TechSpot

Blue screens of death, can't open programs, can't open task manager, intermittent

By fennisdembo88
Mar 20, 2012
  1. thanks in advance for your help. i'm trying to avoid having to wipe and reinstall windows 7 to fix this (someone suggested this as a cure).

    ran the 5 steps, logs follow

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.18.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Pierce :: ACERMEDIAROOM [administrator]

    3/20/2012 6:37:31 PM
    mbam-log-2012-03-20 (18-37-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203688
    Time elapsed: 4 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER log was blank - no modifications

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Pierce at 19:09:41 on 2012-03-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5886.4747 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\notepad.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    uInternet Settings,ProxyOverride = *.local
    BHO: {01B61CB0-4163-4636-81E5-CCE5B6F9B06a} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
    mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\Users\Pierce\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Pierce\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{865521DE-8F0F-4D93-A21B-3C85E0F89724} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {01B61CB0-4163-4636-81E5-CCE5B6F9B06a} - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
    mRun-x64: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Pierce\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
    R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
    R0 SysCow;SysCow;C:\Windows\system32\drivers\syscowad64v.sys --> C:\Windows\system32\drivers\syscowad64v.sys [?]
    R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]
    R3 a8djusb_x64;a8djusb_x64;C:\Windows\system32\Drivers\a8djusb_x64.sys --> C:\Windows\system32\Drivers\a8djusb_x64.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
    S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-2-9 457200]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
    S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-3 44768]
    S2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-7-15 21488]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-24 135664]
    S2 Icecast-trunk;Icecast-trunk Streaming Media Server;C:\Program Files (x86)\Icecast2 Win32\icecastService.exe [2011-6-5 417792]
    S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-2-26 5017600]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-12 62208]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-7-13 340976]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-18 399416]
    S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-25 240160]
    S2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC2\winvnc.exe [2010-9-13 1793976]
    S3 a8djavs_x64;a8djavs_x64;C:\Windows\system32\Drivers\a8djavs_x64.sys --> C:\Windows\system32\Drivers\a8djavs_x64.sys [?]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 eltima_usb_stub;ELTIMA Usb Stub;C:\Windows\system32\DRIVERS\usbstub.sys --> C:\Windows\system32\DRIVERS\usbstub.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-2 1038088]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-24 135664]
    S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
    S3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-7-13 1095664]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 BOTService;BOTService;C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-7-14 211440]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-17 09:34:24 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{723FD9CB-74EB-4E9F-9B40-B514F78F2E87}\mpengine.dll
    2012-03-12 03:40:54 -------- d-----w- C:\Users\Pierce\Desktopa
    2012-03-10 18:31:38 -------- d-----w- C:\Users\Pierce\AppData\Local\{0CA66095-7561-487F-A397-7D3B6AC17D73}
    2012-03-10 18:31:16 -------- d-----w- C:\Users\Pierce\AppData\Local\{03A94F98-612F-44A6-9088-B0BC3BB4764E}
    2012-03-05 04:47:15 -------- d-----w- C:\Users\Pierce\AppData\Local\SKIDROW
    2012-03-05 04:47:15 -------- d-----w- C:\Users\Pierce\AppData\Local\BigHugeEngine
    2012-03-05 04:07:11 -------- d-----w- C:\Windows\pss
    2012-02-27 21:04:18 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-27 21:04:17 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-27 21:04:16 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-02-27 21:04:16 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-02-27 21:04:03 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-02-27 21:04:03 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-02-27 21:04:03 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-02-27 21:04:03 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-02-26 04:50:59 -------- d-----w- C:\Users\Pierce\AppData\Local\AMD
    2012-02-26 04:50:19 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-02-26 04:50:14 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2012-02-26 04:50:14 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2012-02-26 04:49:14 -------- d-----w- C:\ProgramData\AMD
    2012-02-26 04:49:13 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
    2012-02-26 04:44:15 -------- d-----w- C:\AMD
    .
    ==================== Find3M ====================
    .
    2012-03-08 17:56:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 19:10:26.62 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/24/2010 12:20:38 PM
    System Uptime: 3/20/2012 6:32:09 PM (1 hours ago)
    .
    Motherboard: Acer | | FRS780M
    Processor: AMD Phenom(tm) II X4 810 Processor | CPU 1 | 2592/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 915 GiB total, 493.818 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&4E6C81F&0
    Manufacturer: Logitech
    Name: PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&4E6C81F&0
    Service: i8042prt
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C7200 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&4E6C81F&0
