View Full Version : Ilivid Root kit issue

2012-09-14, 08:26
I keep getting annoying popups for Ilivid in Firefox. They do not appear to be affecting Chrome.

I googled it and identified it as an Ilivid Root Kit problem.

Only major change I made to my PC in the last month was dumping Mcafee and upgrading to Vipre. I use bit torrents but I stick with a few trusted search engines.

Thanks in advance to the volunteers. I've used these forums a few times over the years and you provide a generous and invaluable service.

Hope I have this right:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Phil at 0:48:16 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1679 [GMT -4:00]
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://go.adt.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer =
TCP: Interfaces\{15D81026-D0E5-4267-9482-F2E0D3DF05E1} : DhcpNameServer =
TCP: Interfaces\{15D81026-D0E5-4267-9482-F2E0D3DF05E1}\5505F4E423 : DhcpNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zerjo7nd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Phil\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
============= SERVICES / DRIVERS ===============
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-6-25 216080]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-6-22 3289720]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-6-22 173960]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-21 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-21 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2009-12-12 24176]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
=============== Created Last 30 ================
2012-09-12 07:07:06 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 07:07:06 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 07:07:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 07:07:04 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 07:07:03 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 07:07:03 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 12:35:04 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 61184 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-08-24 03:04:57 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-08-24 03:04:56 258304 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-08-24 03:04:55 46472 ----a-w- C:\Windows\System32\sbbd.exe
2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
==================== Find3M ====================
2012-08-15 07:43:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:43:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-06-25 18:58:44 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2012-06-22 19:37:42 46472 ----a-w- C:\Windows\SysWow64\sbbd.exe
============= FINISH: 0:50:32.67 ===============

aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 00:53:24
00:53:24.927 OS Version: Windows x64 6.1.7601 Service Pack 1
00:53:24.927 Number of processors: 2 586 0x170A
00:53:24.927 ComputerName: PHILS-HP UserName: Phil
00:53:27.487 Initialize success
00:54:11.537 AVAST engine defs: 12091301
00:54:33.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:54:33.297 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
00:54:33.367 Disk 0 MBR read successfully
00:54:33.377 Disk 0 MBR scan
00:54:33.427 Disk 0 unknown MBR code
00:54:33.487 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:54:33.537 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
00:54:33.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
00:54:33.647 Disk 0 scanning C:\Windows\system32\drivers
00:54:50.607 Service scanning
00:55:42.957 Modules scanning
00:55:42.967 Disk 0 trace - called modules:
00:55:43.017 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:55:43.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800337a060]
00:55:43.037 3 CLASSPNP.SYS[fffff880010ac43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e86060]
00:55:44.637 AVAST engine scan C:\Windows
00:55:47.657 AVAST engine scan C:\Windows\system32
01:01:31.028 AVAST engine scan C:\Windows\system32\drivers
01:01:50.688 AVAST engine scan C:\Users\Phil
01:09:24.918 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\Malware Logs\MBR.dat"
01:09:24.928 The log file has been saved successfully to "C:\Users\Phil\Desktop\Malware Logs\aswMBR 9-14.txt"

2012-09-18, 23:49

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html)


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

2012-09-20, 22:10
Do you still need help? :)

2012-09-21, 22:37
Thanks. I was out of town for a few days.

I ran the combofix and now my PC is dragging like I have 256K of RAM.

Here's the log

ComboFix 12-09-20.02 - Phil 09/21/2012 10:06:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1109 [GMT -4:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!SysWOW64!userinit.exe
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
2012-09-21 14:18 . 2012-09-21 14:18 -------- d-----w- c:\users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-21 14:18 . 2012-09-21 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 04:46 . 2012-09-14 04:46 -------- d-----w- c:\program files (x86)\ERUNT
2012-09-12 07:07 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:07 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:07 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 07:07 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:07 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:07 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35 . 2012-09-09 12:35 -------- d-----w- c:\program files\PhotomatixPro4
2012-09-09 12:35 . 2012-09-09 12:35 -------- d-----w- c:\users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17 . 2012-09-09 03:17 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05 . 2012-08-24 03:05 -------- d-----w- c:\programdata\GFI Software
2012-08-24 03:05 . 2012-04-14 01:30 61184 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-24 03:04 . 2011-09-29 17:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04 . 2012-04-14 01:30 258304 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-08-24 03:04 . 2012-06-22 19:37 46472 ----a-w- c:\windows\system32\sbbd.exe
2012-08-24 03:04 . 2012-08-24 03:04 -------- d-----w- c:\programdata\Downloaded Installations
2012-08-24 03:03 . 2012-08-24 03:03 -------- d-----w- c:\program files (x86)\GFI Software
2012-08-24 03:03 . 2012-08-24 03:03 -------- d-----w- c:\users\Phil\AppData\Roaming\GFI Software
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-13 07:01 . 2009-12-19 18:18 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 07:43 . 2012-04-17 12:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 07:43 . 2011-05-26 02:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-14 23:41 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-14 23:41 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 23:41 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 23:41 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 23:41 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 07:08 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 07:08 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 07:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 07:08 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 07:08 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 07:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 07:08 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 07:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 07:08 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 07:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 07:08 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 07:08 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 07:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 07:08 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 07:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 07:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 07:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 07:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 07:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 18:58 . 2012-07-05 16:03 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 18:58 . 2012-07-05 16:03 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[7] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
[7] 2012-08-22 . F782CAD3CEDBB3F9FFE3BF2775D92DDC . 1913200 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
[7] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\system32\ntoskrnl.exe
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[7] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 21:28 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
2012-02-14 22:58 94208 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
2012-02-14 22:58 94208 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-06-22 3050888]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"WallpaperStyle"= 2
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-04-14 61184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-04-14 258304]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-06-25 216080]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-06-22 3289720]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-06-22 173960]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-03-06 58400]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-06-17 7675392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
Contents of the 'Scheduled Tasks' folder
2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:48]
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 05:16]
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 05:16]
2012-09-17 c:\windows\Tasks\HPCeeScheduleForPhil.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
--------- X64 Entries -----------
2012-02-14 22:58 97792 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
2012-02-14 22:58 97792 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
2012-02-14 22:58 97792 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
2012-02-14 22:58 97792 ----a-w- c:\users\Phil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx
TCP: DhcpNameServer =
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zerjo7nd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
- - - - ORPHANS REMOVED - - - -
Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
--------------------- LOCKED REGISTRY KEYS ---------------------
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
@Denied: (A 2) (Everyone)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
------------------------ Other Running Processes ------------------------
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
Completion time: 2012-09-21 13:05:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 16:59
Pre-Run: 105,160,470,528 bytes free
Post-Run: 112,071,565,312 bytes free
- - End Of File - - 3261E344AF9F57F43E64773C4872B816

2012-09-21, 23:01

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)


2012-09-22, 01:08
trying. these little things are taking me 20-30 minutes to download, install, and post a log. My PC is under siege!

Thanks for your help. Otherwise I'd be taking a hammer to this laptop.

2012-09-22, 01:26
nothing found.

