.dll

2011-03-30 16:40 . 2011-03-30 16:40 1566040 ----a-w- c:\program files\dsetup32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-12-06 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-02-01 358312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]

.

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-06 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-04-23 133944]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-06 2413056]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:44]

.

2012-05-01 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS.exe [2011-12-24 00:03]

.

2012-05-01 c:\windows\Tasks\AutoKMSDaily.job

- c:\windows\AutoKMS.exe [2011-12-24 00:03]

.

2012-05-01 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-26 03:31]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 21:46]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 21:46]

.

2012-05-01 c:\windows\Tasks\HPCeeScheduleForChris.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-05-01 c:\windows\Tasks\PrintProjects Communicator.job

- c:\programdata\PrintProjects\MessageCheck.exe [2011-11-22 10:11]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-06 1128448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzw36e90.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-VB Runtime - c:\windows\System32\UNINSTAL.EXE

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-01 16:55:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-01 20:55

.

Pre-Run: 496,853,938,176 bytes free

Post-Run: 496,355,864,576 bytes free

.

- - End Of File - - 2C651CB2D543E86AFDAA5621723B8C58

Upload was successful

Indyultra · May 1, 2012

Getting and error message now when I try and open off my desktop, "Illegal operation attempted on a registry that has been marked for deletion"

Indyultra · May 1, 2012

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 29

Java version out of date!

Adobe Reader X (10.1.2)

Mozilla Firefox (12.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

Indyultra · May 1, 2012

Logfile of random's system information tool 1.09 (written by random/random)

Run by Chris at 2012-05-01 16:35:49

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 474 GB (68%) free of 700 GB

Total RAM: 6092 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:35:51 PM, on 5/1/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13216 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

"C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

atieclxx

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-894e25b2-a9c7-40de-9702-70c243d197cc -SystemEventPortName:HostProcess-9849f887-0794-4ec6-99fc-c06b1202e592 -IoCancelEventPortName:HostProcess-a80cebd5-c8d7-4154-bc46-f1997285f1e0 -NonStateChangingEventPortName:HostProcess-2fd60b4f-fabf-41f7-b71f-c8e289d49a23 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:338008a3-b323-485e-b52b-f19be93ea841

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe"

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe" -Embedding

C:\Windows\system32\WLANExt.exe 3267664

\??\C:\Windows\system32\conhost.exe "3960559547933838931137583175-1790472180-899738330265698301592763011-313570663

C:\Windows\System32\spoolsv.exe

"taskhost.exe"

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\IDT\WDM\AESTSr64.exe"

"C:\Windows\SysWOW64\atashost.exe"

"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"

"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"

C:\Windows\system32\svchost.exe -k bthsvcs

"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

"C:\Program Files\IDT\WDM\sttray64.exe"

C:\Windows\SysWOW64\ezSharedSvcHost.exe

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"

"C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe"

"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"

"C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe"

"C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"

"C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"

"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS

"C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe"

"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

"C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe"

"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

"taskhost.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

"C:\Users\Chris\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\AutoKMS.job

C:\Windows\tasks\AutoKMSDaily.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HPCeeScheduleForChris.job

C:\Windows\tasks\PrintProjects Communicator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzw36e90.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.233 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin]

"Description"=Canon MycameraPlugin

"Path"=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]

"Description"=WildTangent Games App Presence Detector Plugin

"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.233 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 339872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-06 2799912]

"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-01-24 10355200]

"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-27 1935120]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-12-06 1128448]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-25 167960]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-25 391704]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-25 418840]

"EKIJ5000StatusMonitor"=C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2011-06-16 2922496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"=C:\Program Files\PeerBlock\peerblock.exe [2010-11-06 2646128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-01-03 815512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-01-03 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-01-03 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]

C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-03-16 61112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-15 336384]

"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-12-06 113288]

"HPConnectionManager"=C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-02-15 94264]

"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]

"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-01-27 318520]

"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

"AgentMonitor"=C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [2012-02-01 358312]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

"EKIJ5000StatusMonitor"=C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2011-06-16 2922496]

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2011-03-25 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-06-21 52920]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-01 16:35:49 ----D---- C:\rsit

2012-05-01 16:35:49 ----D---- C:\Program Files\trend micro

2012-05-01 16:34:20 ----D---- C:\Windows\ERDNT

2012-05-01 16:33:45 ----D---- C:\Program Files (x86)\ERUNT

2012-05-01 16:21:12 ----A---- C:\TDSSKiller.2.7.33.0_01.05.2012_16.21.12_log.txt

2012-05-01 16:16:09 ----D---- C:\Users\Chris\AppData\Roaming\Mozilla

2012-05-01 16:16:02 ----D---- C:\ProgramData\Mozilla

2012-05-01 16:16:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-01 16:16:01 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-05-01 15:57:29 ----A---- C:\TDSSKiller.2.7.33.0_01.05.2012_15.57.29_log.txt

2012-05-01 05:06:16 ----A---- C:\Windows\system32\FNTCACHE.DAT

2012-05-01 05:06:11 ----A---- C:\Windows\ntbtlog.txt

2012-04-30 20:42:59 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_20.42.59_log.txt

2012-04-30 20:25:32 ----D---- C:\Windows\pss

2012-04-30 19:36:45 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_19.36.45_log.txt

2012-04-30 19:30:41 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_19.30.41_log.txt

2012-04-23 20:17:49 ----D---- C:\Windows\SYSWOW64\kodak

2012-04-23 20:15:54 ----D---- C:\Windows\SYSWOW64\spool

2012-04-23 20:02:30 ----D---- C:\ProgramData\Eastman Kodak Company

2012-04-23 20:01:46 ----D---- C:\Program Files (x86)\Kodak

2012-04-23 20:01:34 ----D---- C:\ProgramData\Apple

2012-04-23 20:01:34 ----D---- C:\Program Files\Bonjour

2012-04-23 20:01:34 ----D---- C:\Program Files (x86)\Bonjour

2012-04-23 19:32:52 ----A---- C:\Windows\SYSWOW64\atsckernel.exe

2012-04-23 19:32:51 ----A---- C:\Windows\SYSWOW64\atashost.exe

2012-04-23 19:32:22 ----D---- C:\ProgramData\WebEx

2012-04-22 16:45:38 ----A---- C:\Windows\puppy.ini

2012-04-22 16:45:38 ----A---- C:\Windows\puppy.exe

2012-04-22 16:45:37 ----D---- C:\Windows\puppy Uninstaller

2012-04-22 16:45:37 ----A---- C:\Windows\puppy.scr

2012-04-12 03:03:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-04-12 03:03:04 ----A---- C:\Windows\system32\mshtmled.dll

2012-04-12 03:03:04 ----A---- C:\Windows\system32\iertutil.dll

2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\url.dll

2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-04-12 03:03:03 ----A---- C:\Windows\system32\url.dll

2012-04-12 03:03:03 ----A---- C:\Windows\system32\jscript9.dll

2012-04-12 03:03:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-04-12 03:03:02 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-04-12 03:03:02 ----A---- C:\Windows\system32\ieui.dll

2012-04-12 03:03:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-04-12 03:03:01 ----A---- C:\Windows\system32\urlmon.dll

2012-04-12 03:03:01 ----A---- C:\Windows\system32\jsproxy.dll

2012-04-12 03:03:01 ----A---- C:\Windows\system32\jscript.dll

2012-04-12 03:03:00 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-04-12 03:03:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-04-12 03:03:00 ----A---- C:\Windows\system32\wininet.dll

2012-04-12 03:02:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-04-12 03:02:58 ----A---- C:\Windows\system32\mshtml.dll

2012-04-12 03:02:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-04-12 03:02:56 ----A---- C:\Windows\system32\ieframe.dll

2012-04-12 03:02:50 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-04-12 03:02:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-04-12 03:02:48 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-04-12 03:00:37 ----A---- C:\Windows\system32\imagehlp.dll

2012-04-12 03:00:37 ----A---- C:\Windows\system32\drivers\fs_rec.sys

2012-04-12 03:00:36 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2012-04-12 03:00:33 ----A---- C:\Windows\SYSWOW64\wmi.dll

2012-04-12 03:00:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2012-04-12 03:00:33 ----A---- C:\Windows\system32\wmi.dll

2012-04-12 03:00:33 ----A---- C:\Windows\system32\wintrust.dll

2012-04-09 13:44:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

2012-04-09 13:19:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-05-01 16:35:51 ----D---- C:\Windows\Temp

2012-05-01 16:35:49 ----RD---- C:\Program Files

2012-05-01 16:34:20 ----D---- C:\Windows

2012-05-01 16:33:45 ----RD---- C:\Program Files (x86)

2012-05-01 16:21:12 ----D---- C:\Windows\system32\drivers

2012-05-01 16:16:02 ----HD---- C:\ProgramData

2012-05-01 16:16:01 ----D---- C:\Windows\Prefetch

2012-05-01 16:13:34 ----D---- C:\Windows\System32

2012-05-01 16:13:34 ----D---- C:\Windows\inf

2012-05-01 16:13:34 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-05-01 16:11:12 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-05-01 16:10:10 ----A---- C:\Windows\SYSWOW64\log.txt

2012-05-01 16:08:15 ----D---- C:\Windows\system32\Tasks

2012-05-01 16:08:08 ----D---- C:\Windows\Tasks

2012-05-01 16:08:00 ----A---- C:\Windows\KMSEmulator.exe

2012-05-01 16:07:45 ----D---- C:\ProgramData\Kodak

2012-05-01 16:07:08 ----D---- C:\Temp

2012-05-01 15:55:50 ----D---- C:\Windows\system32\config

2012-05-01 15:54:08 ----D---- C:\Program Files\PeerBlock

2012-05-01 15:46:19 ----D---- C:\Windows\SysWOW64

2012-05-01 15:46:01 ----SHD---- C:\System Volume Information

2012-05-01 11:59:53 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-05-01 08:56:29 ----SHD---- C:\Windows\Installer

2012-05-01 08:56:28 ----SHD---- C:\Config.Msi

2012-04-30 21:18:05 ----D---- C:\Users\Chris\AppData\Roaming\uTorrent

2012-04-30 21:18:05 ----D---- C:\Users\Chris\AppData\Roaming\Media Player Classic

2012-04-30 21:18:01 ----D---- C:\Windows\debug

2012-04-30 20:21:00 ----D---- C:\Windows\system32\drivers\etc

2012-04-30 18:29:27 ----D---- C:\ProgramData\Microsoft Help

2012-04-30 17:26:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-29 16:47:26 ----D---- C:\Windows\system32\NDF

2012-04-25 07:54:13 ----D---- C:\Windows\system32\catroot

2012-04-23 20:25:24 ----D---- C:\Windows\winsxs

2012-04-23 20:21:32 ----RSD---- C:\Windows\assembly

2012-04-23 20:17:49 ----D---- C:\Windows\twain_32

2012-04-23 20:17:10 ----D---- C:\Windows\system32\DriverStore

2012-04-23 20:17:04 ----D---- C:\Windows\system32\catroot2

2012-04-23 20:07:27 ----D---- C:\Users\Chris\AppData\Roaming\Temp

2012-04-23 19:32:22 ----D---- C:\Windows\Downloaded Program Files

2012-04-22 17:21:06 ----D---- C:\Program Files (x86)\Google

2012-04-18 21:00:30 ----D---- C:\Program Files\PC_link

2012-04-12 03:34:18 ----D---- C:\Windows\Microsoft.NET

2012-04-12 03:21:23 ----D---- C:\Windows\SYSWOW64\migration

2012-04-12 03:21:23 ----D---- C:\Windows\system32\migration

2012-04-12 03:21:23 ----D---- C:\Program Files\Internet Explorer

2012-04-12 03:21:23 ----D---- C:\Program Files (x86)\Internet Explorer

2012-04-12 03:00:56 ----A---- C:\Windows\system32\MRT.exe

2012-04-11 19:34:32 ----D---- C:\Garmin

2012-04-02 16:03:36 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-27 30008]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-27 43320]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-13 9259520]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-13 301568]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]

R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]

R3 HP8207_8307;HP-HP8207_8307; C:\Windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]

R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-12-06 91648]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-12-06 208896]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 338536]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]

R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-12-06 528384]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-06 1451056]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-02-16 42392]

S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]

S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]

S3 BTCFilterService;USB Networking Driver Filter Service; C:\Windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960]

S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []

S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-07-29 14216]

S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-07-29 8456]

S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]

S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]

S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 31744]

S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]

S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]

S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2012-01-25 30720]

S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 8576]

S3 Motousbnet;Motorola USB Networking Driver Service; C:\Windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 sbusb_vista;WMfA SBOOT Host Driver; C:\Windows\system32\DRIVERS\sbusb_vista.sys []

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]

S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]

S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-06 89600]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-13 203776]

R2 atashost;WebEx Service Host for Support Center; C:\Windows\SysWOW64\atashost.exe [2012-04-23 133944]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-27 1517328]

R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]

R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]

R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-27 30520]

R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-06 2413056]

R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-22 325656]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 MotoHelper;MotoHelper Service; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-27 844560]

R2 RoxioNow Service;RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]

R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-12-06 301568]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-02-22 1044816]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]

S3 hpCMSrv;HP Connection Manager 4.0 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-20 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-29 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Indyultra · May 1, 2012

info.txt logfile of random's system information tool 1.09 2012-05-01 16:35:53

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Free Realms\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Seafight\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe"

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL

7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}

7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"

Acoustica MP3 CD Burner-->C:\PROGRA~2\ACOUST~1\UNWISE.EXE C:\PROGRA~2\ACOUST~1\INSTALL.LOG

Active@ KillDisk-->"C:\Program Files (x86)\InstallShield Installation Information\{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}\setup.exe" -runfromtemp -l0x0009 -removeonly

Adobe Acrobat X Pro - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain plugin