    Manufacturer: Logitech
    Name: PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&4E6C81F&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP294: 2/22/2012 5:13:29 AM - Windows Update
    RP295: 2/27/2012 1:04:28 PM - Windows Update
    RP296: 3/4/2012 2:12:37 AM - Windows Update
    RP297: 3/12/2012 9:59:23 AM - Scheduled Checkpoint
    RP298: 3/14/2012 3:54:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent
    Acer Assist
    Acer Backup Manager
    Acer eRecovery Management
    Acer Registration
    Acer Updater
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Audition 3.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIO_Scan
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Backup Manager Advance
    Bing Bar
    Boxee
    BufferChm
    C7200
    C7200_Help
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Connect
    Content Transfer
    Copy
    COWON Media Center - jetAudio Plus VX
    D3DX10
    Destinations
    DeviceDiscovery
    DirectX 9 Runtime
    DocProc
    Dropbox
    erLT
    ESET Online Scanner v3
    Face Filter
    Fax
    FileHippo.com Update Checker
    Foxit Reader 5.1
    FreeStar Free AMR MP3 Converter 1.0.5
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Gyazo 1.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    Hulu Desktop
    HydraVision
    Icecast 2.3.2
    Identity Card
    ImagXpress
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    kuler
    LeapFrog Connect
    LeapFrog Tag Junior Plugin
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Marvell Miniport Driver
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 10.0.3 (x86 en-US)
    Mp3tag v2.46a
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Audio 8 DJ Driver
    Native Instruments Controller Editor
    Native Instruments Service Center
    Native Instruments Traktor
    neroxml
    NWZ-S540 WALKMAN Guide
    Paragon Easy CD/DVD Recorder 9.0
    PDF Settings CS4
    Photoshop Camera Raw
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_Min
    QuickTime
    Realtek High Definition Audio Driver
    Roxio BackOnTrack
    Roxio BackOnTrackPE
    Roxio Burn - Secure
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2012 Pro
    Roxio System Rollback Recovery Disk
    Roxio Video Capture USB
    Scan
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    SHOUTcast DNAS (remove only)
    SmartSound Common Data
    SmartSound Quicktracks 5
    SmartWebPrinting
    SolutionCenter
    SoulSeek 157 NS 13e
    Sound Forge Pro 10.0
    Status
    Steinberg Cubase 5
    Steinberg Drum Loop Expansion 01
    Steinberg Groove Agent ONE Content
    Steinberg HALionOne
    Steinberg HALionOne Additional Content Set 01
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg LoopMash Content
    Steinberg REVerence Content 01
    StreamTorrent 1.0
    Suite Shared Configuration CS4
    TagScanner 5.1 build 571
    Toolbox
    TrayApp
    TVersity Codec Pack 1.4
    TVersity Media Server 1.9.2
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    Veetle TV 0.9.18
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xiph.Org Open Codecs 0.85.17777
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/20/2012 6:46:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/20/2012 6:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/20/2012 6:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/20/2012 6:33:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/20/2012 6:33:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/20/2012 6:33:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/20/2012 6:33:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/20/2012 6:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/20/2012 6:32:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SaibVdAd64 spldr sptd Wanarpv6
    3/20/2012 6:32:13 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    3/18/2012 1:52:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/18/2012 1:50:00 PM, Error: Service Control Manager [7022] - The Windows Media Player Network Sharing Service service hung on starting.
    3/18/2012 1:47:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    3/18/2012 1:47:59 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2012 1:47:28 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting.
    3/18/2012 1:47:28 PM, Error: Service Control Manager [7022] - The HomeGroup Listener service hung on starting.
    3/18/2012 1:47:28 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    3/18/2012 1:47:28 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    3/18/2012 1:44:41 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    3/18/2012 1:44:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/18/2012 1:44:21 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2012 1:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/18/2012 1:43:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000006, 0xfffffa8007509b60, 0xfffffa8007689cc0, 0xfffff800033cc880). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-21169-01.
    3/17/2012 4:15:09 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
    3/17/2012 11:20:03 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
    3/16/2012 9:38:15 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/13/2012 9:41:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    3/13/2012 9:36:46 PM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 4 time(s).
    3/13/2012 9:36:46 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
    3/13/2012 9:36:03 PM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    3/13/2012 9:36:03 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    3/13/2012 9:36:03 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    3/13/2012 9:36:03 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The Remote Desktop Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/13/2012 9:36:02 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ======================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    mbr and bootkit remover logs