18:18:55.0236 5072 TDSS rootkit removing tool Aug 20 2012 17:30:03
18:18:57.0186 5072 ============================================================
18:18:57.0186 5072 Current date / time: 2012/09/21 18:18:57.0186
18:18:57.0186 5072 SystemInfo:
18:18:57.0186 5072
18:18:57.0186 5072 OS Version: 6.1.7601 ServicePack: 1.0
18:18:57.0186 5072 Product type: Workstation
18:18:57.0186 5072 ComputerName: PHILS-HP
18:18:57.0186 5072 UserName: Phil
18:18:57.0186 5072 Windows directory: C:\Windows
18:18:57.0186 5072 System windows directory: C:\Windows
18:18:57.0186 5072 Running under WOW64
18:18:57.0186 5072 Processor architecture: Intel x64
18:18:57.0186 5072 Number of processors: 2
18:18:57.0186 5072 Page size: 0x1000
18:18:57.0186 5072 Boot type: Normal boot
18:18:57.0186 5072 ============================================================
18:19:00.0556 5072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
18:19:00.0571 5072 ============================================================
18:19:00.0571 5072 \Device\Harddisk0\DR0:
18:19:00.0571 5072 MBR partitions:
18:19:00.0571 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:19:00.0571 5072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000
18:19:00.0571 5072 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000
18:19:00.0571 5072 ============================================================
18:19:00.0712 5072 C: <-> \Device\Harddisk0\DR0\Partition2
18:19:01.0195 5072 D: <-> \Device\Harddisk0\DR0\Partition3
18:19:01.0195 5072 ============================================================
18:19:01.0195 5072 Initialize success
18:19:01.0195 5072 ============================================================
18:19:07.0482 3080 ============================================================
18:19:07.0482 3080 Scan started
18:19:07.0482 3080 Mode: Manual;
18:19:07.0482 3080 ============================================================
18:19:09.0307 3080 ================ Scan system memory ========================
18:19:09.0307 3080 System memory - ok
18:19:09.0307 3080 ================ Scan services =============================
18:19:09.0604 3080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:19:09.0619 3080 1394ohci - ok
18:19:09.0807 3080 [ F146E2BA475893DD77B2370DC1211FC6 ] 91605408 C:\Windows\system32\drivers\00295725.sys
18:19:09.0807 3080 91605408 - ok
18:19:09.0916 3080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:19:09.0963 3080 ACPI - ok
18:19:10.0072 3080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:19:10.0072 3080 AcpiPmi - ok
18:19:10.0462 3080 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:10.0462 3080 AdobeFlashPlayerUpdateSvc - ok
18:19:10.0665 3080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:19:10.0680 3080 adp94xx - ok
18:19:10.0758 3080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:19:10.0758 3080 adpahci - ok
18:19:10.0867 3080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:19:10.0867 3080 adpu320 - ok
18:19:10.0945 3080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:19:10.0961 3080 AeLookupSvc - ok
18:19:11.0101 3080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:19:11.0133 3080 AFD - ok
18:19:11.0211 3080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:19:11.0211 3080 agp440 - ok
18:19:11.0304 3080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:19:11.0304 3080 ALG - ok
18:19:11.0398 3080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:19:11.0398 3080 aliide - ok
18:19:11.0429 3080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:19:11.0429 3080 amdide - ok
18:19:11.0476 3080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:19:11.0491 3080 AmdK8 - ok
18:19:11.0569 3080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:19:11.0569 3080 AmdPPM - ok
18:19:11.0663 3080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:19:11.0663 3080 amdsata - ok
18:19:11.0694 3080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:19:11.0694 3080 amdsbs - ok
18:19:11.0725 3080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:19:11.0725 3080 amdxata - ok
18:19:11.0928 3080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:19:11.0928 3080 AppID - ok
18:19:11.0959 3080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:19:11.0959 3080 AppIDSvc - ok
18:19:12.0022 3080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:19:12.0037 3080 Appinfo - ok
18:19:12.0193 3080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:19:12.0193 3080 arc - ok
18:19:12.0225 3080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:19:12.0225 3080 arcsas - ok
18:19:12.0490 3080 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:19:12.0537 3080 aspnet_state - ok
18:19:12.0630 3080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:12.0630 3080 AsyncMac - ok
18:19:12.0708 3080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:19:12.0708 3080 atapi - ok
18:19:12.0864 3080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:19:12.0880 3080 AudioEndpointBuilder - ok
18:19:13.0067 3080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:19:13.0083 3080 AudioSrv - ok
18:19:13.0145 3080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:19:13.0145 3080 AxInstSV - ok
18:19:13.0207 3080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:19:13.0223 3080 b06bdrv - ok
18:19:13.0301 3080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:19:13.0301 3080 b57nd60a - ok
18:19:13.0551 3080 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:19:13.0551 3080 BBSvc - ok
18:19:13.0753 3080 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:19:13.0753 3080 BBUpdate - ok
18:19:13.0894 3080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:19:13.0909 3080 BDESVC - ok
18:19:13.0941 3080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:19:13.0941 3080 Beep - ok
18:19:14.0097 3080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:19:14.0112 3080 BFE - ok
18:19:14.0955 3080 [ 27FDD13BEC08CEEAC4BE6B900A6C39CE ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
18:19:14.0955 3080 bgsvcgen - ok
18:19:15.0048 3080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:19:15.0048 3080 BITS - ok
18:19:15.0142 3080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:15.0142 3080 blbdrive - ok
18:19:15.0391 3080 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:19:15.0391 3080 Bonjour Service - ok
18:19:15.0516 3080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:19:15.0516 3080 bowser - ok
18:19:15.0547 3080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:19:15.0563 3080 BrFiltLo - ok
18:19:15.0579 3080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:19:15.0579 3080 BrFiltUp - ok
18:19:15.0641 3080 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:19:15.0641 3080 BridgeMP - ok
18:19:15.0703 3080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:19:15.0703 3080 Browser - ok
18:19:15.0766 3080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:19:15.0766 3080 Brserid - ok
18:19:15.0797 3080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:15.0797 3080 BrSerWdm - ok
18:19:15.0875 3080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:15.0875 3080 BrUsbMdm - ok
18:19:15.0922 3080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:15.0922 3080 BrUsbSer - ok
18:19:15.0953 3080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:19:15.0953 3080 BTHMODEM - ok
18:19:16.0015 3080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:19:16.0015 3080 bthserv - ok
18:19:16.0047 3080 catchme - ok
18:19:16.0109 3080 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:19:16.0109 3080 CAXHWAZL - ok
18:19:16.0156 3080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:19:16.0156 3080 cdfs - ok
18:19:16.0187 3080 [ 9456FAE4BF8ABF6316405724E7EA597E ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
18:19:16.0187 3080 cdrbsdrv - ok
18:19:16.0249 3080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:19:16.0265 3080 cdrom - ok
18:19:16.0359 3080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:19:16.0359 3080 CertPropSvc - ok
18:19:16.0437 3080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:19:16.0437 3080 circlass - ok
18:19:16.0483 3080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:19:16.0499 3080 CLFS - ok
18:19:16.0561 3080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:16.0577 3080 clr_optimization_v2.0.50727_32 - ok
18:19:16.0702 3080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:19:16.0702 3080 clr_optimization_v2.0.50727_64 - ok
18:19:16.0827 3080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:17.0014 3080 clr_optimization_v4.0.30319_32 - ok
18:19:17.0045 3080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:19:17.0107 3080 clr_optimization_v4.0.30319_64 - ok
18:19:17.0170 3080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:17.0170 3080 CmBatt - ok
18:19:17.0217 3080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:19:17.0217 3080 cmdide - ok
18:19:17.0357 3080 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:19:17.0373 3080 CNG - ok
18:19:17.0575 3080 [ A44DFDB81DC62B11760881175E5B2266 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:19:17.0575 3080 CnxtHdAudService - ok
18:19:17.0685 3080 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:19:17.0685 3080 Com4QLBEx - ok
18:19:17.0778 3080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:19:17.0794 3080 Compbatt - ok
18:19:17.0856 3080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:19:17.0856 3080 CompositeBus - ok
18:19:17.0887 3080 COMSysApp - ok
18:19:17.0965 3080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:19:17.0981 3080 crcdisk - ok
18:19:18.0090 3080 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:19:18.0090 3080 CryptSvc - ok
18:19:18.0184 3080 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:19:18.0184 3080 ctxusbm - ok
18:19:18.0262 3080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:19:18.0262 3080 DcomLaunch - ok
18:19:18.0355 3080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:19:18.0433 3080 defragsvc - ok
18:19:18.0480 3080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:19:18.0480 3080 DfsC - ok
18:19:18.0605 3080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:19:18.0605 3080 Dhcp - ok
18:19:18.0652 3080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:19:18.0652 3080 discache - ok
18:19:18.0730 3080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:19:18.0745 3080 Disk - ok
18:19:18.0792 3080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:19:18.0792 3080 Dnscache - ok
18:19:18.0839 3080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:19:18.0855 3080 dot3svc - ok
18:19:18.0886 3080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:19:18.0886 3080 DPS - ok
18:19:18.0933 3080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:19:18.0933 3080 drmkaud - ok
18:19:18.0979 3080 [ 47FCC78D22FE5CB88F7AA9AB650A9F1C ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:19:18.0979 3080 dsNcAdpt - ok
18:19:19.0073 3080 [ D77D10D9AD3366A7FF7CE00E8694957E ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
18:19:19.0089 3080 dsNcService - ok
18:19:19.0245 3080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:19:19.0260 3080 DXGKrnl - ok
18:19:19.0354 3080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:19:19.0354 3080 EapHost - ok
18:19:19.0635 3080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:19:19.0775 3080 ebdrv - ok
18:19:19.0806 3080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:19:19.0806 3080 EFS - ok
18:19:19.0993 3080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:19:20.0025 3080 ehRecvr - ok
18:19:20.0071 3080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:19:20.0071 3080 ehSched - ok
18:19:20.0149 3080 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:19:20.0149 3080 ElbyCDIO - ok
18:19:20.0196 3080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:19:20.0212 3080 elxstor - ok
18:19:20.0259 3080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:19:20.0259 3080 ErrDev - ok
18:19:20.0352 3080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:19:20.0352 3080 EventSystem - ok
18:19:20.0399 3080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:19:20.0399 3080 exfat - ok
18:19:20.0430 3080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:19:20.0430 3080 fastfat - ok
18:19:20.0617 3080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:19:20.0649 3080 Fax - ok
18:19:20.0680 3080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:19:20.0680 3080 fdc - ok
18:19:20.0695 3080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:19:20.0695 3080 fdPHost - ok
18:19:20.0727 3080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:19:20.0727 3080 FDResPub - ok
18:19:20.0758 3080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:19:20.0773 3080 FileInfo - ok
18:19:20.0789 3080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:19:20.0789 3080 Filetrace - ok
18:19:20.0851 3080 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:19:20.0867 3080 FLEXnet Licensing Service - ok
18:19:20.0883 3080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:20.0883 3080 flpydisk - ok
18:19:21.0023 3080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:19:21.0023 3080 FltMgr - ok
18:19:21.0148 3080 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
18:19:21.0163 3080 FlyUsb - ok
18:19:21.0257 3080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:19:21.0288 3080 FontCache - ok
18:19:21.0351 3080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:19:21.0351 3080 FontCache3.0.0.0 - ok
18:19:21.0429 3080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:19:21.0429 3080 FsDepends - ok
18:19:21.0538 3080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:19:21.0538 3080 Fs_Rec - ok
18:19:21.0600 3080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:19:21.0616 3080 fvevol - ok
18:19:21.0678 3080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:19:21.0678 3080 gagp30kx - ok
18:19:21.0787 3080 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:19:21.0803 3080 GameConsoleService - ok
18:19:21.0897 3080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:19:21.0912 3080 gpsvc - ok
18:19:22.0084 3080 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:22.0084 3080 gupdate - ok
18:19:22.0162 3080 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:22.0162 3080 gupdatem - ok
18:19:22.0193 3080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:19:22.0193 3080 hcw85cir - ok
18:19:22.0271 3080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:19:22.0271 3080 HdAudAddService - ok
18:19:22.0365 3080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:19:22.0365 3080 HDAudBus - ok
18:19:22.0411 3080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:19:22.0411 3080 HidBatt - ok
18:19:22.0458 3080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:19:22.0458 3080 HidBth - ok
18:19:22.0505 3080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:19:22.0505 3080 HidIr - ok