Adobe Reader X (10.1.2) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Agatha Christie - Peril at End House-->"C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe"

aioprnt-->MsiExec.exe /X{0645A454-AD44-4F0D-99CF-6B762735AD1F}

aioscnnr-->MsiExec.exe /X{376348C2-E372-48BC-A138-E896757BD86A}

aioscnnr-->MsiExec.exe /X{EF53BFAB-4C10-40DB-A82D-9B07111715C6}

Aiseesoft Total Video Converter 6.2.20-->"C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Video Converter\unins000.exe"

Any Video Converter Professional 3.3.3-->"C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe"

ATI Catalyst Install Manager-->msiexec /q/x{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75} REBOOT=ReallySuppress

Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe"

AuthenTec TrueAPI-->MsiExec.exe /X{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}

Bejeweled 2 Deluxe-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

Bejeweled 3-->"C:\Program Files (x86)\HP Games\Bejeweled 3\Uninstall.exe"

Blackhawk Striker 2-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"

Blasterball 3-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"

Blio-->MsiExec.exe /X{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}

Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}

Bounce Symphony-->"C:\Program Files (x86)\HP Games\Bounce Symphony\Uninstall.exe"

Build-a-lot 2-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"

C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}

Cake Mania-->"C:\Program Files (x86)\HP Games\Cake Mania\Uninstall.exe"

Canon Utilities CameraWindow DC 8-->"C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDC\uninstall.xml"

Catalyst Control Center - Branding-->MsiExec.exe /I{1AA895E9-B751-408B-BB9C-527C04E52C91}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}

Chuzzle Deluxe-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"

CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4FE6ABAF-20F3-4F5F-A966-380FDAE9A31A}" "1033" "0"

DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}

Diner Dash 2 Restaurant Rescue-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"

DIY DataRecovery CHK-Mate-->"C:\Program Files (x86)\DIY DataRecovery CHK-Mate\unins000.exe"

Dora's World Adventure-->"C:\Program Files (x86)\HP Games\Dora's World Adventure\Uninstall.exe"

Ductuputer Trial-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\DuctuputerD\ST6UNST.LOG"

EASEUS Data Recovery Wizard Professional 3.3.4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72B23535-8136-4863-965C-33A60FFA3CE7}\setup.exe" -l0x9 -removeonly

EASEUS Partition Master 9.1.0 Home Edition-->"C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\unins000.exe"

Energy Star Digital Logo-->MsiExec.exe /I{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

essentials-->MsiExec.exe /I{BE94C681-68E2-4561-8ABC-8D2E799168B4}

ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}

Evernote v. 4.2.2-->MsiExec.exe /X{F761359C-9CED-45AE-9A51-9D6605CD55C4}

Farm Frenzy-->"C:\Program Files (x86)\HP Games\Farm Frenzy\Uninstall.exe"

FATE - The Traitor Soul-->"C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Uninstall.exe"

Garmin BlueChart Americas 2008.5-->MsiExec.exe /X{AB1019AE-73D6-49BC-9DE7-04F50E3C4D33}

Garmin City Navigator North America NT 2012.30 Update-->MsiExec.exe /X{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}

Garmin City Navigator North America NT 2012.40 Update-->MsiExec.exe /X{A0966294-1F16-411F-98BF-AB9FDED7B9C6}

Garmin MapSource-->MsiExec.exe /X{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}

Garmin USB Drivers-->MsiExec.exe /X{510D2239-6C2E-457B-9590-485EC552D94D}

Garmin WebUpdater-->MsiExec.exe /X{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}

Glary Utilities 2.43.0.1419-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"

Google Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GPSBabel 1.4.3-->"C:\Program Files (x86)\GPSBabel\unins000.exe"

HDS_4.1.36.68-->MsiExec.exe /I{E4641F56-8B13-4F9F-8111-648218B40BA3}

HDS_Gen2_1.1.39.38-->MsiExec.exe /I{CEA7950B-D014-4806-B78E-8588E2A0BF39}

Hewlett-Packard ACLM.NET v1.1.2.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)-->C:\Windows\SysWOW64\msiexec.exe /package {46F8CF66-AB83-38A7-99B2-A5BE507EE472} /uninstall {3EE9D984-E7A6-30B9-8FF5-A1FE2242440A} /qb+ REBOOTPROMPT=""

HP 3D DriveGuard-->MsiExec.exe /X{5601F151-A69F-4E30-8C60-37928124CD07}

HP Auto-->MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}

HP Client Services-->MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}

HP Connection Manager-->MsiExec.exe /X{795AADBF-58C2-42D0-B779-E730702A247E}

HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}

HP Documentation-->MsiExec.exe /X{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}

HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"

HP MovieStore-->C:\ProgramData\Uninstall\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}\setup.exe /x {9008D736-35CA-40DB-A2BE-5F32D954E5AA}

HP MovieStore-->MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}

HP On Screen Display-->MsiExec.exe /I{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}

HP Power Manager-->MsiExec.exe /I{872B1C80-38EC-4A31-A25C-980820593900}

HP Product Detection-->MsiExec.exe /I{A436F67F-687E-4736-BD2B-537121A804CF}

HP Quick Launch-->MsiExec.exe /I{EB58480C-0721-483C-B354-9D35A147999F}

HP Setup Manager-->MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}

HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{210A03F5-B2ED-4947-B27E-516F50CBB292}\setup.exe" -l0x9 -removeonly

HP SimplePass 2011-->MsiExec.exe /X{4741965C-AFD0-4D00-81D1-1039F96D4DC3}

HP Software Framework-->MsiExec.exe /X{F8070C51-4B1D-430C-8BCF-19696368366F}

IC4 Interface Device by SU Enterprise, Inc.-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}\setup.exe" -l0x9 IC4USB32

IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Display Audio Driver-->C:\Program Files (x86)\Intel\Intel® Display Audio Driver\Uninstall\setup.exe -uninstall

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{25FBDA9A-E868-4B3B-B9FF-D923818511A1}

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

Intel® Wireless Display-->MsiExec.exe /X{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}

Java 6 Update 24 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416024FF}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}

Kodak AIO Printer-->MsiExec.exe /X{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}

KODAK AiO Software-->C:\ProgramData\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"

ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}

Learning Lodge Navigator-->C:\Program Files (x86)\VTech\DownloadManager\System\Uninstall.exe

LG USB Modem driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG

Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe

Mah Jong Medley-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe"

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

MapSource - US Rec Lakes with Fishing Hot Spots Central v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A6B21A2C-9F04-4761-8E85-48BD9BE51E03} /l1033

MapSource - US Rec Lakes with Fishing Hot Spots® East v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{84A757A7-B412-44A0-ADE6-9C0F9E96D84D} /l1033

MapSource - US Rec Lakes with Fishing Hot Spots® West v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E56C5937-1BA5-446B-A1DB-3762E763F599} /l1033

MapSource-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove

Media Player Classic - Home Cinema 1.6.0.4014-->"C:\Program Files (x86)\Media Player Classic - Home Cinema\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}

Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe

Microsoft Help Viewer 1.0-->MsiExec.exe /X{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}

Microsoft Money Plus-->"C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120

Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}

Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2008 (64-bit)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"

Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{5340A3B5-3853-4745-BED2-DD9FF5371331}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FA7394B8-CE65-4F9E-AC99-F372AD365424}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FBD367D1-642F-47CF-B79B-9BE48FB34007}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{DF167CE3-60E7-44EA-99EC-2507C51F37AE}

Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}

Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}

Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{B40EE88B-400A-4266-A17B-E3DE64E94431}

Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}

Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

Microsoft Visual C++ 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - ENU\setup.exe

Microsoft Visual C++ 2010 Express - ENU-->MsiExec.exe /X{46F8CF66-AB83-38A7-99B2-A5BE507EE472}

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

MotoHelper 2.1.40 Driver 5.5.0-->C:\Program Files (x86)\Motorola\MotoHelper\uninstall.exe

MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}

Motorola Datacard Driver Installation 1.5.5-->MsiExec.exe /I{D5370589-3E1E-4689-8045-71493C083E6F}

Motorola Mobile Drivers Installation 5.5.0-->MsiExec.exe /X{61C3230C-D69D-44E7-B974-F8BBADB49EE6}

Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}

MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}

Mystery P.I. - Stolen in San Francisco-->"C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\Uninstall.exe"

Namco All-Stars PAC-MAN-->"C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\Uninstall.exe"

ocr-->MsiExec.exe /I{BFBCF96F-7361-486A-965C-54B17AC35421}

PC_link 2.0.0.0.8-->"C:\Program Files\PC_link\uninstall.exe"

PeerBlock 1.1 (r518)-->"C:\Program Files\PeerBlock\unins000.exe"

Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"

Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\Uninstall.exe"

PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}

Poker Superstars III-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"

Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"

Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"

PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"

PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}

PrintProjects-->"C:\Program Files (x86)\PrintProjects\uninst.exe"

puppy-->"C:\Windows\puppy Uninstaller\unins000.exe"

RadioComm v11.11.11-->MsiExec.exe /X{90690334-8BE8-4807-8461-B02E86FD4A37}

Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\Setup.exe" -runfromtemp -removeonly

Recovery Manager-->MsiExec.exe /I{DBCD5E64-7379-4648-9444-8A6558DCB614}

Recuva-->"C:\Program Files\Recuva\uninst.exe"

Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe" -runfromtemp -l0x0409 -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}

RoxioNow Player-->MsiExec.exe /X{0EDEB615-1A60-425E-8306-0E10519C7B55}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)-->C:\Windows\SysWOW64\msiexec.exe /package {46F8CF66-AB83-38A7-99B2-A5BE507EE472} /uninstall {F606AC5F-4A30-3D7F-BC43-1200864BD9E5} /qb+ REBOOTPROMPT=""

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances

Sierra I6 Update-->C:\SIERRA~1\UNWISE.EXE

Sierra I6-->C:\SIERRA~1\UNWISE.EXE

Slingo Supreme-->"C:\Program Files (x86)\HP Games\Slingo Supreme\Uninstall.exe"

Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"

Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}

Synaptics TouchPad Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tribler (remove only)-->C:\Program Files (x86)\Tribler\Uninstall.exe

TurboTax 2011 WinPerFedFormset-->MsiExec.exe /I{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}

TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}

TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}

TurboTax 2011 wmiiper-->MsiExec.exe /I{10DA2BD7-EFFC-420D-8689-CAEA577CAB7C}

TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}

TurboTax 2011-->C:\Program Files (x86)\TurboTax\Home & Business 2011\Installer\TurboTax 2011 Installer.exe /u /t /a

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended

Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"

Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}" "1033" "0"

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Validity WBF DDK-->MsiExec.exe /X{79174AF2-6CB1-42F5-981E-66DCA49391D0}

VB Runtime-->C:\Windows\System32\UNINSTAL.EXE /A /R C:\Windows\System32\VBRunTme.LOG

Virtual Villagers 4 - The Tree of Life-->"C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe"

VirtualLab Client 6.0.14-->"C:\Program Files (x86)\BinaryBiz\VirtualLab6\unins000.exe"

VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

WebEx-->C:\PROGRA~3\webex\atcliun.exe

Wheel of Fortune 2-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"

WildTangent Games App (HP Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\048B92BA3327CEF8\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_amd64_neutral_3e4b654f12f06d57\grmnusb.inf

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

WinRAR 4.10 beta 2 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

Xilisoft MTS Converter-->C:\Program Files (x86)\Xilisoft\MTS Converter\Uninstall.exe

Xilisoft Video Converter Ultimate-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\Uninstall.exe

Yawcam 0.3.7-->"C:\Program Files (x86)\Yawcam\unins000.exe"

Zuma Deluxe-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: Chris-HP

Event Code: 51

Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.

Record Number: 14706

Source Name: Disk

Time Written: 20111223230513.728558-000

Event Type: Warning

User:

Computer Name: Chris-HP

Event Code: 51

Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.

Record Number: 14705

Source Name: Disk

Time Written: 20111223230513.728558-000

Event Type: Warning

User:

Computer Name: Chris-HP

Event Code: 51

Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.

Record Number: 14704

Source Name: Disk

Time Written: 20111223230513.728558-000

Event Type: Warning

User:

Computer Name: Chris-HP

Event Code: 51

Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.

Record Number: 14703

Source Name: Disk

Time Written: 20111223230513.728558-000

Event Type: Warning

User:

Computer Name: Chris-HP

Event Code: 51

Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.

Record Number: 14702

Source Name: Disk

Time Written: 20111223230513.728558-000

Event Type: Warning

User:

=====Application event log=====

Computer Name: Chris-HP

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1805

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111128223347.571948-000

Event Type: Error

User:

Computer Name: Chris-HP

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1798

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111128222523.135096-000

Event Type: Error

User:

Computer Name: Chris-HP

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1797

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111128222358.429251-000

Event Type: Error

User:

Computer Name: Chris-HP

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1796

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111128222358.309245-000

Event Type: Error

User:

Computer Name: Chris-HP

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1784

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111128221747.143486-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Chris-HP

Event Code: 4616

Message: The system time was changed.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Process Information:

Process ID: 0x270

Name: C:\Windows\System32\svchost.exe

Previous Time: ‎2011‎-‎11‎-‎28T22:16:06.693798000Z

New Time: ‎2011‎-‎11‎-‎28T22:16:06.693000000Z

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.

Record Number: 741

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111128221606.693000-000

Event Type: Audit Success

User:

Computer Name: Chris-HP

Event Code: 4616

Message: The system time was changed.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Process Information:

Process ID: 0x270

Name: C:\Windows\System32\svchost.exe

Previous Time: ‎2011‎-‎11‎-‎28T22:08:16.282755600Z

New Time: ‎2011‎-‎11‎-‎28T22:16:06.577797900Z

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.

Record Number: 740

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111128221606.591798-000

Event Type: Audit Success

User:

Computer Name: Chris-HP

Event Code: 4905

Message: An attempt was made to unregister a security event source.

Subject

Security ID: S-1-5-18

Account Name: WIN-CQ35SM8F40I$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Process:

Process ID: 0xa70

Process Name: C:\Windows\System32\VSSVC.exe

Event Source:

Source Name: VSSAudit

Event Source ID: 0x14483d

Record Number: 739

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111128220628.782678-000

Event Type: Audit Success

User:

Computer Name: Chris-HP

Event Code: 4904

Message: An attempt was made to register a security event source.