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 21:26:44
    -----------------------------
    21:26:44.560 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:26:44.560 Number of processors: 4 586 0x402
    21:26:44.561 ComputerName: ACERMEDIAROOM UserName: Pierce
    21:26:45.777 Initialize success
    21:26:46.386 AVAST engine defs: 12031801
    21:27:05.740 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
    21:27:05.742 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 11
    21:27:05.751 Disk 0 MBR read successfully
    21:27:05.766 Disk 0 MBR scan
    21:27:06.135 Disk 0 unknown MBR code
    21:27:06.148 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
    21:27:06.323 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
    21:27:06.333 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 937383 MB offset 33761280
    21:27:06.436 Disk 0 scanning C:\Windows\system32\drivers
    21:27:18.435 Service scanning
    21:27:34.461 Modules scanning
    21:27:34.484 Disk 0 trace - called modules:
    21:27:34.507 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys amdxata.sys storport.sys hal.dll amdsata.sys
    21:27:34.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d5f790]
    21:27:34.532 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> [0xfffffa8005d5f040]
    21:27:34.537 5 Sahdad64.sys[fffff8800169ee25] -> nt!IofCallDriver -> [0xfffffa8005ca0770]
    21:27:34.542 7 amdxata.sys[fffff880010787a8] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8005c9e060]
    21:27:35.545 AVAST engine scan C:\Windows
    21:27:37.668 AVAST engine scan C:\Windows\system32
    21:29:13.527 AVAST engine scan C:\Windows\system32\drivers
    21:29:21.494 AVAST engine scan C:\Users\Pierce
    22:24:14.680 AVAST engine scan C:\ProgramData
    22:29:12.923 Scan finished successfully
    23:48:26.824 Disk 0 MBR has been saved successfully to "C:\Users\Pierce\Desktop\MBR.dat"
    23:48:26.829 The log file has been saved successfully to "C:\Users\Pierce\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`06500000