18:19:22.0536 3080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:19:22.0552 3080 hidserv - ok
18:19:22.0677 3080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:19:22.0692 3080 HidUsb - ok
18:19:22.0723 3080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:19:22.0723 3080 hkmsvc - ok
18:19:22.0817 3080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:19:22.0817 3080 HomeGroupListener - ok
18:19:22.0879 3080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:19:22.0879 3080 HomeGroupProvider - ok
18:19:22.0926 3080 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:19:22.0926 3080 HpqKbFiltr - ok
18:19:22.0973 3080 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:19:22.0989 3080 hpqwmiex - ok
18:19:23.0051 3080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:19:23.0051 3080 HpSAMD - ok
18:19:23.0285 3080 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
18:19:23.0472 3080 HsfXAudioService - ok
18:19:23.0581 3080 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:19:23.0644 3080 HSF_DPV - ok
18:19:23.0893 3080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:19:23.0971 3080 HTTP - ok
18:19:24.0018 3080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:19:24.0034 3080 hwpolicy - ok
18:19:24.0112 3080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:19:24.0112 3080 i8042prt - ok
18:19:24.0205 3080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:19:24.0221 3080 iaStorV - ok
18:19:24.0315 3080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:19:24.0330 3080 idsvc - ok
18:19:24.0767 3080 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:19:25.0032 3080 igfx - ok
18:19:25.0079 3080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:19:25.0095 3080 iirsp - ok
18:19:25.0157 3080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:19:25.0173 3080 IKEEXT - ok
18:19:25.0251 3080 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:19:25.0251 3080 IntcHdmiAddService - ok
18:19:25.0282 3080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:19:25.0297 3080 intelide - ok
18:19:25.0391 3080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:19:25.0407 3080 intelppm - ok
18:19:25.0469 3080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:19:25.0485 3080 IPBusEnum - ok
18:19:25.0531 3080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:25.0531 3080 IpFilterDriver - ok
18:19:25.0578 3080 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:19:25.0594 3080 iphlpsvc - ok
18:19:25.0641 3080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:19:25.0641 3080 IPMIDRV - ok
18:19:25.0687 3080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:19:25.0687 3080 IPNAT - ok
18:19:25.0750 3080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:19:25.0750 3080 IRENUM - ok
18:19:25.0781 3080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:19:25.0781 3080 isapnp - ok
18:19:25.0859 3080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:19:25.0859 3080 iScsiPrt - ok
18:19:25.0921 3080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:19:25.0921 3080 kbdclass - ok
18:19:25.0984 3080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:19:25.0984 3080 kbdhid - ok
18:19:26.0031 3080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:19:26.0031 3080 KeyIso - ok
18:19:26.0093 3080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:19:26.0109 3080 KSecDD - ok
18:19:26.0155 3080 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:19:26.0155 3080 KSecPkg - ok
18:19:26.0218 3080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:19:26.0218 3080 ksthunk - ok
18:19:26.0296 3080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:19:26.0296 3080 KtmRm - ok
18:19:26.0374 3080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:19:26.0374 3080 LanmanServer - ok
18:19:26.0436 3080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:19:26.0436 3080 LanmanWorkstation - ok
18:19:26.0452 3080 Lbd - ok
18:19:26.0904 3080 [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
18:19:27.0091 3080 LeapFrog Connect Device Service - ok
18:19:27.0216 3080 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:19:27.0216 3080 LightScribeService - ok
18:19:27.0263 3080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:19:27.0263 3080 lltdio - ok
18:19:27.0513 3080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:19:27.0544 3080 lltdsvc - ok
18:19:27.0559 3080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:19:27.0559 3080 lmhosts - ok
18:19:27.0591 3080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:19:27.0606 3080 LSI_FC - ok
18:19:27.0669 3080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:19:27.0669 3080 LSI_SAS - ok
18:19:27.0700 3080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:19:27.0700 3080 LSI_SAS2 - ok
18:19:27.0731 3080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:19:27.0731 3080 LSI_SCSI - ok
18:19:27.0778 3080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:19:27.0809 3080 luafv - ok
18:19:27.0871 3080 [ 6F9B043FD18C17D7E719382608817C72 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
18:19:27.0903 3080 LVUSBS64 - ok
18:19:27.0981 3080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:19:27.0996 3080 Mcx2Svc - ok
18:19:28.0027 3080 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:19:28.0027 3080 mdmxsdk - ok
18:19:28.0043 3080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:19:28.0043 3080 megasas - ok
18:19:28.0074 3080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:19:28.0090 3080 MegaSR - ok
18:19:28.0215 3080 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:19:28.0230 3080 Microsoft Office Groove Audit Service - ok
18:19:28.0293 3080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:19:28.0293 3080 MMCSS - ok
18:19:28.0324 3080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:19:28.0324 3080 Modem - ok
18:19:28.0371 3080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:19:28.0371 3080 monitor - ok
18:19:28.0386 3080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:19:28.0386 3080 mouclass - ok
18:19:28.0433 3080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:19:28.0433 3080 mouhid - ok
18:19:28.0511 3080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:19:28.0511 3080 mountmgr - ok
18:19:28.0636 3080 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:19:28.0636 3080 MozillaMaintenance - ok
18:19:28.0683 3080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:19:28.0683 3080 mpio - ok
18:19:28.0714 3080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:19:28.0714 3080 mpsdrv - ok
18:19:28.0839 3080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:19:28.0854 3080 MpsSvc - ok
18:19:28.0901 3080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:19:28.0901 3080 MRxDAV - ok
18:19:28.0948 3080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:28.0948 3080 mrxsmb - ok
18:19:29.0088 3080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:29.0104 3080 mrxsmb10 - ok
18:19:29.0166 3080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:29.0166 3080 mrxsmb20 - ok
18:19:29.0213 3080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:19:29.0213 3080 msahci - ok
18:19:29.0260 3080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:19:29.0260 3080 msdsm - ok
18:19:29.0291 3080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:19:29.0291 3080 MSDTC - ok
18:19:29.0369 3080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:19:29.0369 3080 Msfs - ok
18:19:29.0400 3080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:19:29.0400 3080 mshidkmdf - ok
18:19:29.0447 3080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:19:29.0447 3080 msisadrv - ok
18:19:29.0494 3080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:19:29.0494 3080 MSiSCSI - ok
18:19:29.0509 3080 msiserver - ok
18:19:29.0541 3080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:19:29.0541 3080 MSKSSRV - ok
18:19:29.0572 3080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:29.0587 3080 MSPCLOCK - ok
18:19:29.0603 3080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:19:29.0603 3080 MSPQM - ok
18:19:29.0665 3080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:19:29.0665 3080 MsRPC - ok
18:19:29.0728 3080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:19:29.0728 3080 mssmbios - ok
18:19:29.0775 3080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:19:29.0775 3080 MSTEE - ok
18:19:29.0790 3080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:19:29.0790 3080 MTConfig - ok
18:19:29.0899 3080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:19:29.0899 3080 Mup - ok
18:19:29.0962 3080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:19:29.0977 3080 napagent - ok
18:19:30.0040 3080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:19:30.0040 3080 NativeWifiP - ok
18:19:30.0227 3080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:19:30.0243 3080 NDIS - ok
18:19:30.0289 3080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:19:30.0289 3080 NdisCap - ok
18:19:30.0336 3080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:30.0336 3080 NdisTapi - ok
18:19:30.0383 3080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:30.0383 3080 Ndisuio - ok
18:19:30.0430 3080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:30.0445 3080 NdisWan - ok
18:19:30.0508 3080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:19:30.0539 3080 NDProxy - ok
18:19:30.0570 3080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:19:30.0586 3080 NetBIOS - ok
18:19:30.0664 3080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:19:30.0664 3080 NetBT - ok
18:19:30.0695 3080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:19:30.0711 3080 Netlogon - ok
18:19:30.0757 3080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:19:30.0773 3080 Netman - ok
18:19:30.0867 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:19:30.0913 3080 NetMsmqActivator - ok
18:19:30.0929 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:19:30.0929 3080 NetPipeActivator - ok
18:19:30.0976 3080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:19:30.0991 3080 netprofm - ok
18:19:31.0007 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:19:31.0007 3080 NetTcpActivator - ok
18:19:31.0023 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:19:31.0023 3080 NetTcpPortSharing - ok
18:19:31.0615 3080 [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
18:19:31.0818 3080 NETw1v64 - ok
18:19:32.0583 3080 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
18:19:32.0801 3080 NETw5s64 - ok
18:19:33.0331 3080 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:19:33.0597 3080 netw5v64 - ok
18:19:33.0737 3080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:19:33.0737 3080 nfrd960 - ok
18:19:34.0080 3080 [ 42390431E604C9513D4F23FB7BDEC334 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
18:19:34.0080 3080 NitroReaderDriverReadSpool2 - ok
18:19:34.0283 3080 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:19:34.0283 3080 NlaSvc - ok
18:19:34.0345 3080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:19:34.0345 3080 Npfs - ok
18:19:34.0439 3080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:19:34.0486 3080 nsi - ok
18:19:34.0517 3080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:19:34.0548 3080 nsiproxy - ok
18:19:34.0767 3080 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:19:34.0829 3080 Ntfs - ok
18:19:35.0001 3080 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
18:19:35.0001 3080 NuidFltr - ok
18:19:35.0032 3080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:19:35.0032 3080 Null - ok
18:19:35.0110 3080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:19:35.0110 3080 nvraid - ok
18:19:35.0157 3080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:19:35.0157 3080 nvstor - ok
18:19:35.0250 3080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:19:35.0250 3080 nv_agp - ok
18:19:35.0484 3080 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:35.0484 3080 odserv - ok
18:19:35.0562 3080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:19:35.0562 3080 ohci1394 - ok
18:19:35.0703 3080 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:35.0703 3080 ose - ok
18:19:35.0765 3080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:19:35.0765 3080 p2pimsvc - ok
18:19:35.0796 3080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:19:35.0812 3080 p2psvc - ok
18:19:35.0843 3080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:19:35.0843 3080 Parport - ok
18:19:35.0890 3080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:19:35.0890 3080 partmgr - ok
18:19:35.0968 3080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:19:35.0968 3080 PcaSvc - ok
18:19:36.0015 3080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:19:36.0015 3080 pci - ok
18:19:36.0093 3080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:19:36.0093 3080 pciide - ok
18:19:36.0186 3080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:19:36.0186 3080 pcmcia - ok
18:19:36.0233 3080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:19:36.0249 3080 pcw - ok
18:19:36.0327 3080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:19:36.0342 3080 PEAUTH - ok
18:19:36.0483 3080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:19:36.0483 3080 PerfHost - ok
18:19:36.0639 3080 [ 309C5941E3FEB1EDB5ACA9CE31B70EB6 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
18:19:36.0654 3080 PID_PEPI - ok
18:19:36.0748 3080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:19:36.0779 3080 pla - ok
18:19:36.0873 3080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:19:36.0873 3080 PlugPlay - ok
18:19:36.0904 3080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:19:36.0904 3080 PNRPAutoReg - ok
18:19:36.0966 3080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:19:36.0966 3080 PNRPsvc - ok
18:19:37.0029 3080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:19:37.0044 3080 PolicyAgent - ok
18:19:37.0107 3080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:19:37.0122 3080 Power - ok
18:19:37.0216 3080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:19:37.0216 3080 PptpMiniport - ok
18:19:37.0325 3080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:19:37.0325 3080 Processor - ok
18:19:37.0419 3080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:19:37.0419 3080 ProfSvc - ok
18:19:37.0450 3080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:19:37.0450 3080 ProtectedStorage - ok
18:19:37.0528 3080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:19:37.0528 3080 Psched - ok
18:19:37.0621 3080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:19:37.0637 3080 ql2300 - ok
18:19:37.0668 3080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:19:37.0668 3080 ql40xx - ok
18:19:37.0715 3080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:19:37.0731 3080 QWAVE - ok
18:19:37.0762 3080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:19:37.0762 3080 QWAVEdrv - ok
18:19:37.0777 3080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd

2012-09-22, 01:26
18:19:37.0777 3080 RasAcd - ok
18:19:37.0809 3080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:37.0824 3080 RasAgileVpn - ok
18:19:37.0840 3080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:19:37.0855 3080 RasAuto - ok
18:19:37.0887 3080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:37.0887 3080 Rasl2tp - ok
18:19:37.0965 3080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:19:37.0980 3080 RasMan - ok
18:19:38.0043 3080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:38.0043 3080 RasPppoe - ok
18:19:38.0058 3080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:19:38.0074 3080 RasSstp - ok
18:19:38.0121 3080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:19:38.0136 3080 rdbss - ok
18:19:38.0167 3080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:38.0167 3080 rdpbus - ok
18:19:38.0183 3080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:38.0199 3080 RDPCDD - ok
18:19:38.0230 3080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:19:38.0230 3080 RDPENCDD - ok
18:19:38.0277 3080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:19:38.0277 3080 RDPREFMP - ok
18:19:38.0339 3080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:19:38.0339 3080 RDPWD - ok
18:19:38.0401 3080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:19:38.0417 3080 rdyboost - ok
18:19:38.0448 3080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:19:38.0448 3080 RemoteAccess - ok
18:19:38.0479 3080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:19:38.0495 3080 RemoteRegistry - ok
18:19:38.0651 3080 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:19:38.0651 3080 RichVideo - ok
18:19:38.0713 3080 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:19:38.0713 3080 RimUsb - ok
18:19:38.0869 3080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:19:38.0869 3080 RpcEptMapper - ok
18:19:38.0916 3080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:19:38.0916 3080 RpcLocator - ok
18:19:38.0979 3080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:19:38.0979 3080 RpcSs - ok
18:19:39.0057 3080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:19:39.0057 3080 rspndr - ok
18:19:39.0135 3080 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:19:39.0135 3080 RSUSBSTOR - ok
18:19:39.0244 3080 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:19:39.0244 3080 RTL8167 - ok
18:19:39.0259 3080 RtsUIR - ok
18:19:39.0306 3080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:19:39.0306 3080 SamSs - ok
18:19:39.0556 3080 [ 1B1B948C2A70EF92AE1D342A26AA89F1 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
18:19:39.0571 3080 SBAMSvc - ok
18:19:39.0634 3080 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
18:19:39.0649 3080 sbapifs - ok
18:19:39.0774 3080 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys
18:19:39.0774 3080 SbFw - ok
18:19:39.0821 3080 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
18:19:39.0821 3080 SBFWIMCL - ok
18:19:39.0837 3080 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
18:19:39.0837 3080 SBFWIMCLMP - ok
18:19:39.0915 3080 [ F2C38F62E9C540F40C2A5F6172D9D07B ] sbhips C:\Windows\system32\drivers\sbhips.sys
18:19:39.0915 3080 sbhips - ok
18:19:39.0961 3080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:19:39.0961 3080 sbp2port - ok
18:19:40.0055 3080 [ A31E5652995581E77B62F02EFEB5D09E ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
18:19:40.0055 3080 SBPIMSvc - ok
18:19:40.0133 3080 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
18:19:40.0133 3080 SBRE - ok
18:19:40.0195 3080 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
18:19:40.0211 3080 sbwtis - ok
18:19:40.0242 3080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:19:40.0258 3080 SCardSvr - ok
18:19:40.0398 3080 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
18:19:40.0414 3080 SCDEmu - ok
18:19:40.0476 3080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:19:40.0476 3080 scfilter - ok
18:19:40.0554 3080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:19:40.0570 3080 Schedule - ok
18:19:40.0617 3080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:19:40.0617 3080 SCPolicySvc - ok
18:19:40.0679 3080 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:19:40.0679 3080 sdbus - ok
18:19:40.0757 3080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:19:40.0757 3080 SDRSVC - ok
18:19:40.0851 3080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:19:40.0851 3080 secdrv - ok
18:19:40.0913 3080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:19:40.0913 3080 seclogon - ok
18:19:40.0944 3080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:19:40.0960 3080 SENS - ok
18:19:41.0069 3080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:19:41.0069 3080 SensrSvc - ok
18:19:41.0116 3080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:19:41.0116 3080 Serenum - ok
18:19:41.0147 3080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:19:41.0147 3080 Serial - ok
18:19:41.0209 3080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:19:41.0209 3080 sermouse - ok
18:19:41.0272 3080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:19:41.0272 3080 SessionEnv - ok
18:19:41.0334 3080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:19:41.0334 3080 sffdisk - ok
18:19:41.0365 3080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:19:41.0365 3080 sffp_mmc - ok
18:19:41.0381 3080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:19:41.0381 3080 sffp_sd - ok
18:19:41.0428 3080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:19:41.0428 3080 sfloppy - ok
18:19:41.0475 3080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:19:41.0490 3080 SharedAccess - ok
18:19:41.0537 3080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:19:41.0553 3080 ShellHWDetection - ok
18:19:41.0599 3080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:19:41.0599 3080 SiSRaid2 - ok
18:19:41.0677 3080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:19:41.0677 3080 SiSRaid4 - ok
18:19:42.0099 3080 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:19:42.0177 3080 Skype C2C Service - ok
18:19:42.0301 3080 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:19:42.0301 3080 SkypeUpdate - ok
18:19:42.0379 3080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:19:42.0379 3080 Smb - ok
18:19:42.0457 3080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:19:42.0457 3080 SNMPTRAP - ok
18:19:42.0473 3080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:19:42.0473 3080 spldr - ok
18:19:42.0582 3080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:19:42.0629 3080 Spooler - ok
18:19:42.0879 3080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:19:43.0003 3080 sppsvc - ok
18:19:43.0035 3080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:19:43.0035 3080 sppuinotify - ok
18:19:43.0097 3080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:19:43.0097 3080 srv - ok
18:19:43.0191 3080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:19:43.0206 3080 srv2 - ok
18:19:43.0253 3080 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:19:43.0253 3080 SrvHsfHDA - ok
18:19:43.0456 3080 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:19:43.0518 3080 SrvHsfV92 - ok
18:19:43.0549 3080 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:19:43.0565 3080 SrvHsfWinac - ok
18:19:43.0596 3080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:19:43.0596 3080 srvnet - ok
18:19:43.0627 3080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:19:43.0643 3080 SSDPSRV - ok
18:19:43.0659 3080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:19:43.0659 3080 SstpSvc - ok
18:19:43.0705 3080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:19:43.0705 3080 stexstor - ok
18:19:43.0846 3080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:19:43.0846 3080 stisvc - ok
18:19:43.0908 3080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:19:43.0908 3080 swenum - ok
18:19:44.0095 3080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:19:44.0111 3080 swprv - ok
18:19:44.0173 3080 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:19:44.0173 3080 SynTP - ok
18:19:44.0392 3080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:19:44.0454 3080 SysMain - ok
18:19:44.0501 3080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:19:44.0501 3080 TabletInputService - ok
18:19:44.0563 3080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:19:44.0579 3080 TapiSrv - ok
18:19:44.0595 3080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:19:44.0610 3080 TBS - ok
18:19:44.0985 3080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:19:45.0078 3080 Tcpip - ok
18:19:45.0203 3080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:19:45.0219 3080 TCPIP6 - ok
18:19:45.0281 3080 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:19:45.0281 3080 tcpipreg - ok
18:19:45.0359 3080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:19:45.0359 3080 TDPIPE - ok
18:19:45.0390 3080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:19:45.0421 3080 TDTCP - ok
18:19:45.0499 3080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:19:45.0499 3080 tdx - ok
18:19:45.0562 3080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:19:45.0562 3080 TermDD - ok
18:19:45.0609 3080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:19:45.0640 3080 TermService - ok
18:19:45.0687 3080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:19:45.0687 3080 Themes - ok
18:19:45.0780 3080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:19:45.0827 3080 THREADORDER - ok
18:19:45.0967 3080 [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:19:45.0967 3080 TomTomHOMEService - ok
18:19:46.0014 3080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:19:46.0014 3080 TrkWks - ok