Subject :

Security ID: S-1-5-18

Account Name: WIN-CQ35SM8F40I$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Process:

Process ID: 0xa70

Process Name: C:\Windows\System32\VSSVC.exe

Event Source:

Source Name: VSSAudit

Event Source ID: 0x14483d

Record Number: 738

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111128220628.782678-000

Event Type: Audit Success

User:

Computer Name: Chris-HP

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-845649588-2443200131-3913574986-1001

Account Name: Chris

Domain Name: Chris-HP

Logon ID: 0xc8cbf

Record Number: 737

Source Name: Microsoft-Windows-Eventlog

Time Written: 20111128220623.197868-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\CCleaner;C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\HP SimplePass 2011\x64;C:\Program Files (x86)\HP SimplePass 2011\;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

"OnlineServices"=Online Services

"Platform"=MCD

"PCBRAND"=Pavilion

"VS100COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\

"KDS_LANGUAGE"=13

-----------------EOF-----------------

Indyultra · May 1, 2012

Figured out how to remove utorrent, had to run it as an administrator

Maurice Naggar · May 1, 2012

What date did the "Happili" redirect first happen? Do you recall any particular "odd rogue name window" that may have been presented to you?

Is the redirect happening now? In which browser? please be specific. I need to be sure if it happened in Internet Explorer, or Chrome, or Firefox or some other browser; or if all browsers.

From Start button, type in

Program and features

do a Right-Click on it and select Run as Administrator

De-install (remove) Java™ 6 Update 24 (64-bit)

& Java™ 6 Update 29

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
IF this is a 64-bit Windows (as is yours), get both the 32-bit & 64-bit Javas & install each.
DECLINE & do not accept any added "toolbar" either in download or in setup of Java.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u32-windows-i586-s.exe to install the newest version. If on Windows 7 or Vista, do a RIGHT-Click and Run as Administrator.
( jre-6u32-windows-x64.exe if this is a 64-bit Windows o.s.)

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 32 from Sun Microsystems Inc.

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to c:\windows\SysWow64\atsckernel.exe, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for c:\windows\SysWow64\atashost.exe

Save the results, and post back here in a reply.

==

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to c:\windows\SysWow64\atsckernel.exe, then click the Submit button.

Save the results, and post back here in a reply.

Repeat the same steps for c:\windows\SysWow64\atashost.exe

Save the results, and post back here in a reply.

Indyultra · May 1, 2012

SHA256: 40092deee074dd90de9aab10ab42e09283930def204de725a7c799e0ef9a48ec SHA1: 56ee1f7d0617c5e7e3a3e01c4073808ddb68f93f MD5: b8e5a67fe36a26fe4a22f6ca7161604d File size: 210.8 KB ( 215864 bytes ) File name: 2482816738FA91204BBA03919E0FE400AB67F425.exe File type: Win32 EXE Tags: signed Detection ratio: 0 / 41 Analysis date: 2011-04-23 17:43:49 UTC ( 1 year ago )

0

More details Antivirus Result Update AhnLab-V3 - 20110423 AntiVir - 20110423 Antiy-AVL - 20110423 Avast - 20110423 Avast5 - 20110423 AVG - 20110423 BitDefender - 20110423 CAT-QuickHeal - 20110423 ClamAV - 20110421 Commtouch - 20110423 Comodo - 20110423 DrWeb - 20110423 eSafe - 20110422 eTrust-Vet - 20110422 F-Prot - 20110423 F-Secure - 20110423 Fortinet - 20110423 GData - 20110423 Ikarus - 20110423 Jiangmin - 20110423 K7AntiVirus - 20110423 Kaspersky - 20110423 McAfee - 20110423 McAfee-GW-Edition - 20110423 Microsoft - 20110423 NOD32 - 20110423 Norman - 20110423 Panda - 20110423 PCTools - 20110421 Prevx - 20110423 Rising - 20110423 Sophos - 20110423 SUPERAntiSpyware - 20110423 Symantec - 20110423 TheHacker - 20110422 TrendMicro - 20110423 TrendMicro-HouseCall - 20110423 VBA32 - 20110422 VIPRE - 20110423 ViRobot - 20110423 VirusBuster - 20110423

Indyultra · May 1, 2012

SHA256: 08ec93bc1e2a4281093bca2c9adbbf2915f11af1276a8d7d91199e76686aadac SHA1: 4ca4d125ebd7e2473f39108e3af01678f9dd0ca3 MD5: fcf685f3d5458121c568f268d4d90ee5 File size: 130.8 KB ( 133944 bytes ) File name: /home/freefixer/freefixer.com/uploads/samples/08ec93bc1e2a4281093bca2c9adbbf2915f11af1276a8d7d91199e76686aadac.bin File type: Win32 EXE Tags: signed Detection ratio: 0 / 43 Analysis date: 2012-01-19 22:56:20 UTC ( 3 months, 1 week ago )

0

More details Antivirus Result Update AhnLab-V3 - 20120119 AntiVir - 20120119 Antiy-AVL - 20120119 Avast - 20120119 AVG - 20120119 BitDefender - 20120119 ByteHero - 20120116 CAT-QuickHeal - 20120119 ClamAV - 20120119 Commtouch - 20120119 Comodo - 20120119 DrWeb - 20120119 Emsisoft - 20120119 eSafe - 20120117 eTrust-Vet - 20120119 F-Prot - 20120119 F-Secure - 20120119 Fortinet - 20120119 GData - 20120119 Ikarus - 20120119 Jiangmin - 20120119 K7AntiVirus - 20120119 Kaspersky - 20120119 McAfee - 20120119 McAfee-GW-Edition - 20120119 Microsoft - 20120119 NOD32 - 20120119 Norman - 20120119 nProtect - 20120119 Panda - 20120119 PCTools - 20120119 Prevx - 20120119 Rising - 20120118 Sophos - 20120119 SUPERAntiSpyware - 20120119 Symantec - 20120119 TheHacker - 20120119 TrendMicro - 20120119 TrendMicro-HouseCall - 20120119 VBA32 - 20120119 VIPRE - 20120119 ViRobot - 20120119 VirusBuster - 20120119

Indyultra · May 1, 2012

I am still getting the error message when ever I try to run anything, , "Illegal operation attempted on a registry that has been marked for deletion"

Indyultra · May 1, 2012

so far no redirects

Indyultra · May 1, 2012

Restarted my computer and error message went away.

Maurice Naggar · May 1, 2012

I am still getting the error message when ever I try to run anything, , "Illegal operation attempted on a registry that has been marked for deletion"

Give me an example of what you tried to run & how ....so I can have a better idea.

By the way, we are not done and I have to re-review your logs.

I do not want you to run anything really on your own before we get a better grip.

Maurice Naggar · May 1, 2012

Restarted my computer and error message went away.

OK. Don't do anything with this system. No websurfing no online stuff.

Wait for my next reply. There is more to do.

Maurice Naggar · May 1, 2012

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3

Re-enable your antivirus program.

Reply with contents (Copy & Paste) of Bitdefender report

and latest MBAM scan log

and tell me, How is your system now ?

Indyultra · May 2, 2012

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Tue May 01 20:09:48 2012

Machine ID: 28B56AB9

No infection found.

-------------------

Processes

---------

(unsigned) Intel PROSet\Wireless Bluetooth 2396 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(unsigned) Intel PROSet\Wireless Bluetooth 2616 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(unsigned) Intel PROSet\Wireless Bluetooth 5044 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(unsigned) Intel PROSet\Wireless Bluetooth 3112 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(verified) Adobe Acrobat Update Service 2516 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(verified) AgentMonitor Application 3308 C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

(verified) avast! Antivirus 4320 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(verified) avast! Antivirus 5304 C:\Program Files\AVAST Software\Avast\AvastUI.exe

(verified) Bonjour 2676 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(verified) CommandService Application 6132 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(verified) EKAiOHostService Module 3060 C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

(verified) HP On Screen Display 3288 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(verified) HP Quick Launch 3276 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(verified) HP Quick Launch 3008 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(verified) HP Quick Synchronization Service 2960 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(verified) hpqwmiex Module 4512 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(verified) IAStorDataSvc 5508 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(verified) IAStorIcon 3212 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(verified) Intel® Active Management Technology L 6060 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(verified) Intel® Management and Security Applic 6168 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(verified) Intuit Update Service 3084 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(verified) Java Platform SE Auto Updater 2 0 3340 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) Malwarebytes Anti-Malware 3252 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(verified) Monitor Application 2492 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(verified) MotoHelper 3388 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

(verified) MotoHelper Service 2304 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

(verified) RoxioNow Player 4048 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(verified) Shared EasyBits services for Windows 2808 C:\Windows\SysWOW64\ezSharedSvcHost.exe

(verified) Simple Pass 2011 1784 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

(verified) Simple Pass 2011 992 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

(verified) SimplePass 2011 1724 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

(verified) USB 3.0 Monitor 3228 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(verified) WebEx Support Center 2588 C:\Windows\SysWOW64\atashost.exe

(verified) Windows® Internet Explorer 7140 C:\Program Files (x86)\Internet Explorer\ielowutil.exe

(verified) Windows® Internet Explorer 4568 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 6540 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 692 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity

----------------

Process AgentMonitor.exe (3308) connected on port 80 (HTTP) --> 58.177.240.88

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 23.15.7.18

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 23.15.7.51

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 194.7.155.82

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 66.235.142.20

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 74.125.225.37

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 64.94.107.56

Process iexplore.exe (4568) connected on port 80 (HTTP) --> 66.235.142.20

Process EKAiOHostService.exe (3060) listens on ports: 9322

Autoruns and critical files

---------------------------

(unsigned) AutoKMS C:\Windows\AutoKMS.exe

(unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(verified) AgentMonitor Application C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

(verified) AUTOBACK.EXE C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe

(verified) EasyBits Magic Desktop c:\windows\syswow64\ezupbhook.dll

(verified) Glary Utilities C:\Program Files (x86)\Glary Utilities\initialize.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

(verified) HP On Screen Display C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(verified) HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(verified) HPCMDelayStart Application C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

(verified) IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) KODAK AiO Printer Driver C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

(verified) Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(verified) MessageCheck.exe C:\ProgramData\PrintProjects\MessageCheck.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Monitor Application C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(verified) PeerBlock C:\Program Files\PeerBlock\peerblock.exe

(verified) USB 3.0 Monitor C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins

---------------

(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

(unsigned) Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

(unsigned) Simple Pass 2011 C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

(verified) Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll

(verified) avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

(verified) Java Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\ssv.dll

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll

(verified) NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

(verified) NPCIG.dll C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

(verified) NPSWF32_11_2_202_233.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

(verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

(verified) WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll

(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

Missing files

-------------

File not found: c:\windows\system32\logon.scr

--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

Scan

----

MD5: a0c65ea48c515771f29915c221e51908 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

MD5: f893e691690cb722404fa94d1d499f72 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

MD5: c440483a5ce0e0ab03a79a33ace35d91 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

MD5: c8ab8ca3557cce041ac4c88e76afbad0 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

MD5: df83fb0eb35c91339f1c84c6cf426100 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

MD5: eade68c6f9875614568a5d1ca32b892b C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll

MD5: 19adef26d3d4efdd2e5e2759a43ec5ee C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll

MD5: 16136783dd2c6d210bf8514379678f70 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll

MD5: e008cb84d5c9c130316b9fe0ae33f1d8 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

MD5: 9a224a2ae159ff3064b0ace1bb18d728 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll

MD5: 7bffc28a55c6b4ef8b41d07102ce3863 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll

MD5: b990cb9e77e4a0a41281b263c055dfc8 C:\Program Files (x86)\Motorola\MotoHelper\PST.dll

MD5: d72bf0ae484f88399e8343e821c10d6a C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

MD5: 22ee4e35db025257d906ed07b422377e C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

MD5: 30554926f79c2d4239e1be1f6b2fb5df C:\Program Files (x86)\VTech\DownloadManager\System\LIBEAY32.dll

MD5: aba05033f8ad4a728d343d55bdb04886 C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

MD5: 6a9b0092b5f795804d30fc92897e6496 C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

MD5: 8f00403f4b043ee27ff1f917eb8b1a3a C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

MD5: a1bff6cb34ddd32cc2c8604fcabec9b1 C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

MD5: 4292be540dea4f147edf2e27847ba915 C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

MD5: c7d500e6a1fcbb066a95daff4bb1f30e C:\Program Files\AVAST Software\Avast\defs\12050101\algo.dll

MD5: bb3dbcb6d3e67d53af8d9cf394bf7179 C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll

MD5: c1db1653fce908731b8ae57f5b9503f0 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\39549af0784a97cb71719926653641d3\IAStorCommon.ni.dll

MD5: 1cbc8fcff6ae1194ff8f5f18793d43cc C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\bacddd12b0bfa7018fd35b70aad27bc3\IAStorDataMgr.ni.dll

MD5: ec19ebdd816919b48d106d3fd80df952 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\2aed6722dddcd5cef9067994fe938215\IAStorDataMgrSvc.ni.exe

MD5: abe352631d0dfb6820d85e3887e50f09 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2cd634e28c8cccf05d6f65c85890f721\IAStorUtil.ni.dll

MD5: a9d51725bc95b74453d4a878328bba75 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\564cdcb532033cc930eb36fb66656850\Inkjet.Automation.ni.dll

MD5: c1a04b707f98f950f2c015dc977e4729 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\83450f3271225f55c528f126bd6e7060\Inkjet.Configuration.ni.dll

MD5: 8fedfb0825f725b29a94042411c211fd C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\a6b61ac5bb712bb586473195119bb416\Inkjet.DeviceSettings.ni.dll

MD5: 4951640e404e0ed43ce79323cea909a5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\f63f0f6ab1ffd7f69f0c1577767f7c56\Inkjet.Diagnostics.ni.dll

MD5: 822a64b433a7774877fd517ff6a557ea C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\a6243fee6afa3d07ad1b2c07d2bdfb4c\Inkjet.Hardware.ni.dll