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    tdss log pt 1



    18:20:28.0932 1584 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    18:20:29.0505 1584 ============================================================
    18:20:29.0505 1584 Current date / time: 2012/03/21 18:20:29.0505
    18:20:29.0505 1584 SystemInfo:
    18:20:29.0505 1584
    18:20:29.0506 1584 OS Version: 6.1.7601 ServicePack: 1.0
    18:20:29.0506 1584 Product type: Workstation
    18:20:29.0506 1584 ComputerName: ACERMEDIAROOM
    18:20:29.0506 1584 UserName: Pierce
    18:20:29.0506 1584 Windows directory: C:\Windows
    18:20:29.0506 1584 System windows directory: C:\Windows
    18:20:29.0506 1584 Running under WOW64
    18:20:29.0506 1584 Processor architecture: Intel x64
    18:20:29.0506 1584 Number of processors: 4
    18:20:29.0506 1584 Page size: 0x1000
    18:20:29.0506 1584 Boot type: Safe boot with network
    18:20:29.0506 1584 ============================================================
    18:20:30.0489 1584 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:20:30.0526 1584 \Device\Harddisk0\DR0:
    18:20:30.0526 1584 MBR used
    18:20:30.0526 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
    18:20:30.0526 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x726D3800
    18:20:30.0551 1584 Initialize success
    18:20:30.0552 1584 ============================================================
    18:20:52.0522 0324 ============================================================
    18:20:52.0522 0324 Scan started
    18:20:52.0522 0324 Mode: Manual;
    18:20:52.0522 0324 ============================================================
    18:20:53.0894 0324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:20:53.0894 0324 1394ohci - ok
    18:20:53.0988 0324 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (c863272577dc93199f9a2d108468edb9) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    18:20:53.0988 0324 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
    18:20:54.0035 0324 a8djavs_x64 (3fa277519234d7ade0308220f8122e65) C:\Windows\system32\Drivers\a8djavs_x64.sys
    18:20:54.0035 0324 a8djavs_x64 - ok
    18:20:54.0050 0324 a8djusb_x64 (20223034fbdc1774b3d7e1a6bb3eee8c) C:\Windows\system32\Drivers\a8djusb_x64.sys
    18:20:54.0050 0324 a8djusb_x64 - ok
    18:20:54.0097 0324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:20:54.0113 0324 ACPI - ok
    18:20:54.0144 0324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:20:54.0160 0324 AcpiPmi - ok
    18:20:54.0191 0324 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    18:20:54.0191 0324 adfs - ok
    18:20:54.0269 0324 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    18:20:54.0269 0324 Adobe LM Service - ok
    18:20:54.0300 0324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:20:54.0300 0324 adp94xx - ok
    18:20:54.0331 0324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:20:54.0331 0324 adpahci - ok
    18:20:54.0347 0324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:20:54.0347 0324 adpu320 - ok
    18:20:54.0394 0324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:20:54.0394 0324 AeLookupSvc - ok
    18:20:54.0440 0324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:20:54.0456 0324 AFD - ok
    18:20:54.0487 0324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:20:54.0487 0324 agp440 - ok
    18:20:54.0518 0324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:20:54.0518 0324 ALG - ok
    18:20:54.0518 0324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:20:54.0518 0324 aliide - ok
    18:20:54.0550 0324 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
    18:20:54.0565 0324 AMD External Events Utility - ok
    18:20:54.0612 0324 AMD FUEL Service - ok
    18:20:54.0628 0324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:20:54.0628 0324 amdide - ok
    18:20:54.0659 0324 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    18:20:54.0659 0324 amdiox64 - ok
    18:20:54.0674 0324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:20:54.0674 0324 AmdK8 - ok
    18:20:54.0877 0324 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:20:55.0049 0324 amdkmdag - ok
    18:20:55.0080 0324 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:20:55.0096 0324 amdkmdap - ok
    18:20:55.0111 0324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:20:55.0111 0324 AmdPPM - ok
    18:20:55.0142 0324 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
    18:20:55.0142 0324 amdsata - ok
    18:20:55.0158 0324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:20:55.0158 0324 amdsbs - ok
    18:20:55.0158 0324 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
    18:20:55.0158 0324 amdxata - ok
    18:20:55.0189 0324 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    18:20:55.0189 0324 AODDriver4.01 - ok
    18:20:55.0236 0324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:20:55.0236 0324 AppID - ok
    18:20:55.0267 0324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:20:55.0267 0324 AppIDSvc - ok
    18:20:55.0298 0324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:20:55.0314 0324 Appinfo - ok
    18:20:55.0408 0324 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:20:55.0408 0324 Apple Mobile Device - ok
    18:20:55.0423 0324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:20:55.0423 0324 arc - ok
    18:20:55.0454 0324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:20:55.0454 0324 arcsas - ok
    18:20:55.0548 0324 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
    18:20:55.0548 0324 aswFsBlk - ok
    18:20:55.0735 0324 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
    18:20:55.0766 0324 aswMonFlt - ok
    18:20:55.0798 0324 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
    18:20:55.0798 0324 aswRdr - ok
    18:20:55.0844 0324 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
    18:20:55.0844 0324 aswSnx - ok
    18:20:55.0860 0324 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
    18:20:55.0860 0324 aswSP - ok
    18:20:55.0876 0324 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