18:19:46.0092 3080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:19:46.0123 3080 TrustedInstaller - ok
18:19:46.0170 3080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:46.0170 3080 tssecsrv - ok
18:19:46.0248 3080 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:19:46.0248 3080 TsUsbFlt - ok
18:19:46.0389 3080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:19:46.0389 3080 tunnel - ok
18:19:46.0420 3080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:19:46.0420 3080 uagp35 - ok
18:19:46.0482 3080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:19:46.0482 3080 udfs - ok
18:19:46.0513 3080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:19:46.0529 3080 UI0Detect - ok
18:19:46.0576 3080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:19:46.0576 3080 uliagpkx - ok
18:19:46.0638 3080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:19:46.0638 3080 umbus - ok
18:19:46.0716 3080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:19:46.0716 3080 UmPass - ok
18:19:46.0747 3080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:19:46.0763 3080 upnphost - ok
18:19:46.0825 3080 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:19:46.0825 3080 usbaudio - ok
18:19:46.0872 3080 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
18:19:46.0872 3080 usbbus - ok
18:19:46.0935 3080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:46.0935 3080 usbccgp - ok
18:19:46.0966 3080 USBCCID - ok
18:19:47.0028 3080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:19:47.0044 3080 usbcir - ok
18:19:47.0122 3080 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
18:19:47.0122 3080 UsbDiag - ok
18:19:47.0169 3080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:19:47.0169 3080 usbehci - ok
18:19:47.0231 3080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:19:47.0231 3080 usbhub - ok
18:19:47.0293 3080 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
18:19:47.0309 3080 USBModem - ok
18:19:47.0356 3080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:19:47.0356 3080 usbohci - ok
18:19:47.0449 3080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:19:47.0449 3080 usbprint - ok
18:19:47.0512 3080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:19:47.0512 3080 usbscan - ok
18:19:47.0559 3080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:47.0559 3080 USBSTOR - ok
18:19:47.0621 3080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:19:47.0621 3080 usbuhci - ok
18:19:47.0777 3080 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:19:47.0777 3080 usbvideo - ok
18:19:47.0824 3080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:19:47.0824 3080 UxSms - ok
18:19:47.0871 3080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:19:47.0871 3080 VaultSvc - ok
18:19:47.0980 3080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:19:47.0995 3080 vdrvroot - ok
18:19:48.0105 3080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:19:48.0120 3080 vds - ok
18:19:48.0198 3080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:48.0198 3080 vga - ok
18:19:48.0229 3080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:19:48.0229 3080 VgaSave - ok
18:19:48.0323 3080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:19:48.0323 3080 vhdmp - ok
18:19:48.0385 3080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:19:48.0385 3080 viaide - ok
18:19:48.0432 3080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:19:48.0448 3080 volmgr - ok
18:19:48.0510 3080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:19:48.0510 3080 volmgrx - ok
18:19:48.0573 3080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:19:48.0588 3080 volsnap - ok
18:19:48.0619 3080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:19:48.0619 3080 vsmraid - ok
18:19:48.0791 3080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:19:48.0853 3080 VSS - ok
18:19:48.0931 3080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:19:48.0931 3080 vwifibus - ok
18:19:48.0963 3080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:19:48.0963 3080 vwififlt - ok
18:19:49.0009 3080 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:19:49.0025 3080 vwifimp - ok
18:19:49.0072 3080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:19:49.0072 3080 W32Time - ok
18:19:49.0103 3080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:19:49.0103 3080 WacomPen - ok
18:19:49.0165 3080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:19:49.0165 3080 WANARP - ok
18:19:49.0259 3080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:19:49.0259 3080 Wanarpv6 - ok
18:19:49.0353 3080 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:49.0368 3080 WatAdminSvc - ok
18:19:49.0540 3080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:19:49.0587 3080 wbengine - ok
18:19:49.0649 3080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:19:49.0649 3080 WbioSrvc - ok
18:19:49.0696 3080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:19:49.0696 3080 wcncsvc - ok
18:19:49.0758 3080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:19:49.0758 3080 WcsPlugInService - ok
18:19:49.0805 3080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:19:49.0821 3080 Wd - ok
18:19:49.0852 3080 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:19:49.0867 3080 WDC_SAM - ok
18:19:49.0930 3080 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:19:49.0945 3080 Wdf01000 - ok
18:19:49.0977 3080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:19:49.0977 3080 WdiServiceHost - ok
18:19:49.0977 3080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:19:49.0992 3080 WdiSystemHost - ok
18:19:50.0039 3080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:19:50.0039 3080 WebClient - ok
18:19:50.0133 3080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:19:50.0133 3080 Wecsvc - ok
18:19:50.0164 3080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:19:50.0164 3080 wercplsupport - ok
18:19:50.0195 3080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:19:50.0195 3080 WerSvc - ok
18:19:50.0242 3080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:50.0242 3080 WfpLwf - ok
18:19:50.0257 3080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:19:50.0257 3080 WIMMount - ok
18:19:50.0429 3080 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:19:50.0445 3080 winachsf - ok
18:19:50.0476 3080 WinDefend - ok
18:19:50.0507 3080 WinHttpAutoProxySvc - ok
18:19:50.0569 3080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:19:50.0585 3080 Winmgmt - ok
18:19:50.0757 3080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:19:50.0803 3080 WinRM - ok
18:19:50.0897 3080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:50.0897 3080 WinUsb - ok
18:19:50.0975 3080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:19:50.0991 3080 Wlansvc - ok
18:19:51.0240 3080 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:51.0303 3080 wlidsvc - ok
18:19:51.0443 3080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:19:51.0443 3080 WmiAcpi - ok
18:19:51.0615 3080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:19:51.0615 3080 wmiApSrv - ok
18:19:51.0677 3080 WMPNetworkSvc - ok
18:19:51.0724 3080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:19:51.0739 3080 WPCSvc - ok
18:19:51.0786 3080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:19:51.0786 3080 WPDBusEnum - ok
18:19:51.0817 3080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:19:51.0817 3080 ws2ifsl - ok
18:19:51.0833 3080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:19:51.0849 3080 wscsvc - ok
18:19:51.0849 3080 WSearch - ok
18:19:52.0098 3080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:19:52.0192 3080 wuauserv - ok
18:19:52.0239 3080 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:19:52.0270 3080 WudfPf - ok
18:19:52.0348 3080 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:52.0348 3080 WUDFRd - ok
18:19:52.0426 3080 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:19:52.0426 3080 wudfsvc - ok
18:19:52.0473 3080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:19:52.0473 3080 WwanSvc - ok
18:19:52.0535 3080 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
18:19:52.0535 3080 XAudio - ok
18:19:52.0644 3080 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:19:52.0644 3080 yukonw7 - ok
18:19:52.0785 3080 ================ Scan global ===============================
18:19:52.0831 3080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:19:52.0894 3080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:19:52.0909 3080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:19:52.0972 3080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:19:53.0034 3080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:19:53.0034 3080 [Global] - ok
18:19:53.0034 3080 ================ Scan MBR ==================================
18:19:53.0050 3080 [ DE23AD1285D12AB3358945DC7628786C ] \Device\Harddisk0\DR0
18:19:53.0393 3080 \Device\Harddisk0\DR0 - ok
18:19:53.0393 3080 ================ Scan VBR ==================================
18:19:53.0455 3080 [ 9737EF396E5B5666A132CFFE0048431A ] \Device\Harddisk0\DR0\Partition1
18:19:53.0455 3080 \Device\Harddisk0\DR0\Partition1 - ok
18:19:53.0580 3080 [ EB4FF44826345E9BF9D9EE2DFFA708A8 ] \Device\Harddisk0\DR0\Partition2
18:19:53.0580 3080 \Device\Harddisk0\DR0\Partition2 - ok
18:19:53.0658 3080 [ 5300D8C649CB444362695BD485E56F47 ] \Device\Harddisk0\DR0\Partition3
18:19:53.0658 3080 \Device\Harddisk0\DR0\Partition3 - ok
18:19:53.0658 3080 ============================================================
18:19:53.0658 3080 Scan finished
18:19:53.0658 3080 ============================================================
18:19:53.0674 2448 Detected object count: 0
18:19:53.0674 2448 Actual detected object count: 0