MD5: 9c89001365e322ba8c78bf0c06943e25 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\6e896f2476d7d6b2c8c391d4be5b20af\Inkjet.Localization.ni.dll

MD5: 75e52baf247835cabbac17733fba0c11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\daf91889d0f1aa8d3f0ec09cabd4ee93\Inkjet.Statistics.ni.dll

MD5: 2da2fb86441e87937e425548f5b98a51 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\b15675ca45b342eb43fd1a5aac92834b\Inkjet.Utilities.ni.dll

MD5: 1374611adab399df9e9e425a0cda21a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4f7f892b4ccf813ddfb45220157f01d0\IsdiInterop.ni.dll

MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MD5: 9368bac6d09b20ca367b13c5ce02730e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MD5: 960e6974343d0903de3b5607e200c94c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll

MD5: 746d8a021ebb45b2602d33c2fe2c0420 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MD5: 673c39ec95b3623f198e8eed3f97f80c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MD5: 1cc5608535a2c80d7b07ec8e72cdb14b C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll

MD5: f9a16e4f8bb1542f93d23506b9e867fd C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll

MD5: 252b2a8212be315d8e39f29a439c2678 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll

MD5: a8d7bd72a01b3196eee0eb50c699ed0d C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll

MD5: 0bf75aaaafc3b76eadf6b839761cd806 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll

MD5: 287d59e447865ec564aead7ccf448bb1 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll

MD5: 90cb7e41713c0fa4e25d1ec8c8b1ff49 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll

MD5: 3ef3cf1e699d27f8cf524dea3a3ca66b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll

MD5: d8ac96b9364cf1d77fee81ec2d45c2e8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll

MD5: 5539b06e27e2520b62fc629aea19eae4 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll

MD5: 12948dcc0823638f0cac990d5866700b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll

MD5: 2cd98c8367653750b9e84b3cdfc1cec8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll

MD5: 3a9c70a5b5a1b9302e4a1029582242ca C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll

MD5: e529a1ba814ab5afa5068db7e487b4ba C:\Windows\AutoKMS.exe

MD5: 855b79451ecf62602f20eb4d5c71f99b C:\Windows\system32\Adobe\Director\np32dsw.dll

MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

No file uploaded.

Scan finished - communication took 1 sec

Total traffic - 0.00 MB sent, 0.21 KB recvd

Scanned 509 files and modules - 3 seconds

==============================================================================

Indyultra · May 2, 2012

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Chris :: CHRIS-HP [administrator]

Protection: Disabled

5/1/2012 8:11:57 PM

mbam-log-2012-05-01 (20-11-57).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 406331

Time elapsed: 48 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Qoobox\Quarantine\C\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Chris\AppData\Local\ATI\Adobe\dyddza.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Chris\Desktop\Programs\Malware\RK_Quarantine\xdlqzl.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.

(end)

Maurice Naggar · May 2, 2012

MBAM just found & removed 1 new trojan (as well as deleting 2 from previous quarantines).

Chris,

Did you get help elsewhere before posting here?

You ran RogueKiller before posting this Topic here ? when ?

I need a new log for review.

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%ALLUSERSPROFILE%\Application Data\*.dll /s
C:\Users\Chris\AppData\Local\ATI\Adobe\*.* /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
c:|Fun4IM;true;true;true; /FP
c:|Bandoo;true;true;true; /FP
c:|Searchn;true;true;true; /FP
c:|Searchq;true;true;true; /FP
c:|datamngr;true;true;true; /FP
c:|iLivid;true;true;true; /FP
c:|whitesmoke;true;true;true; /FP
%USERPROFILE%\..|smtmp;true;true;true /FP
%systemroot%\*. /mp /s
CLEARALLRESTOREPOINTS
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on Run Scan.
The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
These are saved in the same location as OTL.
Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Indyultra · May 2, 2012

OTL logfile created on: 5/2/2012 3:37:42 PM - Run 3

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Chris\Desktop\Programs\Malware

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.60% Memory free

11.90 Gb Paging File | 9.63 Gb Available in Paging File | 80.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 683.84 Gb Total Space | 469.46 Gb Free Space | 68.65% Space Free | Partition Type: NTFS

Drive D: | 14.50 Gb Total Space | 1.61 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Drive G: | 98.87 Mb Total Space | 84.61 Mb Free Space | 85.58% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:09:13 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\Programs\Malware\OTL.exe

PRC - [2012/04/23 19:32:42 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2012/02/01 04:46:46 | 000,358,312 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

PRC - [2011/12/11 03:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe

PRC - [2011/12/11 03:47:40 | 000,148,296 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\BioMonitor.exe

PRC - [2011/12/06 11:18:55 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/01/27 15:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/01/24 18:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:27:52 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2cd634e28c8cccf05d6f65c85890f721\IAStorUtil.ni.dll

MOD - [2012/04/12 03:26:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MOD - [2012/04/12 03:25:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012/04/12 03:25:45 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012/02/25 05:04:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/25 05:04:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\39549af0784a97cb71719926653641d3\IAStorCommon.ni.dll

MOD - [2012/02/25 05:04:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012/02/25 05:04:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/25 05:04:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/25 05:04:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/02/25 05:04:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2012/02/01 04:46:46 | 000,358,312 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

MOD - [2012/01/11 02:40:08 | 009,843,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll

MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll

MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll

MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll

MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll

MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/12/09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)

SRV:64bit: - [2011/12/06 11:47:02 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/12/06 11:47:01 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2011/05/27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011/04/13 03:58:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/23 19:32:42 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/13 18:44:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/22 16:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)

SRV - [2011/12/06 11:23:02 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011/01/24 18:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/01/24 18:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/01/24 18:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/03/06 19:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/25 14:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2012/01/25 14:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)

DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)

DRV:64bit: - [2012/01/25 14:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)

DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2011/12/06 11:47:02 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/12/06 11:23:02 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/12/06 11:18:55 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/12/06 11:18:55 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/12/06 11:17:21 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel® Centrino®

DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2011/05/27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/05/27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/04/13 05:50:28 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/13 03:17:16 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/25 23:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2011/03/18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/01/24 05:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/02/05 00:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)

DRV:64bit: - [2009/10/09 21:22:42 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (LeapFrog-USBLAN)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)

DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2011/12/11 00:34:58 | 000,104,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sbusb_vista.sys -- (sbusb_vista)

DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/05 17:46:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/01 19:32:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/01 16:59:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/01 16:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

[2012/05/01 20:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/01 19:05:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Website Logon = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\

CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/05/01 16:51:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AC693E0-6DB0-488D-B05A-C2C72A854909}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE - ()

MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

Indyultra · May 2, 2012

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: atashost - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {34499F3F-F4D4-56B7-45C8-46AEF18D1AFA} - Browser Customizations

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {748E5C99-57C2-CBA2-B9F1-14E512442AE3} - Browser Customizations

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {DBD507D9-EC4A-BDBF-5B4E-60D082DB8A34} - Browser Customizations

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)

Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)

Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 21:28:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps

[2012/05/01 20:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

[2012/05/01 20:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass

[2012/05/01 20:08:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan

[2012/05/01 19:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

[2012/05/01 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog

[2012/05/01 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog

[2012/05/01 19:39:19 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2012/05/01 19:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2012/05/01 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Internet Security

[2012/05/01 19:35:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\AVAST KEYS

[2012/05/01 19:32:41 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/05/01 19:32:41 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/05/01 19:32:40 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/05/01 19:32:40 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/05/01 19:32:39 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/05/01 19:32:38 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/05/01 19:32:17 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/05/01 19:32:17 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/05/01 19:06:15 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2012/05/01 19:06:15 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2012/05/01 19:06:15 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2012/05/01 19:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/05/01 19:05:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/05/01 19:05:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/05/01 19:05:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/05/01 19:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/05/01 16:51:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/01 16:43:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/01 16:43:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/01 16:43:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/01 16:43:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/01 16:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/05/01 16:35:49 | 000,000,000 | ---D | C] -- C:\rsit

[2012/05/01 16:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/01 16:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/05/01 16:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/05/01 16:16:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla

[2012/05/01 16:16:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla

[2012/05/01 16:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/01 16:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/01 16:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/04/30 20:25:32 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/04/23 20:17:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak

[2012/04/23 20:15:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012/04/23 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company

[2012/04/23 20:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak

[2012/04/23 20:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak

[2012/04/23 20:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour

[2012/04/23 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/04/23 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/04/23 20:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/04/23 19:32:52 | 000,215,864 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe

[2012/04/23 19:32:51 | 000,133,944 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe

[2012/04/23 19:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx

[2012/04/22 16:45:38 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\puppy.exe

[2012/04/22 16:45:37 | 000,903,680 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\puppy.scr

[2012/04/22 16:45:37 | 000,000,000 | ---D | C] -- C:\Windows\puppy Uninstaller

[2012/04/20 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/04/12 03:03:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/04/12 03:03:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/04/12 03:03:03 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/04/12 03:03:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/04/12 03:03:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/04/12 03:03:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/04/12 03:03:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/04/12 03:03:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/04/12 03:03:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/04/12 03:03:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/04/12 03:03:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/04/12 03:02:50 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/04/12 03:02:49 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/04/12 03:02:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/04/12 03:00:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/04/12 03:00:37 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/04/12 03:00:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/04/09 13:44:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/09 13:19:43 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2011/03/30 12:40:34 | 000,517,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe

[2011/03/30 12:40:32 | 001,566,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll

[2011/03/30 12:40:32 | 000,095,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/02 14:56:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/02 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/02 14:43:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job

[2012/05/01 21:40:08 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 21:40:08 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 21:38:46 | 000,876,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/01 21:38:46 | 000,729,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/01 21:38:46 | 000,147,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/01 21:33:22 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2012/05/01 21:33:20 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job

[2012/05/01 21:33:13 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe

[2012/05/01 21:32:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/01 21:32:22 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2012/05/01 21:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/01 21:31:49 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/01 21:26:47 | 000,005,736 | ---- | M] () -- C:\Users\Chris\Documents\Fixit50388.reg

[2012/05/01 21:16:31 | 005,128,192 | ---- | M] () -- C:\Users\Chris\Documents\My Money.m16.mny

[2012/05/01 19:46:47 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2012/05/01 19:39:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/05/01 19:24:24 | 000,042,548 | ---- | M] () -- C:\Users\Chris\Documents\chris.tsd

[2012/05/01 19:06:09 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2012/05/01 19:06:09 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2012/05/01 19:06:09 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2012/05/01 19:06:09 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2012/05/01 19:05:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/05/01 19:05:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/05/01 19:05:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/05/01 19:05:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/05/01 16:51:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/01 15:51:24 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChris.job

[2012/05/01 05:06:31 | 000,424,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/29 20:34:44 | 000,480,523 | ---- | M] () -- C:\Users\Chris\Desktop\12x12pooldeck.pdf

[2012/04/29 20:31:28 | 000,479,091 | ---- | M] () -- C:\Users\Chris\Desktop\pool deck.pdf

[2012/04/23 19:32:42 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe

[2012/04/23 19:32:41 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe

[2012/04/20 14:57:45 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012/04/13 18:44:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/04/13 18:44:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/04/13 18:44:05 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 21:26:47 | 000,005,736 | ---- | C] () -- C:\Users\Chris\Documents\Fixit50388.reg

[2012/05/01 19:46:47 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2012/05/01 19:24:11 | 000,042,548 | ---- | C] () -- C:\Users\Chris\Documents\chris.tsd

[2012/05/01 16:43:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/01 16:43:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/01 16:43:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/01 16:43:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/01 16:43:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/01 16:16:02 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/05/01 05:06:16 | 000,424,544 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/29 20:34:44 | 000,480,523 | ---- | C] () -- C:\Users\Chris\Desktop\12x12pooldeck.pdf

[2012/04/29 20:31:28 | 000,479,091 | ---- | C] () -- C:\Users\Chris\Desktop\pool deck.pdf

[2012/04/22 16:45:38 | 001,683,896 | ---- | C] () -- C:\Windows\screenclean.swf

[2012/04/22 16:45:38 | 001,683,896 | ---- | C] () -- C:\Windows\puppy.swf

[2012/04/22 16:45:38 | 000,161,078 | ---- | C] () -- C:\Windows\puppy.bmp

[2012/04/22 16:45:38 | 000,000,670 | ---- | C] () -- C:\Windows\puppy.c3

[2012/04/22 16:45:38 | 000,000,670 | ---- | C] () -- C:\Windows\puppy.c1

[2012/04/22 16:45:38 | 000,000,639 | ---- | C] () -- C:\Windows\puppy.c4

[2012/04/22 16:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\puppy.ini

[2012/04/22 11:04:45 | 1703,247,872 | ---- | C] () -- C:\Users\Chris\Desktop\gmapsupp.IMG

[2012/04/20 14:57:45 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2012/04/09 13:19:43 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/02/26 11:37:54 | 000,000,581 | ---- | C] () -- C:\Users\Chris\AppData\Local\cookies.ini

[2012/02/22 16:50:29 | 000,001,036 | ---- | C] () -- C:\Windows\IC4USB32.ini

[2012/02/22 16:48:55 | 000,000,046 | ---- | C] () -- C:\Windows\RP121032.INI

[2012/02/22 16:47:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\unzip.exe

[2012/02/22 16:47:36 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/01/27 17:02:27 | 000,871,098 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/01/02 10:43:26 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/01/02 09:30:48 | 000,000,176 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\MapReverseConverter.dat

[2011/12/30 05:55:49 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011/12/30 05:55:49 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011/12/30 05:55:48 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011/12/30 05:55:48 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011/12/30 05:55:48 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011/12/23 20:03:10 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe

[2011/12/23 20:03:10 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini

[2011/12/23 20:02:52 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe

[2011/12/21 22:01:40 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\UNINSTAL.EXE

[2011/12/06 11:17:45 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/09/24 12:14:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/09/24 12:05:37 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011/09/24 12:04:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/09/24 12:04:27 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/09/24 12:00:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/06/21 15:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2011/03/30 12:40:32 | 000,097,152 | ---- | C] () -- C:\Program Files\dxupdate.cab

[2011/03/30 12:40:32 | 000,044,624 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab

[2011/03/25 23:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/03/25 23:16:08 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/02/22 19:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2010/06/02 06:22:54 | 001,412,902 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab

[2010/06/02 06:22:54 | 001,127,217 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab

[2010/06/02 06:22:54 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab

[2010/06/02 06:22:54 | 000,272,611 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab

[2010/06/02 06:22:54 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab

[2010/06/02 06:22:54 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab

[2010/06/02 06:22:54 | 000,086,037 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab

[2010/06/02 06:22:54 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab

[2010/06/02 06:22:52 | 001,906,878 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab

[2010/06/02 06:22:52 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab

[2010/06/02 06:22:52 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab

[2010/06/02 06:22:52 | 000,121,794 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab

[2010/06/02 06:22:52 | 000,092,684 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab

[2010/06/02 06:22:52 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab

[2010/06/02 06:22:52 | 000,021,851 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab

[2010/06/02 06:22:50 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab

[2010/06/02 06:22:50 | 000,196,762 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab

[2010/06/02 06:22:50 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab

[2010/06/02 06:22:50 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab

[2010/06/02 06:22:50 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab

[2010/06/02 06:22:48 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab

[2010/06/02 06:22:48 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab

[2010/06/02 06:22:48 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab

[2010/06/02 06:22:48 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab

[2010/06/02 06:22:48 | 000,273,018 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab

[2010/06/02 06:22:46 | 000,275,044 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab

[2010/06/02 06:22:46 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab

[2010/06/02 06:22:46 | 000,092,740 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab

[2010/06/02 06:22:38 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab

[2010/06/02 06:22:38 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab

[2010/06/02 06:22:36 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab

[2010/06/02 06:22:36 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab

[2010/06/02 06:22:36 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab

[2010/06/02 06:22:36 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab

[2010/06/02 06:22:36 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab

[2010/06/02 06:22:36 | 000,226,250 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab

[2010/06/02 06:22:36 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab

[2010/06/02 06:22:36 | 000,093,734 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab

[2010/06/02 06:22:34 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab

[2010/06/02 06:22:34 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab

[2010/06/02 06:22:34 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab

[2010/06/02 06:22:34 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab

[2010/06/02 06:22:34 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab

[2010/06/02 06:22:32 | 000,937,246 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x64.cab

[2010/06/02 06:22:32 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab

[2010/06/02 06:22:32 | 000,768,036 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x86.cab

[2010/06/02 06:22:32 | 000,278,060 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x86.cab

[2010/06/02 06:22:32 | 000,277,338 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x64.cab

[2010/06/02 06:22:32 | 000,124,596 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x64.cab

[2010/06/02 06:22:32 | 000,093,686 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x86.cab

[2010/06/02 06:22:30 | 000,762,188 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x86.cab

[2010/06/02 06:22:30 | 000,235,955 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x64.cab

[2010/06/02 06:22:30 | 000,197,283 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x86.cab

[2010/06/02 06:22:30 | 000,138,205 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x64.cab

[2010/06/02 06:22:30 | 000,109,445 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x86.cab

[2010/06/02 06:22:28 | 000,944,460 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x64.cab

[2010/06/02 06:22:28 | 000,931,471 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x86.cab

[2010/06/02 06:22:28 | 000,752,783 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x64.cab

[2010/06/02 06:22:20 | 000,269,024 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab

[2010/06/02 06:22:18 | 001,792,608 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab

[2010/06/02 06:22:18 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab

[2010/06/02 06:22:18 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab

[2010/06/02 06:22:18 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab

[2010/06/02 06:22:18 | 000,269,628 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab

[2010/06/02 06:22:18 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab

[2010/06/02 06:22:18 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab

[2010/06/02 06:22:18 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab

[2010/06/02 06:22:18 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab

[2010/06/02 06:22:18 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab

[2010/06/02 06:22:16 | 001,607,774 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab

[2010/06/02 06:22:16 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab

[2010/06/02 06:22:16 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab

[2010/06/02 06:22:16 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab

[2010/06/02 06:22:16 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab

[2010/06/02 06:22:16 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab

[2010/06/02 06:22:16 | 000,180,785 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab

[2010/06/02 06:22:16 | 000,133,671 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab

[2010/06/02 06:22:14 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab

[2010/06/02 06:22:14 | 000,277,191 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x86.cab

[2010/06/02 06:22:14 | 000,276,960 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x64.cab

[2010/06/02 06:22:14 | 000,122,446 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x64.cab

[2010/06/02 06:22:14 | 000,093,180 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x86.cab

[2010/06/02 06:22:12 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab

[2010/06/02 06:22:12 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab

[2010/06/02 06:22:12 | 000,054,678 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x64.cab

[2010/06/02 06:22:12 | 000,020,713 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x86.cab

[2010/06/02 06:22:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab

[2010/06/02 06:22:10 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab

[2010/06/02 06:22:04 | 001,084,720 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab

[2010/06/02 06:22:02 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab

[2010/06/02 06:22:02 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab

[2010/06/02 06:22:02 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab

[2010/06/02 06:22:02 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab

[2010/06/02 06:22:02 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab

[2010/06/02 06:22:02 | 000,145,599 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab

[2010/06/02 06:22:00 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab

[2010/06/02 06:22:00 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab

[2010/06/02 06:22:00 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab

[2010/06/02 06:22:00 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab

[2010/06/02 06:22:00 | 000,272,642 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab

[2010/06/02 06:22:00 | 000,212,807 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab

[2010/06/02 06:22:00 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab

[2010/06/02 06:22:00 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab

[2010/06/02 06:22:00 | 000,093,106 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab

[2010/06/02 06:21:58 | 000,930,116 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab

[2010/06/02 06:21:58 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab

[2010/06/02 06:21:58 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab

[2010/06/02 06:21:58 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab

[2010/06/02 06:21:58 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab

[2010/06/02 06:21:58 | 000,105,044 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab

[2010/06/02 06:21:56 | 003,319,740 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab

[2010/06/02 06:21:56 | 003,112,111 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab

[2010/06/02 06:21:56 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab

[2010/06/02 06:21:46 | 000,919,044 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab

[2010/06/02 06:21:46 | 000,271,412 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab

[2010/06/02 06:21:46 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab

[2010/06/02 06:21:44 | 001,794,084 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab

[2010/06/02 06:21:44 | 001,464,672 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab

[2010/06/02 06:21:44 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab

[2010/06/02 06:21:44 | 000,198,096 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab

[2010/06/02 06:21:44 | 000,153,012 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab

[2010/06/02 06:21:44 | 000,121,772 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab

[2010/06/02 06:21:44 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab

[2010/06/02 06:21:42 | 001,800,160 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab

[2010/06/02 06:21:42 | 001,708,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab

[2010/06/02 06:21:42 | 000,867,612 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab

[2010/06/02 06:21:42 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab

[2010/06/02 06:21:42 | 000,796,867 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab

[2010/06/02 06:21:40 | 001,350,542 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab

[2010/06/02 06:21:40 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab

[2010/06/02 06:21:40 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab

[2010/06/02 06:21:40 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab

[2010/06/02 06:21:40 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab

[2010/06/02 06:21:40 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab

[2010/06/02 06:21:40 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab

[2010/06/02 06:21:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab

[2010/06/02 06:21:38 | 000,195,766 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab

[2010/06/02 06:21:38 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab

[2010/06/02 06:21:38 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab

[2010/06/02 06:21:36 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab

[2010/06/02 06:21:36 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab

[2010/06/02 06:21:36 | 000,695,865 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab

[2010/06/02 06:21:34 | 000,046,010 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab

[2010/06/02 06:21:20 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab

[2010/06/02 06:21:18 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab

[2010/06/02 06:21:18 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab

[2010/06/02 06:21:18 | 000,179,133 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab

[2010/06/02 06:21:18 | 000,133,103 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab

[2010/06/02 06:21:16 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab

[2010/06/02 06:21:16 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab

[2010/06/02 06:21:16 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab

[2010/06/02 06:21:16 | 001,078,962 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< C:\Users\Chris\AppData\Local\ATI\Adobe\*.* /s >

< %APPDATA%\*. >

[2012/03/16 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.Tribler

[2011/11/28 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acoustica

[2012/02/06 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe

[2012/01/27 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft

[2011/11/28 18:19:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ATI

[2012/03/26 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Auslogics

[2012/03/29 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\canon

[2011/11/28 22:08:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CyberLink

[2012/01/02 09:54:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GARMIN

[2012/03/26 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GlarySoft

[2011/12/06 11:46:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Hewlett-Packard

[2011/11/29 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\hpqlog

[2011/11/28 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities

[2011/12/21 21:00:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IDT

[2011/12/06 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield

[2011/11/28 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Intel

[2011/11/28 18:18:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Intel Corporation

[2012/01/02 10:44:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Intuit

[2011/11/28 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia

[2011/12/15 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes

[2011/09/24 12:56:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs

[2012/04/30 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Player Classic

[2012/03/12 18:17:55 | 000,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft

[2012/03/09 19:49:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Motorola

[2012/05/01 16:16:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla

[2012/05/01 20:09:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan

[2011/11/28 18:18:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Synaptics

[2012/04/23 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp

[2012/02/07 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\vlc

[2011/12/22 22:20:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR

[2012/03/31 22:01:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Xilisoft

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

< >

Maurice Naggar · May 3, 2012

Hello Chris,

Please check your PM message & reply.

I am assuming that the Happili redirect issue i gone. But however, I need to have your confirmation.

Overall, this looks good. I think we are over the main problem. Just need to do a few more checks.

Save and close any work documents, close any apps that you started.

The Ask toolbar is not needed & matter of fact, I do not recommend having it.

Use Windows key or get to Start >> type in Programs & Features & select & press Enter.

Look for ASK or ASK.com toolbar

If found, select it and remove (un-install

Exit the applet when done.

Next a few tools to get and scan system with.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

Now turn OFF your antivirus program (Avast antivirus) Leave the firewall on

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

For 64-bit Windows systems:

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:
----------------
No infection found.

Step 4

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Report only

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

When all done, RE-Enable your antivirus program.

Reply with contents of aswMBR log

TDSSKILLER log

MSRT log (if found)

Stinger.txt

and tell me, How is your system now ?

Indyultra · May 4, 2012

20:13:18.0236 7584 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

20:13:18.0565 7584 ============================================================

20:13:18.0565 7584 Current date / time: 2012/05/03 20:13:18.0565

20:13:18.0565 7584 SystemInfo:

20:13:18.0565 7584

20:13:18.0565 7584 OS Version: 6.1.7601 ServicePack: 1.0

20:13:18.0565 7584 Product type: Workstation

20:13:18.0565 7584 ComputerName: CHRIS-HP

20:13:18.0565 7584 UserName: Chris

20:13:18.0565 7584 Windows directory: C:\Windows

20:13:18.0565 7584 System windows directory: C:\Windows

20:13:18.0565 7584 Running under WOW64

20:13:18.0565 7584 Processor architecture: Intel x64

20:13:18.0565 7584 Number of processors: 4

20:13:18.0565 7584 Page size: 0x1000

20:13:18.0565 7584 Boot type: Normal boot

20:13:18.0565 7584 ============================================================

20:13:19.0102 7584 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:13:19.0106 7584 ============================================================

20:13:19.0106 7584 \Device\Harddisk0\DR0:

20:13:19.0106 7584 MBR partitions:

20:13:19.0106 7584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

20:13:19.0106 7584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557AC800

20:13:19.0106 7584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55810800, BlocksNum 0x1D02000

20:13:19.0106 7584 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0

20:13:19.0106 7584 ============================================================

20:13:19.0145 7584 C: <-> \Device\Harddisk0\DR0\Partition1

20:13:19.0196 7584 D: <-> \Device\Harddisk0\DR0\Partition2

20:13:19.0204 7584 G: <-> \Device\Harddisk0\DR0\Partition3

20:13:19.0204 7584 ============================================================

20:13:19.0204 7584 Initialize success

20:13:19.0204 7584 ============================================================

20:13:20.0886 8152 ============================================================

20:13:20.0886 8152 Scan started

20:13:20.0886 8152 Mode: Manual;

20:13:20.0886 8152 ============================================================

20:13:21.0992 8152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:13:21.0993 8152 1394ohci - ok

20:13:22.0047 8152 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

20:13:22.0047 8152 Accelerometer - ok

20:13:22.0131 8152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:13:22.0134 8152 ACPI - ok

20:13:22.0161 8152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:13:22.0162 8152 AcpiPmi - ok

20:13:22.0324 8152 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:13:22.0326 8152 AdobeARMservice - ok

20:13:22.0518 8152 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:13:22.0520 8152 AdobeFlashPlayerUpdateSvc - ok

20:13:22.0579 8152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

20:13:22.0583 8152 adp94xx - ok

20:13:22.0643 8152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

20:13:22.0646 8152 adpahci - ok

20:13:22.0682 8152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

20:13:22.0693 8152 adpu320 - ok

20:13:22.0724 8152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:13:22.0725 8152 AeLookupSvc - ok

20:13:22.0829 8152 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

20:13:22.0830 8152 AESTFilters - ok

20:13:22.0898 8152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:13:22.0902 8152 AFD - ok

20:13:22.0942 8152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:13:22.0943 8152 agp440 - ok

20:13:22.0980 8152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:13:22.0983 8152 ALG - ok

20:13:23.0035 8152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:13:23.0036 8152 aliide - ok

20:13:23.0106 8152 AMD External Events Utility (951f9713ebb69866ea24e4e53d270a02) C:\Windows\system32\atiesrxx.exe

20:13:23.0111 8152 AMD External Events Utility - ok

20:13:23.0131 8152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:13:23.0132 8152 amdide - ok