2012-09-22, 03:40

Sorry to hear about the problems with your system. Let's see if we can get that fixed up.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:


Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2012-09-22, 16:59
It ran but then it locked up. And I don't think I allowed the update. Never got a log.

Trying again.

Question - what is it doing with the gardencitygroup.com website? My wife needs to VPN to that domain for her job once in a while.

2012-09-22, 17:07

Yes give it another try and post the log if it is created.

I removed the gardencitygroup.com for the time being to be sure it wasn't causing your system any problems. After we are done she can just allow it again with no problems if she wishes. :)

2012-09-22, 18:40
OK - it ran successfully. WHere is the log file kept? Tough to search right now - still slow as molasses.

2012-09-22, 22:26
found it

ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))

2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll

2012-09-23, 04:14

Looks like only part of the log is there. Could you check and make sure you were able to copy it completely and then paste it here. :)

2012-09-25, 04:57
Still here?

2012-09-25, 23:17
Will check it out. Thanks.

2012-09-26, 02:03
This is the txt file. I can try to run the last step again, but my PC has gotten even slower.

ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))

2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll

2012-09-26, 03:46
i got my pc to run a little faster in safe mode.

running combofix again with that script

2012-09-26, 17:34
combofix run in safe mode last night. log that was located in C:/Combofix/

ComboFix 12-09-24.03 - Phil 09/25/2012 20:51:45.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2246 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))

2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-26, 17:35
it was run off this script:


Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

2012-09-26, 21:43

We need to go about this another way...


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


2012-09-26, 23:45
On it. Is it OK if I run further tests in safe mode? It's still running slow, but barely tolerable.


2012-09-27, 01:47
OTL logfile created on: 9/26/2012 5:10:15 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 77.09% Memory free
5.86 Gb Paging File | 5.25 Gb Available in Paging File | 89.61% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.03 Gb Total Space | 111.42 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive Z: | 1397.26 Gb Total Space | 660.88 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

Computer Name: PHILS-HP | User Name: Phil | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Nitro PDF\Reader 2\NitroPDFReader.exe (Nitro PDF)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Nitro PDF\Reader 2\wxbase28u_xml_vc_pro7.dll ()
MOD - C:\Program Files (x86)\Nitro PDF\Reader 2\wxbase28u_vc_pro7.dll ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (91605408) -- C:\Windows\SysNative\drivers\00295725.sys (Kaspersky Lab, GERT)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Labtec Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Labtec Inc.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C}
IE:64bit: - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C}
IE - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]

IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes,DefaultScope = {222BE4DB-5FBA-41A8-A4F9-EE7EC6894B96}
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{222BE4DB-5FBA-41A8-A4F9-EE7EC6894B96}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{25A517D5-05F7-47C3-87F9-14862106EE78}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{6CF8F5CD-8449-4933-9121-9AE2C384BF15}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{DCF57222-1BA9-4DFC-9DC8-A53410600216}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Phil\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 20:05:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 23:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 10:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 20:05:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 23:17:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 10:58:46 | 000,000,000 | ---D | M]