20:13:23.0196 8152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

20:13:23.0198 8152 AmdK8 - ok

20:13:23.0674 8152 amdkmdag (c4a36b9afb5c993c0a750589bbeac845) C:\Windows\system32\DRIVERS\atikmdag.sys

20:13:23.0839 8152 amdkmdag - ok

20:13:24.0035 8152 amdkmdap (ee789ea97d06bec75fcd5e69bb69a93b) C:\Windows\system32\DRIVERS\atikmpag.sys

20:13:24.0042 8152 amdkmdap - ok

20:13:24.0086 8152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

20:13:24.0087 8152 AmdPPM - ok

20:13:24.0143 8152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:13:24.0147 8152 amdsata - ok

20:13:24.0194 8152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

20:13:24.0199 8152 amdsbs - ok

20:13:24.0216 8152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:13:24.0217 8152 amdxata - ok

20:13:24.0288 8152 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys

20:13:24.0294 8152 AMPPAL - ok

20:13:24.0339 8152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:13:24.0340 8152 AppID - ok

20:13:24.0391 8152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:13:24.0393 8152 AppIDSvc - ok

20:13:24.0424 8152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:13:24.0425 8152 Appinfo - ok

20:13:24.0469 8152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

20:13:24.0471 8152 arc - ok

20:13:24.0501 8152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

20:13:24.0503 8152 arcsas - ok

20:13:24.0633 8152 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:13:24.0634 8152 aspnet_state - ok

20:13:24.0689 8152 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

20:13:24.0690 8152 aswFsBlk - ok

20:13:24.0720 8152 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys

20:13:24.0721 8152 aswKbd - ok

20:13:24.0812 8152 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

20:13:24.0813 8152 aswMonFlt - ok

20:13:24.0874 8152 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

20:13:24.0875 8152 aswRdr - ok

20:13:24.0960 8152 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

20:13:24.0974 8152 aswSnx - ok

20:13:25.0010 8152 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

20:13:25.0015 8152 aswSP - ok

20:13:25.0079 8152 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

20:13:25.0081 8152 aswTdi - ok

20:13:25.0116 8152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:13:25.0118 8152 AsyncMac - ok

20:13:25.0156 8152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:13:25.0157 8152 atapi - ok

20:13:25.0246 8152 atashost (fcf685f3d5458121c568f268d4d90ee5) C:\Windows\SysWOW64\atashost.exe

20:13:25.0249 8152 atashost - ok

20:13:25.0341 8152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:13:25.0348 8152 AudioEndpointBuilder - ok

20:13:25.0358 8152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:13:25.0365 8152 AudioSrv - ok

20:13:25.0491 8152 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

20:13:25.0492 8152 avast! Antivirus - ok

20:13:25.0536 8152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:13:25.0539 8152 AxInstSV - ok

20:13:25.0599 8152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

20:13:25.0606 8152 b06bdrv - ok

20:13:25.0678 8152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:13:25.0685 8152 b57nd60a - ok

20:13:25.0768 8152 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

20:13:25.0785 8152 BCM43XX - ok

20:13:25.0831 8152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:13:25.0835 8152 BDESVC - ok

20:13:25.0879 8152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:13:25.0880 8152 Beep - ok

20:13:25.0993 8152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:13:26.0002 8152 BFE - ok

20:13:26.0072 8152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

20:13:26.0085 8152 BITS - ok

20:13:26.0129 8152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

20:13:26.0131 8152 blbdrive - ok

20:13:26.0287 8152 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

20:13:26.0296 8152 Bluetooth Device Monitor - ok

20:13:26.0365 8152 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

20:13:26.0372 8152 Bluetooth Media Service - ok

20:13:26.0428 8152 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

20:13:26.0433 8152 Bluetooth OBEX Service - ok

20:13:26.0511 8152 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

20:13:26.0513 8152 Bonjour Service - ok

20:13:26.0665 8152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:13:26.0667 8152 bowser - ok

20:13:26.0699 8152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

20:13:26.0700 8152 BrFiltLo - ok

20:13:26.0717 8152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

20:13:26.0717 8152 BrFiltUp - ok

20:13:26.0776 8152 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

20:13:26.0779 8152 BridgeMP - ok

20:13:26.0820 8152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:13:26.0821 8152 Browser - ok

20:13:26.0840 8152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:13:26.0842 8152 Brserid - ok

20:13:26.0870 8152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:13:26.0871 8152 BrSerWdm - ok

20:13:26.0901 8152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:13:26.0902 8152 BrUsbMdm - ok

20:13:26.0930 8152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:13:26.0931 8152 BrUsbSer - ok

20:13:26.0979 8152 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys

20:13:26.0980 8152 BTCFilterService - ok

20:13:27.0049 8152 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

20:13:27.0050 8152 BthEnum - ok

20:13:27.0087 8152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

20:13:27.0090 8152 BTHMODEM - ok

20:13:27.0127 8152 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

20:13:27.0130 8152 BthPan - ok

20:13:27.0185 8152 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

20:13:27.0193 8152 BTHPORT - ok

20:13:27.0244 8152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:13:27.0247 8152 bthserv - ok

20:13:27.0265 8152 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

20:13:27.0267 8152 BTHUSB - ok

20:13:27.0286 8152 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys

20:13:27.0287 8152 btmaux - ok

20:13:27.0336 8152 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys

20:13:27.0338 8152 btmhsf - ok

20:13:27.0347 8152 catchme - ok

20:13:27.0375 8152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:13:27.0376 8152 cdfs - ok

20:13:27.0418 8152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:13:27.0420 8152 cdrom - ok

20:13:27.0465 8152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:13:27.0466 8152 CertPropSvc - ok

20:13:27.0510 8152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

20:13:27.0511 8152 circlass - ok

20:13:27.0537 8152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:13:27.0542 8152 CLFS - ok

20:13:27.0619 8152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:13:27.0622 8152 clr_optimization_v2.0.50727_32 - ok

20:13:27.0669 8152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:13:27.0672 8152 clr_optimization_v2.0.50727_64 - ok

20:13:27.0773 8152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:13:27.0774 8152 clr_optimization_v4.0.30319_32 - ok

20:13:27.0795 8152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:13:27.0797 8152 clr_optimization_v4.0.30319_64 - ok

20:13:27.0808 8152 clwvd - ok

20:13:27.0841 8152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

20:13:27.0842 8152 CmBatt - ok

20:13:27.0860 8152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:13:27.0861 8152 cmdide - ok

20:13:27.0911 8152 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:13:27.0915 8152 CNG - ok

20:13:27.0966 8152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

20:13:27.0968 8152 Compbatt - ok

20:13:28.0005 8152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:13:28.0007 8152 CompositeBus - ok

20:13:28.0020 8152 COMSysApp - ok

20:13:28.0038 8152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

20:13:28.0039 8152 crcdisk - ok

20:13:28.0079 8152 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:13:28.0082 8152 CryptSvc - ok

20:13:28.0122 8152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:13:28.0131 8152 DcomLaunch - ok

20:13:28.0185 8152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:13:28.0193 8152 defragsvc - ok

20:13:28.0227 8152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:13:28.0228 8152 DfsC - ok

20:13:28.0259 8152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:13:28.0263 8152 Dhcp - ok

20:13:28.0281 8152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:13:28.0282 8152 discache - ok

20:13:28.0330 8152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

20:13:28.0333 8152 Disk - ok

20:13:28.0376 8152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:13:28.0379 8152 Dnscache - ok

20:13:28.0412 8152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:13:28.0416 8152 dot3svc - ok

20:13:28.0440 8152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:13:28.0443 8152 DPS - ok

20:13:28.0475 8152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:13:28.0475 8152 drmkaud - ok

20:13:28.0513 8152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:13:28.0523 8152 DXGKrnl - ok

20:13:28.0547 8152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:13:28.0549 8152 EapHost - ok

20:13:28.0661 8152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

20:13:28.0689 8152 ebdrv - ok

20:13:28.0799 8152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:13:28.0802 8152 EFS - ok

20:13:28.0941 8152 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:13:28.0948 8152 ehRecvr - ok

20:13:28.0987 8152 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:13:28.0988 8152 ehSched - ok

20:13:29.0050 8152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

20:13:29.0055 8152 elxstor - ok

20:13:29.0084 8152 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys

20:13:29.0085 8152 epmntdrv - ok

20:13:29.0141 8152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:13:29.0141 8152 ErrDev - ok

20:13:29.0179 8152 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys

20:13:29.0180 8152 EuGdiDrv - ok

20:13:29.0228 8152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:13:29.0231 8152 EventSystem - ok

20:13:29.0368 8152 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

20:13:29.0376 8152 EvtEng - ok

20:13:29.0475 8152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:13:29.0478 8152 exfat - ok

20:13:29.0495 8152 ezSharedSvc - ok

20:13:29.0514 8152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:13:29.0516 8152 fastfat - ok

20:13:29.0566 8152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:13:29.0573 8152 Fax - ok

20:13:29.0595 8152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

20:13:29.0596 8152 fdc - ok

20:13:29.0625 8152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:13:29.0626 8152 fdPHost - ok

20:13:29.0652 8152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:13:29.0654 8152 FDResPub - ok

20:13:29.0682 8152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:13:29.0683 8152 FileInfo - ok

20:13:29.0695 8152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:13:29.0695 8152 Filetrace - ok

20:13:29.0834 8152 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:13:29.0843 8152 FLEXnet Licensing Service - ok

20:13:29.0874 8152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

20:13:29.0875 8152 flpydisk - ok

20:13:29.0968 8152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:13:29.0971 8152 FltMgr - ok

20:13:30.0043 8152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:13:30.0053 8152 FontCache - ok

20:13:30.0111 8152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:13:30.0112 8152 FontCache3.0.0.0 - ok

20:13:30.0220 8152 FPLService (ba0f98b69d84efae63ea80a957f9ef31) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

20:13:30.0222 8152 FPLService - ok

20:13:30.0303 8152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:13:30.0303 8152 FsDepends - ok

20:13:30.0342 8152 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:13:30.0343 8152 Fs_Rec - ok

20:13:30.0384 8152 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

20:13:30.0385 8152 FTDIBUS - ok

20:13:30.0411 8152 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

20:13:30.0412 8152 FTSER2K - ok

20:13:30.0444 8152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:13:30.0447 8152 fvevol - ok

20:13:30.0487 8152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

20:13:30.0488 8152 gagp30kx - ok

20:13:30.0559 8152 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:13:30.0561 8152 GamesAppService - ok

20:13:30.0622 8152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:13:30.0630 8152 gpsvc - ok

20:13:30.0691 8152 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:13:30.0692 8152 gupdate - ok

20:13:30.0701 8152 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:13:30.0702 8152 gupdatem - ok

20:13:30.0732 8152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:13:30.0733 8152 hcw85cir - ok

20:13:30.0765 8152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:13:30.0768 8152 HdAudAddService - ok

20:13:30.0791 8152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:13:30.0793 8152 HDAudBus - ok

20:13:30.0807 8152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

20:13:30.0807 8152 HidBatt - ok

20:13:30.0825 8152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

20:13:30.0826 8152 HidBth - ok

20:13:30.0866 8152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

20:13:30.0867 8152 HidIr - ok

20:13:30.0890 8152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

20:13:30.0892 8152 hidserv - ok

20:13:30.0941 8152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:13:30.0941 8152 HidUsb - ok

20:13:30.0984 8152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:13:30.0986 8152 hkmsvc - ok

20:13:31.0007 8152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:13:31.0010 8152 HomeGroupListener - ok

20:13:31.0039 8152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:13:31.0042 8152 HomeGroupProvider - ok

20:13:31.0145 8152 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

20:13:31.0146 8152 HP Support Assistant Service - ok

20:13:31.0198 8152 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys

20:13:31.0199 8152 HP8207_8307 - ok

20:13:31.0273 8152 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

20:13:31.0275 8152 HPClientSvc - ok

20:13:31.0350 8152 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

20:13:31.0355 8152 hpCMSrv - ok

20:13:31.0419 8152 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

20:13:31.0420 8152 HPDrvMntSvc.exe - ok

20:13:31.0536 8152 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

20:13:31.0537 8152 hpdskflt - ok

20:13:31.0596 8152 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

20:13:31.0600 8152 hpqwmiex - ok

20:13:31.0630 8152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:13:31.0631 8152 HpSAMD - ok

20:13:31.0663 8152 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe

20:13:31.0664 8152 hpsrv - ok

20:13:31.0753 8152 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

20:13:31.0753 8152 HPWMISVC - ok

20:13:31.0814 8152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:13:31.0821 8152 HTTP - ok

20:13:31.0833 8152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:13:31.0833 8152 hwpolicy - ok

20:13:31.0856 8152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:13:31.0857 8152 i8042prt - ok

20:13:31.0909 8152 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys

20:13:31.0912 8152 iaStor - ok

20:13:31.0992 8152 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

20:13:31.0993 8152 IAStorDataMgrSvc - ok

20:13:32.0032 8152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:13:32.0036 8152 iaStorV - ok

20:13:32.0064 8152 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys

20:13:32.0065 8152 iBtFltCoex - ok

20:13:32.0182 8152 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

20:13:32.0194 8152 IconMan_R - ok

20:13:32.0291 8152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:13:32.0299 8152 idsvc - ok

20:13:32.0367 8152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

20:13:32.0367 8152 iirsp - ok

20:13:32.0416 8152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:13:32.0421 8152 IKEEXT - ok

20:13:32.0482 8152 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

20:13:32.0484 8152 IntcDAud - ok

20:13:32.0508 8152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:13:32.0509 8152 intelide - ok

20:13:32.0867 8152 intelkmd (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdpmd64.sys

20:13:33.0059 8152 intelkmd - ok

20:13:33.0162 8152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:13:33.0163 8152 intelppm - ok

20:13:33.0258 8152 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

20:13:33.0258 8152 IntuitUpdateServiceV4 - ok

20:13:33.0293 8152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:13:33.0295 8152 IPBusEnum - ok