[2012/08/14 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2012/08/14 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/05/02 08:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zerjo7nd.default\extensions
[2012/04/11 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/23 10:20:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/08 23:17:00 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 10:30:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/08 23:16:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 11:03:02 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/09/08 23:16:56 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\PepperFlash\\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Phil\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Skype Click to Call = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\
CHR - Extension: Poppit = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/09/26 00:17:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://go.adt.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D81026-D0E5-4267-9482-F2E0D3DF05E1}: DhcpNameServer =
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 16:53:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2012/09/26 00:30:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/25 22:02:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/25 20:43:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/21 18:04:28 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\00295725.sys
[2012/09/21 10:04:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/21 10:04:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/21 10:04:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/21 10:03:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/18 18:05:10 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
[2012/09/14 00:47:55 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Logs
[2012/09/14 00:47:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/14 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/14 00:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/09/09 08:36:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\HDRsoft Photomatix Pro 4.2.4 (64 bit)
[2012/09/09 08:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.2
[2012/09/09 08:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2012/09/09 08:35:04 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\HDRsoft
[2012/09/07 22:25:50 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Sleep Over
[2012/09/05 19:41:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\School
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/26 16:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2012/09/26 06:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/26 06:46:54 | 509,872,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/26 06:44:22 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 03:44:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/26 03:43:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/26 00:17:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/25 23:22:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 22:49:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 22:49:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 19:52:27 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
[2012/09/24 04:57:52 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/24 04:57:52 | 000,125,688 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/24 04:57:12 | 000,783,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 18:04:28 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\00295725.sys
[2012/09/17 12:10:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhil.job
[2012/09/14 00:46:46 | 000,001,140 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/09/14 00:46:35 | 000,000,941 | ---- | M] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2012/09/14 00:38:09 | 000,019,090 | ---- | M] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/09/09 09:16:24 | 006,193,654 | ---- | M] () -- C:\Users\Phil\Desktop\hdr1.jpg
[2012/09/08 23:17:08 | 000,002,080 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 20:21:16 | 000,000,304 | ---- | M] () -- C:\Users\Phil\Documents\CD Drive - Shortcut.lnk
[2012/08/29 16:08:18 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/21 10:04:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 10:04:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 10:04:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 10:04:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 10:04:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 00:46:46 | 000,001,140 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/09/14 00:46:35 | 000,000,941 | ---- | C] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2012/09/14 00:38:09 | 000,019,090 | ---- | C] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2012/09/09 09:16:19 | 006,193,654 | ---- | C] () -- C:\Users\Phil\Desktop\hdr1.jpg
[2012/09/07 20:21:16 | 000,000,304 | ---- | C] () -- C:\Users\Phil\Documents\CD Drive - Shortcut.lnk
[2012/08/29 16:08:18 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/08/22 22:32:14 | 000,003,584 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 23:39:01 | 000,777,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 16:50:30 | 000,000,008 | -H-- | C] () -- C:\Users\Phil\AppData\Local\L8457789110
[2011/06/29 22:41:31 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/12/27 23:15:14 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/12/27 23:15:11 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/11/25 12:27:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/08 23:12:56 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/01/03 01:57:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/12 02:03:12 | 000,001,024 | ---- | C] () -- C:\Users\Phil\.rnd
[2009/10/26 04:59:55 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/01/12 20:26:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AVG2012
[2010/12/12 23:16:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/07/05 11:58:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Downloaded Installations
[2012/08/17 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2010/06/06 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Facebook
[2011/09/30 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FileMaker
[2011/09/30 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FileMaker Pro
[2010/09/20 23:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Free MP3 WMA Cutter
[2012/08/23 23:03:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GFI Software
[2012/09/09 08:35:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\HDRsoft
[2011/08/11 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ICAClient
[2011/12/11 10:26:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\JCP
[2011/10/10 10:32:28 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Juniper Networks
[2012/09/18 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaMonkey
[2012/02/10 02:05:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mobipocket
[2011/09/30 17:51:28 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\net.dacons.mailit
[2012/08/24 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Nitro PDF
[2012/06/21 16:38:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenCandy
[2010/08/29 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Pegasys Inc
[2012/07/24 14:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PrimoPDF
[2010/02/10 11:49:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Southwest Airlines
[2010/09/12 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\StreamTorrent
[2012/08/14 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2009/12/27 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Trillian
[2010/07/01 22:21:50 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\UB
[2012/09/21 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2011/01/18 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Phil\Documents\Amex ADT Scan P Russo.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

2012-09-27, 01:48
OTL Extras logfile created on: 9/26/2012 5:10:15 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Phil\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 77.09% Memory free
5.86 Gb Paging File | 5.25 Gb Available in Paging File | 89.61% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.03 Gb Total Space | 111.42 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive Z: | 1397.26 Gb Total Space | 660.88 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

Computer Name: PHILS-HP | User Name: Phil | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]




"DisableNotifications" = 0
"EnableFirewall" = 0

"DisableNotifications" = 0
"EnableFirewall" = 0


"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========



========== Vista Active Open Ports Exception List ==========

"{03123E45-E2ED-4C79-AADC-511703992D6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{057338F1-F267-4BE4-9D3F-630F2BE45CDC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0A09B939-F553-4A91-AEA4-B1E708A274A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{10EA4BB9-694E-4C32-AAB0-D66713652CCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1896E096-B0E4-4BE4-AB40-F0CB3D1F6CFE}" = lport=138 | protocol=17 | dir=in | app=system |
"{19E3A565-EEE6-4B85-8F8A-1C728715BE9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{202AE81F-759C-4D1E-8EBF-3D8F11C766A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{30B8D438-C6B3-4ED0-B11B-693EE0E58591}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30CC0D67-EABA-40AF-9144-223A9B5FB17C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C8BA7D5-8AC4-4937-9F81-61CD20EF885F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F528FAC-A65E-4B35-BC37-172D01BC2AFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45ECF997-CE46-4061-8C4C-53C0836428AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4DA7CF3D-CD2A-475B-96B7-E759BB38EDA0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4EF8E9CF-6647-4020-A4A6-32CF0ED4B87C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F7F3C8A-11AA-4C13-A3CB-7DEF1BC6697E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57EFF873-4F76-45C2-BF9C-1A4DECAE440C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{58B4753D-C17D-4F3E-B162-D118B6E3C08A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{59991A2F-E52E-4619-9A78-294D46BB1396}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BC100F4-9D9E-4600-A9B2-81F12934CED2}" = rport=139 | protocol=6 | dir=out | app=system |
"{5EFC5DA7-008F-4F3A-9011-CA525B3690A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1E9937-3E73-44D9-9F76-53BC5D9B6EB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FC3C31E-7FCD-4F54-A973-A5DCD086A29D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6538131D-BE0A-43C1-8615-C952AED71AE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73817CE2-F63C-4FE1-9139-63A2C8CBE236}" = lport=10244 | protocol=6 | dir=in | app=system |
"{73C6B4C9-C693-4322-AA0A-A286A9D3468B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7AE3C2A4-B009-4474-81DD-7C8387372015}" = lport=445 | protocol=6 | dir=in | app=system |
"{8127ED9C-A9F2-4E44-8372-A84DF7549364}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84C769CD-FC35-446E-B5FC-24A9B86661B6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8B8EBBE3-3471-4435-AE7D-0FA6BB7C3196}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B910440-CFC3-46F8-B41B-A93F0D8EDA38}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{90E2BF44-4C57-4604-A8B6-75EBD3B36011}" = lport=2869 | protocol=6 | dir=in | app=system |
"{934A1D7E-6386-4167-886F-B8D28BF90641}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97A0ED5D-C1CC-4220-AC18-3B39F17E3A2D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97C45D46-5198-4B52-B0BA-1B1B348F3A9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97E360C6-EAD5-40A5-ACA7-E9A6B3B3B6A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AA6299C-FDC7-486E-BEEE-3D5A3414D8F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A255D4A1-8DC0-4A3D-8E43-BA15EFA8DA7E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A3F59156-9797-46A9-BABD-5FC743A1CC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5EC04D6-8046-4E6D-B706-AA9346CDB2F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC38FCD1-54C7-486B-9839-EA0757927289}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B17DED08-6051-4DB2-93E5-D67452F197E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6176B8C-FD48-4241-A884-3B325B460F28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B854BFEC-182A-4B7A-900F-FC4F88E54BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2232AF2-37F7-46CC-A592-016AEED0B4EB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C67ED727-ED82-4526-851C-CA8D296AFC72}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CA7F23E8-85AB-41D8-9F91-D078406B8CE3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB914F16-FFD0-41A3-B918-CBBADB7402A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8C8097D-891F-42E8-B75C-0CF55E2F55EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD5974B8-23BB-457E-9A54-42E6F1BD49A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA2C4F78-5F03-4AD7-9980-0C1FFB667CB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3EA8C60-2949-4C36-A5A7-B91BFD744BA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC47B71B-C62D-4F70-AF07-772360D3B67B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

"{0ACD0485-B23E-4126-BF15-13EE3C0130E5}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{122E53B5-B220-43CC-96D9-B6CD7A232E05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1238728A-C195-4CA0-92C8-6D3BC08774F6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1D110E90-CEEC-4838-B09F-03ABE601426D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{22C4458B-C9DB-464D-82C3-A1011C4C1A00}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{267FE7E8-DBFE-4D40-9716-F16D93E92CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27160DAB-7538-44CF-906B-BB42A08EF2B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{29F63F2E-0F39-41B2-AA43-0F35A08E0204}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{31B238A5-134B-48FC-89F4-011A84E31036}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D247EF4-21C3-47DE-AB13-CFB5471D5765}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{57327D1E-04D0-4D22-8F26-7E0D25EA4C38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5FCE1ED6-4762-48DF-B2DB-8D5979C342E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{60C12D5D-E7AC-4709-B221-F33850B2A90C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60F70342-615E-4520-97E9-628FC45D83DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{67EF4CF8-0423-4469-B25F-6BD1A62DCBEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D22C44B-9F56-449F-BD65-C5EFBE4EA221}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6F04AEA5-F93D-4ECE-B8B6-D45F8509F908}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6FBD7100-C493-4E61-A954-30909EA7A21D}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{7093FE75-7163-4190-97C7-81FA444F1FAE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{72F01B13-D106-4990-91E7-103D3D4C1D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{788AE2EB-F590-400E-8093-7A0C4A67BDFE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{79413397-D9D5-4B58-92EA-4011B3C118E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EFA0E56-3CF6-498A-91E6-BCBCB303A6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8CBF58C7-96FD-427C-BB98-A073B12C396C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8D17DD3F-6AC0-4193-A6E0-71975689BF29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F7F1B3A-3037-4B87-B76D-B05EB4DEF418}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9003AACB-A15C-444B-B9E4-CBB6C735D035}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{98651F2C-EBED-4298-87D6-92A8D580E265}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{99F51C0B-E9D3-4DBE-9D07-451790652185}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B1A2B12-D71E-4177-B61D-6D397CB98A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B800873-EBC4-491B-B788-B96B8953C38F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9C88CB6B-4651-4F69-B51F-10CFA08A36E4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9D782111-4477-4CE5-8719-8B94C8707193}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe |
"{9DB9895E-D3B2-4CA9-AD66-4C4784CED197}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9EAD6D61-38B3-4A20-B0AC-2F2503649750}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A31D37A6-01A6-4449-9D1C-99D8A42DA528}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B1FF5577-792F-435C-B1E9-CA8E615000D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD653740-B0B1-490D-B972-F343235F4D4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C29C1AB0-F21A-497A-BF17-1BC5758E0F93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB16CC33-583F-4493-89C8-D4FE469561EE}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D0820041-6DCD-41F5-AB0F-5D8CC8C013E6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8D6D6A1-C884-4924-9A56-6603A26E71D3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D8E1FA86-B500-4AED-8A83-314FE63031FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D948A11A-C3D0-45D4-BE0B-7F8541EDDCE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC3E693E-E047-400B-99DA-FC6A03F08BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E0596DE9-CF2A-4F25-9DAF-9AEDBA2B9D1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E3B8216A-862A-4676-BB51-CBDFDBCD5A0C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E43AF255-FA35-48CC-B26D-433B52C2EE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E46CBD96-A6A4-4A14-A64C-34F59ADEF020}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E715E800-FD77-4F02-AB93-74CA87D73E4A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E79B7ED9-5C6B-4952-8E77-DDC9B63E2263}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E91B0C4E-FEBA-458D-80AB-572A6DF5C916}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAEE4665-E148-45D7-BCAA-1732300DA826}" = protocol=6 | dir=out | app=system |
"{F1539AAE-57BF-406C-8CFA-B8B45165E4BD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F361C805-8327-4C57-88C8-57A2E428D3E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F3C1C604-E18C-4F6F-982E-9ED62AE0C7CC}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe |
"{F5187853-2E29-4E11-977C-DB264351A5E7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F98DEF3E-8CC0-4851-AC2F-F7A4A6F052B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD853605-8727-4244-B5E6-BF1C5F6A06DE}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{FE0FC3B6-C910-4B27-86DE-2A639FDB4DD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF020194-7EC9-4880-B65A-C67B58784D8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C87223E-0EE1-4703-9789-2C986D860B20}" = Nitro Reader 2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83BF64AF-208C-4D29-AD00-971A8FFC59F8}" = VIPRE Internet Security
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
"{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CloneDVD2" = CloneDVD2
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Foxit PDF Editor" = Foxit PDF Editor
"Free MP3 WMA Cutter_is1" = Free MP3 WMA Cutter
"gBurner" = gBurner
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"MediaMonkey_is1" = MediaMonkey 4.0
"Movie DVD Maker_is1" = Movie DVD Maker 2.8.0526
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Micro
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"StreamTorrent 1.0" = StreamTorrent 1.0
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"Trillian" = Trillian
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"UB" = UB

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2012 5:42:03 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program GFI Software Anti Malware Service because of this error. Program:
GFI Software Anti Malware Service File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Data Error value: C0000185 Disk type: 0

Error - 9/23/2012 4:15:29 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 21.0.1180.89, time
stamp: 0x503ebf10 Faulting module name: chrome.dll, version: 21.0.1180.89, time
stamp: 0x503ebeca Exception code: 0xc0000006 Fault offset: 0x00e5c35c Faulting process
id: 0x308 Faulting application start time: 0x01cd99b07795832d Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll Report
Id: 6af968a6-05bb-11e2-97b7-001f16edfac7

Error - 9/23/2012 4:15:42 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Google Chrome because of this
error. Program: Google Chrome File: C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll

error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 9/23/2012 4:20:03 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_MpsSvc, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x000000000002676f
process id: 0x53c Faulting application start time: 0x01cd99afeb9dc8e2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Id: 0e04661e-05bc-11e2-97b7-001f16edfac7

Error - 9/23/2012 4:20:03 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Host Process for Windows Services because of this error. Program:
Host Process for Windows Services File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Data Error value: C0000185 Disk type: 0

Error - 9/24/2012 4:08:57 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002f6d0
process id: 0x3f0 Faulting application start time: 0x01cd99afe12f00ef Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Id: 163a61f4-061f-11e2-97b7-001f16edfac7

Error - 9/24/2012 4:08:57 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Host Process for Windows Services because of this error. Program:
Host Process for Windows Services File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Data Error value: C0000185 Disk type: 0

Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = VSS | ID = 18
Description =

Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = VSS | ID = 8193
Description =

Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = System Restore | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 2/10/2010 5:37:49 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/10/2010 5:37:50 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/27/2010 6:05:12 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ System Events ]
Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:55 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

2012-09-27, 03:00

I see a lot of errors on your system that could be causing your problems.

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)

chkdsk /r

Accept any prompts that are shown.
Reboot your system when done and let me know if that helped at all.

2012-09-27, 04:37
thanks Jeff. I really appreciate you taking this much time out for a total stranger. I owe you a beer at the very least.

it said this volume is in use by another process. do you want to perform this function the next time you restart?

I chose Y and rebooted.

2012-09-27, 04:51
Yep...I was expecting that. When the scan completes let me know and also if that helped your system along at all.

If you have your Windows disk please get that as well as we may be using it too. :)

2012-09-27, 04:55
It rebooted and ran chkdsk fairly quickly. Get this - it said the volume was clean. That's a relief!

Now it's taking its usual 8 minutes to start up.

At some point do I just format and reinstall Win7?

2012-09-27, 04:59
"failed to connect to a windows service. windows could not connect to the system event notification service..."

2012-09-27, 05:17
It booted to Windows but it's still doggin.

Tried to run winamp after a reboot and so far I have been waiting 2 minutes or so.

2012-09-27, 05:20
4 minutes - still no winamp

I don't have a copy of Win 7 handy, but I can get one tomorrow.

2012-09-27, 14:39

At some point do I just format and reinstall Win7?Well that is a question you should answer for yourself. Unfortunately I am not seeing anything that is jumping out at me malware related. We may be dealing with damage done by the infections that were on your system and we would have to chase them down one-by-one. If it were my machine I think I would save my information (personal files, music, pictures...) and format my system and just start over. It would be much faster too. Your choice in what you might like to do....just let me know. :)

2012-09-29, 18:22
Are you still with me?

2012-09-30, 17:50
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.