20:13:33.0331 8152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:13:33.0331 8152 IpFilterDriver - ok

20:13:33.0354 8152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:13:33.0360 8152 iphlpsvc - ok

20:13:33.0385 8152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:13:33.0386 8152 IPMIDRV - ok

20:13:33.0399 8152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:13:33.0400 8152 IPNAT - ok

20:13:33.0430 8152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:13:33.0431 8152 IRENUM - ok

20:13:33.0441 8152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:13:33.0442 8152 isapnp - ok

20:13:33.0471 8152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:13:33.0474 8152 iScsiPrt - ok

20:13:33.0499 8152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:13:33.0500 8152 kbdclass - ok

20:13:33.0523 8152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:13:33.0523 8152 kbdhid - ok

20:13:33.0554 8152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:13:33.0556 8152 KeyIso - ok

20:13:33.0682 8152 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

20:13:33.0684 8152 Kodak AiO Network Discovery Service - ok

20:13:33.0715 8152 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:13:33.0716 8152 KSecDD - ok

20:13:33.0739 8152 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:13:33.0741 8152 KSecPkg - ok

20:13:33.0765 8152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:13:33.0766 8152 ksthunk - ok

20:13:33.0853 8152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:13:33.0866 8152 KtmRm - ok

20:13:33.0926 8152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

20:13:33.0941 8152 LanmanServer - ok

20:13:33.0971 8152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:13:33.0977 8152 LanmanWorkstation - ok

20:13:34.0359 8152 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

20:13:34.0475 8152 LeapFrog Connect Device Service - ok

20:13:34.0602 8152 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys

20:13:34.0604 8152 LeapFrog-USBLAN - ok

20:13:34.0652 8152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:13:34.0655 8152 lltdio - ok

20:13:34.0696 8152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:13:34.0704 8152 lltdsvc - ok

20:13:34.0732 8152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:13:34.0737 8152 lmhosts - ok

20:13:34.0827 8152 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:13:34.0832 8152 LMS - ok

20:13:34.0864 8152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

20:13:34.0867 8152 LSI_FC - ok

20:13:34.0896 8152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

20:13:34.0898 8152 LSI_SAS - ok

20:13:34.0923 8152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

20:13:34.0924 8152 LSI_SAS2 - ok

20:13:34.0944 8152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

20:13:34.0946 8152 LSI_SCSI - ok

20:13:34.0971 8152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:13:34.0973 8152 luafv - ok

20:13:35.0001 8152 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

20:13:35.0002 8152 MBAMProtector - ok

20:13:35.0074 8152 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:13:35.0081 8152 MBAMService - ok

20:13:35.0114 8152 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:13:35.0118 8152 Mcx2Svc - ok

20:13:35.0143 8152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

20:13:35.0144 8152 megasas - ok

20:13:35.0192 8152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

20:13:35.0198 8152 MegaSR - ok

20:13:35.0233 8152 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

20:13:35.0234 8152 MEIx64 - ok

20:13:35.0299 8152 Microsoft SharePoint Workspace Audit Service - ok

20:13:35.0330 8152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:13:35.0336 8152 MMCSS - ok

20:13:35.0365 8152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:13:35.0367 8152 Modem - ok

20:13:35.0404 8152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:13:35.0405 8152 monitor - ok

20:13:35.0458 8152 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys

20:13:35.0460 8152 motandroidusb - ok

20:13:35.0519 8152 motccgp (85198fb1e5cc4a9db03443a385ea0ad2) C:\Windows\system32\DRIVERS\motccgp.sys

20:13:35.0520 8152 motccgp - ok

20:13:35.0534 8152 motccgpfl (577399c75cf85ac68e7830eb150f45ef) C:\Windows\system32\DRIVERS\motccgpfl.sys

20:13:35.0535 8152 motccgpfl - ok

20:13:35.0567 8152 motmodem (0ef6b989af403c1c1b6ebcbd2a280612) C:\Windows\system32\DRIVERS\motmodem.sys

20:13:35.0569 8152 motmodem - ok

20:13:35.0629 8152 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

20:13:35.0632 8152 MotoHelper - ok

20:13:35.0658 8152 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys

20:13:35.0659 8152 MotoSwitchService - ok

20:13:35.0696 8152 Motousbnet (7e1bd35249f4d5a745144b3c77f9fb85) C:\Windows\system32\DRIVERS\Motousbnet.sys

20:13:35.0698 8152 Motousbnet - ok

20:13:35.0718 8152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:13:35.0719 8152 mouclass - ok

20:13:35.0738 8152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:13:35.0739 8152 mouhid - ok

20:13:35.0766 8152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:13:35.0769 8152 mountmgr - ok

20:13:35.0839 8152 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:13:35.0843 8152 MozillaMaintenance - ok

20:13:35.0877 8152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:13:35.0881 8152 mpio - ok

20:13:35.0913 8152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:13:35.0916 8152 mpsdrv - ok

20:13:35.0976 8152 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:13:35.0990 8152 MpsSvc - ok

20:13:36.0004 8152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:13:36.0005 8152 MRxDAV - ok

20:13:36.0027 8152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:13:36.0029 8152 mrxsmb - ok

20:13:36.0079 8152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:13:36.0082 8152 mrxsmb10 - ok

20:13:36.0108 8152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:13:36.0110 8152 mrxsmb20 - ok

20:13:36.0132 8152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:13:36.0133 8152 msahci - ok

20:13:36.0168 8152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:13:36.0170 8152 msdsm - ok

20:13:36.0198 8152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:13:36.0201 8152 MSDTC - ok

20:13:36.0245 8152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:13:36.0246 8152 Msfs - ok

20:13:36.0256 8152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:13:36.0257 8152 mshidkmdf - ok

20:13:36.0279 8152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:13:36.0280 8152 msisadrv - ok

20:13:36.0322 8152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:13:36.0326 8152 MSiSCSI - ok

20:13:36.0330 8152 msiserver - ok

20:13:36.0361 8152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:13:36.0362 8152 MSKSSRV - ok

20:13:36.0366 8152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:13:36.0367 8152 MSPCLOCK - ok

20:13:36.0371 8152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:13:36.0371 8152 MSPQM - ok

20:13:36.0398 8152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:13:36.0402 8152 MsRPC - ok

20:13:36.0418 8152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:13:36.0419 8152 mssmbios - ok

20:13:36.0504 8152 MSSQL$SQLEXPRESS - ok

20:13:36.0611 8152 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

20:13:36.0614 8152 MSSQLServerADHelper100 - ok

20:13:36.0654 8152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:13:36.0656 8152 MSTEE - ok

20:13:36.0685 8152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

20:13:36.0687 8152 MTConfig - ok

20:13:36.0718 8152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:13:36.0721 8152 Mup - ok

20:13:36.0800 8152 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

20:13:36.0804 8152 MyWiFiDHCPDNS - ok

20:13:36.0838 8152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:13:36.0847 8152 napagent - ok

20:13:36.0902 8152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:13:36.0910 8152 NativeWifiP - ok

20:13:36.0990 8152 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

20:13:37.0010 8152 NDIS - ok

20:13:37.0045 8152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:13:37.0048 8152 NdisCap - ok

20:13:37.0077 8152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:13:37.0079 8152 NdisTapi - ok

20:13:37.0094 8152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:13:37.0097 8152 Ndisuio - ok

20:13:37.0117 8152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:13:37.0120 8152 NdisWan - ok

20:13:37.0144 8152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:13:37.0145 8152 NDProxy - ok

20:13:37.0193 8152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:13:37.0195 8152 NetBIOS - ok

20:13:37.0213 8152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:13:37.0217 8152 NetBT - ok

20:13:37.0244 8152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:13:37.0247 8152 Netlogon - ok

20:13:37.0295 8152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:13:37.0302 8152 Netman - ok

20:13:37.0398 8152 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:13:37.0402 8152 NetMsmqActivator - ok

20:13:37.0406 8152 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:13:37.0408 8152 NetPipeActivator - ok

20:13:37.0454 8152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:13:37.0462 8152 netprofm - ok

20:13:37.0466 8152 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:13:37.0469 8152 NetTcpActivator - ok

20:13:37.0473 8152 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:13:37.0475 8152 NetTcpPortSharing - ok

20:13:37.0842 8152 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

20:13:38.0009 8152 NETwNs64 - ok

20:13:38.0128 8152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

20:13:38.0130 8152 nfrd960 - ok

20:13:38.0184 8152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:13:38.0197 8152 NlaSvc - ok

20:13:38.0220 8152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:13:38.0221 8152 Npfs - ok

20:13:38.0233 8152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:13:38.0237 8152 nsi - ok

20:13:38.0251 8152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:13:38.0252 8152 nsiproxy - ok

20:13:38.0339 8152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:13:38.0362 8152 Ntfs - ok

20:13:38.0465 8152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:13:38.0467 8152 Null - ok

20:13:38.0500 8152 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys

20:13:38.0503 8152 nusb3hub - ok

20:13:38.0548 8152 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys

20:13:38.0553 8152 nusb3xhc - ok

20:13:38.0615 8152 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

20:13:38.0625 8152 NVENETFD - ok

20:13:38.0662 8152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:13:38.0666 8152 nvraid - ok

20:13:38.0691 8152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:13:38.0693 8152 nvstor - ok

20:13:38.0735 8152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:13:38.0737 8152 nv_agp - ok

20:13:38.0766 8152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:13:38.0767 8152 ohci1394 - ok

20:13:38.0843 8152 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:13:38.0847 8152 ose - ok

20:13:39.0287 8152 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:13:39.0309 8152 osppsvc - ok

20:13:39.0413 8152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:13:39.0425 8152 p2pimsvc - ok

20:13:39.0455 8152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:13:39.0462 8152 p2psvc - ok

20:13:39.0504 8152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

20:13:39.0505 8152 Parport - ok

20:13:39.0524 8152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:13:39.0526 8152 partmgr - ok

20:13:39.0551 8152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:13:39.0557 8152 PcaSvc - ok

20:13:39.0585 8152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:13:39.0588 8152 pci - ok

20:13:39.0607 8152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:13:39.0609 8152 pciide - ok

20:13:39.0634 8152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

20:13:39.0637 8152 pcmcia - ok

20:13:39.0654 8152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:13:39.0656 8152 pcw - ok

20:13:39.0689 8152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:13:39.0698 8152 PEAUTH - ok

20:13:39.0754 8152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:13:39.0758 8152 PerfHost - ok

20:13:39.0900 8152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:13:39.0922 8152 pla - ok

20:13:39.0991 8152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:13:40.0003 8152 PlugPlay - ok

20:13:40.0023 8152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:13:40.0027 8152 PNRPAutoReg - ok

20:13:40.0054 8152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:13:40.0059 8152 PNRPsvc - ok

20:13:40.0100 8152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:13:40.0105 8152 PolicyAgent - ok

20:13:40.0133 8152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:13:40.0140 8152 Power - ok

20:13:40.0198 8152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:13:40.0200 8152 PptpMiniport - ok

20:13:40.0231 8152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

20:13:40.0233 8152 Processor - ok

20:13:40.0285 8152 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:13:40.0296 8152 ProfSvc - ok

20:13:40.0333 8152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:13:40.0337 8152 ProtectedStorage - ok

20:13:40.0385 8152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:13:40.0388 8152 Psched - ok

20:13:40.0475 8152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

20:13:40.0494 8152 ql2300 - ok

20:13:40.0600 8152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

20:13:40.0604 8152 ql40xx - ok

20:13:40.0637 8152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:13:40.0647 8152 QWAVE - ok

20:13:40.0670 8152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:13:40.0671 8152 QWAVEdrv - ok

20:13:40.0684 8152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:13:40.0686 8152 RasAcd - ok

20:13:40.0724 8152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:13:40.0726 8152 RasAgileVpn - ok

20:13:40.0754 8152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:13:40.0760 8152 RasAuto - ok

20:13:40.0783 8152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:13:40.0786 8152 Rasl2tp - ok

20:13:40.0808 8152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:13:40.0818 8152 RasMan - ok

20:13:40.0864 8152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:13:40.0866 8152 RasPppoe - ok

20:13:40.0874 8152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:13:40.0876 8152 RasSstp - ok

20:13:40.0902 8152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:13:40.0907 8152 rdbss - ok

20:13:40.0933 8152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

20:13:40.0935 8152 rdpbus - ok

20:13:40.0954 8152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:13:40.0955 8152 RDPCDD - ok

20:13:40.0970 8152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:13:40.0971 8152 RDPENCDD - ok

20:13:40.0984 8152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:13:40.0985 8152 RDPREFMP - ok

20:13:41.0022 8152 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:13:41.0024 8152 RDPWD - ok

20:13:41.0062 8152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:13:41.0065 8152 rdyboost - ok

20:13:41.0192 8152 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

20:13:41.0203 8152 RegSrvc - ok

20:13:41.0236 8152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:13:41.0239 8152 RemoteAccess - ok

20:13:41.0269 8152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:13:41.0274 8152 RemoteRegistry - ok

20:13:41.0329 8152 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

20:13:41.0332 8152 RFCOMM - ok

20:13:41.0426 8152 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

20:13:41.0433 8152 RoxioNow Service - ok

20:13:41.0473 8152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:13:41.0482 8152 RpcEptMapper - ok

20:13:41.0498 8152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:13:41.0502 8152 RpcLocator - ok

20:13:41.0532 8152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll

20:13:41.0541 8152 RpcSs - ok

20:13:41.0577 8152 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

20:13:41.0583 8152 RsFx0103 - ok

20:13:41.0647 8152 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

20:13:41.0652 8152 RSPCIESTOR - ok

20:13:41.0696 8152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:13:41.0698 8152 rspndr - ok

20:13:41.0736 8152 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:13:41.0742 8152 RTL8167 - ok

20:13:41.0778 8152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:13:41.0782 8152 SamSs - ok

20:13:41.0816 8152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:13:41.0818 8152 sbp2port - ok

20:13:41.0847 8152 sbusb_vista - ok

20:13:41.0883 8152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:13:41.0890 8152 SCardSvr - ok

20:13:41.0946 8152 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys

20:13:41.0948 8152 SCDEmu - ok

20:13:41.0986 8152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:13:41.0987 8152 scfilter - ok

20:13:42.0115 8152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:13:42.0139 8152 Schedule - ok

20:13:42.0167 8152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:13:42.0168 8152 SCPolicySvc - ok

20:13:42.0207 8152 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

20:13:42.0210 8152 sdbus - ok

20:13:42.0244 8152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:13:42.0256 8152 SDRSVC - ok

20:13:42.0286 8152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:13:42.0287 8152 secdrv - ok

20:13:42.0301 8152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:13:42.0307 8152 seclogon - ok

20:13:42.0327 8152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

20:13:42.0332 8152 SENS - ok

20:13:42.0372 8152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:13:42.0377 8152 SensrSvc - ok

20:13:42.0401 8152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:13:42.0403 8152 Serenum - ok

20:13:42.0420 8152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

20:13:42.0422 8152 Serial - ok

20:13:42.0451 8152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

20:13:42.0453 8152 sermouse - ok

20:13:42.0480 8152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:13:42.0486 8152 SessionEnv - ok

20:13:42.0513 8152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:13:42.0514 8152 sffdisk - ok

20:13:42.0531 8152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:13:42.0532 8152 sffp_mmc - ok

20:13:42.0537 8152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:13:42.0538 8152 sffp_sd - ok

20:13:42.0566 8152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

20:13:42.0568 8152 sfloppy - ok

20:13:42.0608 8152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:13:42.0615 8152 SharedAccess - ok

20:13:42.0656 8152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:13:42.0664 8152 ShellHWDetection - ok

20:13:42.0699 8152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

20:13:42.0700 8152 SiSRaid2 - ok

20:13:42.0734 8152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

20:13:42.0736 8152 SiSRaid4 - ok

20:13:42.0763 8152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:13:42.0765 8152 Smb - ok

20:13:42.0810 8152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:13:42.0815 8152 SNMPTRAP - ok

20:13:42.0828 8152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:13:42.0829 8152 spldr - ok

20:13:42.0859 8152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:13:42.0869 8152 Spooler - ok

20:13:43.0009 8152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:13:43.0041 8152 sppsvc - ok

20:13:43.0140 8152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:13:43.0150 8152 sppuinotify - ok

20:13:43.0255 8152 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

20:13:43.0264 8152 SQLAgent$SQLEXPRESS - ok

20:13:43.0368 8152 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

20:13:43.0375 8152 SQLBrowser - ok

20:13:43.0417 8152 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

20:13:43.0422 8152 SQLWriter - ok

20:13:43.0495 8152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:13:43.0506 8152 srv - ok

20:13:43.0539 8152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:13:43.0544 8152 srv2 - ok

20:13:43.0580 8152 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

20:13:43.0585 8152 SrvHsfHDA - ok

20:13:43.0661 8152 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

20:13:43.0679 8152 SrvHsfV92 - ok

20:13:43.0826 8152 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

20:13:43.0837 8152 SrvHsfWinac - ok

20:13:43.0869 8152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:13:43.0873 8152 srvnet - ok

20:13:43.0913 8152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:13:43.0921 8152 SSDPSRV - ok

20:13:43.0937 8152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:13:43.0943 8152 SstpSvc - ok

20:13:44.0059 8152 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe

20:13:44.0064 8152 STacSV - ok

20:13:44.0088 8152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

20:13:44.0090 8152 stexstor - ok

20:13:44.0158 8152 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys

20:13:44.0166 8152 STHDA - ok

20:13:44.0219 8152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:13:44.0233 8152 stisvc - ok

20:13:44.0266 8152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:13:44.0267 8152 swenum - ok

20:13:44.0318 8152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:13:44.0334 8152 swprv - ok

20:13:44.0440 8152 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

20:13:44.0459 8152 SynTP - ok

20:13:44.0610 8152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:13:44.0634 8152 SysMain - ok

20:13:44.0721 8152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:13:44.0728 8152 TabletInputService - ok

20:13:44.0754 8152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:13:44.0762 8152 TapiSrv - ok

20:13:44.0777 8152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:13:44.0782 8152 TBS - ok

20:13:44.0928 8152 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:13:44.0949 8152 Tcpip - ok

20:13:45.0140 8152 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:13:45.0154 8152 TCPIP6 - ok

20:13:45.0265 8152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:13:45.0268 8152 tcpipreg - ok

20:13:45.0291 8152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:13:45.0294 8152 TDPIPE - ok

20:13:45.0324 8152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:13:45.0326 8152 TDTCP - ok

20:13:45.0367 8152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:13:45.0371 8152 tdx - ok

20:13:45.0407 8152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:13:45.0409 8152 TermDD - ok

20:13:45.0464 8152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:13:45.0477 8152 TermService - ok

20:13:45.0497 8152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:13:45.0503 8152 Themes - ok

20:13:45.0530 8152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:13:45.0534 8152 THREADORDER - ok

20:13:45.0558 8152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:13:45.0564 8152 TrkWks - ok

20:13:45.0673 8152 TrueService (e06079d6bcf81ab8d07a932b209bc839) C:\Program Files\Common Files\AuthenTec\TrueService.exe

20:13:45.0678 8152 TrueService - ok

20:13:45.0737 8152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:13:45.0741 8152 TrustedInstaller - ok

20:13:45.0795 8152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:13:45.0797 8152 tssecsrv - ok

20:13:45.0830 8152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:13:45.0832 8152 TsUsbFlt - ok

20:13:45.0864 8152 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

20:13:45.0866 8152 TsUsbGD - ok

20:13:45.0918 8152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:13:45.0922 8152 tunnel - ok

20:13:45.0941 8152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

20:13:45.0943 8152 uagp35 - ok

20:13:45.0967 8152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:13:45.0972 8152 udfs - ok

20:13:46.0005 8152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:13:46.0010 8152 UI0Detect - ok

20:13:46.0049 8152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:13:46.0050 8152 uliagpkx - ok

20:13:46.0083 8152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:13:46.0084 8152 umbus - ok

20:13:46.0109 8152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

20:13:46.0110 8152 UmPass - ok

20:13:46.0266 8152 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:13:46.0287 8152 UNS - ok

20:13:46.0393 8152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:13:46.0408 8152 upnphost - ok

20:13:46.0450 8152 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys

20:13:46.0452 8152 usbbus - ok

20:13:46.0488 8152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:13:46.0490 8152 usbccgp - ok

20:13:46.0522 8152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:13:46.0525 8152 usbcir - ok

20:13:46.0553 8152 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys

20:13:46.0555 8152 UsbDiag - ok

20:13:46.0570 8152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:13:46.0573 8152 usbehci - ok

20:13:46.0618 8152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:13:46.0623 8152 usbhub - ok

20:13:46.0643 8152 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys

20:13:46.0645 8152 USBModem - ok

20:13:46.0659 8152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:13:46.0661 8152 usbohci - ok

20:13:46.0693 8152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:13:46.0694 8152 usbprint - ok

20:13:46.0731 8152 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:13:46.0733 8152 usbscan - ok

20:13:46.0762 8152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:13:46.0763 8152 USBSTOR - ok

20:13:46.0775 8152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:13:46.0777 8152 usbuhci - ok

20:13:46.0826 8152 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

20:13:46.0829 8152 usbvideo - ok

20:13:46.0855 8152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:13:46.0861 8152 UxSms - ok

20:13:46.0912 8152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:13:46.0916 8152 VaultSvc - ok

20:13:46.0945 8152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:13:46.0947 8152 vdrvroot - ok

20:13:46.0975 8152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:13:46.0987 8152 vds - ok

20:13:47.0009 8152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:13:47.0010 8152 vga - ok

20:13:47.0023 8152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:13:47.0024 8152 VgaSave - ok

20:13:47.0063 8152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:13:47.0066 8152 vhdmp - ok

20:13:47.0087 8152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:13:47.0089 8152 viaide - ok

20:13:47.0119 8152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:13:47.0121 8152 volmgr - ok

20:13:47.0151 8152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:13:47.0156 8152 volmgrx - ok

20:13:47.0191 8152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:13:47.0195 8152 volsnap - ok

20:13:47.0219 8152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

20:13:47.0222 8152 vsmraid - ok

20:13:47.0300 8152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:13:47.0320 8152 VSS - ok

20:13:47.0425 8152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:13:47.0428 8152 vwifibus - ok

20:13:47.0462 8152 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:13:47.0465 8152 vwififlt - ok

20:13:47.0485 8152 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:13:47.0486 8152 vwifimp - ok

20:13:47.0529 8152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:13:47.0540 8152 W32Time - ok

20:13:47.0573 8152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

20:13:47.0574 8152 WacomPen - ok

20:13:47.0607 8152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:13:47.0609 8152 WANARP - ok

20:13:47.0627 8152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:13:47.0629 8152 Wanarpv6 - ok

20:13:47.0702 8152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:13:47.0714 8152 WatAdminSvc - ok

20:13:47.0826 8152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:13:47.0850 8152 wbengine - ok

20:13:47.0953 8152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:13:47.0967 8152 WbioSrvc - ok

20:13:47.0999 8152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:13:48.0008 8152 wcncsvc - ok

20:13:48.0028 8152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:13:48.0033 8152 WcsPlugInService - ok

20:13:48.0087 8152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

20:13:48.0088 8152 Wd - ok

20:13:48.0139 8152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:13:48.0147 8152 Wdf01000 - ok

20:13:48.0171 8152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:13:48.0177 8152 WdiServiceHost - ok

20:13:48.0181 8152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:13:48.0186 8152 WdiSystemHost - ok

20:13:48.0223 8152 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

20:13:48.0225 8152 wdkmd - ok

20:13:48.0244 8152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:13:48.0252 8152 WebClient - ok

20:13:48.0269 8152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:13:48.0277 8152 Wecsvc - ok

20:13:48.0306 8152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:13:48.0312 8152 wercplsupport - ok

20:13:48.0338 8152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:13:48.0344 8152 WerSvc - ok

20:13:48.0385 8152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:13:48.0386 8152 WfpLwf - ok

20:13:48.0394 8152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:13:48.0396 8152 WIMMount - ok

20:13:48.0433 8152 WinDefend - ok

20:13:48.0442 8152 WinHttpAutoProxySvc - ok

20:13:48.0492 8152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:13:48.0494 8152 Winmgmt - ok

20:13:48.0586 8152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:13:48.0610 8152 WinRM - ok

20:13:48.0727 8152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

20:13:48.0730 8152 WinUsb - ok

20:13:48.0802 8152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:13:48.0825 8152 Wlansvc - ok

20:13:48.0864 8152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:13:48.0867 8152 WmiAcpi - ok

20:13:48.0939 8152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:13:48.0945 8152 wmiApSrv - ok

20:13:48.0986 8152 WMPNetworkSvc - ok

20:13:49.0034 8152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:13:49.0044 8152 WPCSvc - ok

20:13:49.0072 8152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:13:49.0082 8152 WPDBusEnum - ok

20:13:49.0110 8152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:13:49.0111 8152 ws2ifsl - ok

20:13:49.0126 8152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

20:13:49.0131 8152 wscsvc - ok

20:13:49.0136 8152 WSearch - ok

20:13:49.0229 8152 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:13:49.0258 8152 wuauserv - ok

20:13:49.0364 8152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:13:49.0366 8152 WudfPf - ok

20:13:49.0391 8152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:13:49.0394 8152 WUDFRd - ok

20:13:49.0426 8152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:13:49.0433 8152 wudfsvc - ok

20:13:49.0459 8152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:13:49.0469 8152 WwanSvc - ok

20:13:49.0528 8152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:13:49.0592 8152 \Device\Harddisk0\DR0 - ok

20:13:49.0598 8152 Boot (0x1200) (5341a79ffdb6b5f1459943487374086a) \Device\Harddisk0\DR0\Partition0

20:13:49.0600 8152 \Device\Harddisk0\DR0\Partition0 - ok

20:13:49.0614 8152 Boot (0x1200) (79e2df136e149b6f81a4b39fdec76bfc) \Device\Harddisk0\DR0\Partition1

20:13:49.0616 8152 \Device\Harddisk0\DR0\Partition1 - ok

20:13:49.0650 8152 Boot (0x1200) (1bfecddb5e7254f2b38df899ae5a140d) \Device\Harddisk0\DR0\Partition2

20:13:49.0652 8152 \Device\Harddisk0\DR0\Partition2 - ok

20:13:49.0663 8152 Boot (0x1200) (4f536297ab92285a75c1a2750b85d5aa) \Device\Harddisk0\DR0\Partition3

20:13:49.0665 8152 \Device\Harddisk0\DR0\Partition3 - ok

20:13:49.0665 8152 ============================================================

20:13:49.0666 8152 Scan finished

20:13:49.0666 8152 ============================================================

20:13:49.0684 7220 Detected object count: 0

20:13:49.0684 7220 Actual detected object count: 0

21:04:59.0638 3636 Deinitialize success

Indyultra · May 4, 2012

Run date: 2012-05-03 20:06:05

-----------------------------

20:06:05.600 OS Version: Windows x64 6.1.7601 Service Pack 1

20:06:05.600 Number of processors: 4 586 0x2A07

20:06:05.601 ComputerName: CHRIS-HP UserName: Chris

20:06:08.533 Initialize success

20:06:08.615 AVAST engine defs: 12050301

20:06:25.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:06:25.367 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3

20:06:25.381 Disk 0 MBR read successfully

20:06:25.383 Disk 0 MBR scan

20:06:25.385 Disk 0 Windows 7 default MBR code

20:06:25.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

20:06:25.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700249 MB offset 409600

20:06:25.426 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14852 MB offset 1434519552

20:06:25.439 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448

20:06:25.468 Disk 0 scanning C:\Windows\system32\drivers

20:06:33.682 Service scanning

20:07:09.059 Modules scanning

20:07:09.077 Scan finished successfully

20:08:54.978 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"

20:08:54.982 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Happili.com redirects. Help -- Trojan.Tracur

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information