    18:20:55.0876 0324 aswTdi - ok
    18:20:55.0891 0324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:20:55.0891 0324 AsyncMac - ok
    18:20:55.0938 0324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:20:55.0938 0324 atapi - ok
    18:20:55.0985 0324 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
    18:20:56.0000 0324 AtiHDAudioService - ok
    18:20:56.0032 0324 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
    18:20:56.0032 0324 AtiHdmiService - ok
    18:20:56.0219 0324 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:20:56.0281 0324 atikmdag - ok
    18:20:56.0312 0324 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:20:56.0312 0324 AtiPcie - ok
    18:20:56.0390 0324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:20:56.0390 0324 AudioEndpointBuilder - ok
    18:20:56.0406 0324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:20:56.0406 0324 AudioSrv - ok
    18:20:56.0453 0324 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    18:20:56.0468 0324 avast! Antivirus - ok
    18:20:56.0484 0324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:20:56.0484 0324 AxInstSV - ok
    18:20:56.0515 0324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:20:56.0531 0324 b06bdrv - ok
    18:20:56.0546 0324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:20:56.0546 0324 b57nd60a - ok
    18:20:56.0609 0324 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    18:20:56.0609 0324 BBSvc - ok
    18:20:56.0640 0324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:20:56.0640 0324 BDESVC - ok
    18:20:56.0656 0324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:20:56.0656 0324 Beep - ok
    18:20:56.0718 0324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    18:20:56.0734 0324 BFE - ok
    18:20:56.0796 0324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    18:20:56.0796 0324 BITS - ok
    18:20:56.0812 0324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:20:56.0812 0324 blbdrive - ok
    18:20:56.0874 0324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    18:20:56.0874 0324 Bonjour Service - ok
    18:20:56.0952 0324 BOT4Service (c752a6902163b5e9c3554ba69a275f41) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    18:20:56.0952 0324 BOT4Service - ok
    18:20:56.0999 0324 BOTService (92e3765e2f9e7ee2542c9c2f6318464c) C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe
    18:20:56.0999 0324 BOTService - ok
    18:20:57.0046 0324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:20:57.0046 0324 bowser - ok
    18:20:57.0077 0324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:20:57.0077 0324 BrFiltLo - ok
    18:20:57.0092 0324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:20:57.0092 0324 BrFiltUp - ok
    18:20:57.0108 0324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:20:57.0108 0324 Browser - ok
    18:20:57.0124 0324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:20:57.0124 0324 Brserid - ok
    18:20:57.0139 0324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:20:57.0139 0324 BrSerWdm - ok
    18:20:57.0139 0324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:20:57.0139 0324 BrUsbMdm - ok
    18:20:57.0155 0324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:20:57.0155 0324 BrUsbSer - ok
    18:20:57.0155 0324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:20:57.0170 0324 BTHMODEM - ok
    18:20:57.0202 0324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:20:57.0202 0324 bthserv - ok
    18:20:57.0217 0324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:20:57.0217 0324 cdfs - ok
    18:20:57.0264 0324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    18:20:57.0264 0324 cdrom - ok
    18:20:57.0311 0324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:20:57.0311 0324 CertPropSvc - ok
    18:20:57.0342 0324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:20:57.0342 0324 circlass - ok
    18:20:57.0358 0324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:20:57.0358 0324 CLFS - ok
    18:20:57.0404 0324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:20:57.0404 0324 clr_optimization_v2.0.50727_32 - ok
    18:20:57.0451 0324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:20:57.0451 0324 clr_optimization_v2.0.50727_64 - ok
    18:20:57.0529 0324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:20:57.0529 0324 clr_optimization_v4.0.30319_32 - ok
    18:20:57.0545 0324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:20:57.0545 0324 clr_optimization_v4.0.30319_64 - ok
    18:20:57.0545 0324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:20:57.0545 0324 CmBatt - ok
    18:20:57.0592 0324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:20:57.0592 0324 cmdide - ok
    18:20:57.0607 0324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:20:57.0623 0324 CNG - ok
    18:20:57.0654 0324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:20:57.0654 0324 Compbatt - ok
    18:20:57.0701 0324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:20:57.0716 0324 CompositeBus - ok
    18:20:57.0716 0324 COMSysApp - ok
    18:20:57.0732 0324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:20:57.0732 0324 crcdisk - ok
    18:20:57.0763 0324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    18:20:57.0779 0324 CryptSvc - ok
    18:20:57.0810 0324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:20:57.0810 0324 DcomLaunch - ok
    18:20:57.0841 0324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:20:57.0841 0324 defragsvc - ok
    18:20:57.0904 0324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:20:57.0904 0324 DfsC - ok
    18:20:57.0919 0324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:20:57.0919 0324 Dhcp - ok
    18:20:57.0950 0324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:20:57.0950 0324 discache - ok
    18:20:57.0966 0324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:20:57.0966 0324 Disk - ok
    18:20:58.0013 0324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:20:58.0013 0324 Dnscache - ok
    18:20:58.0028 0324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:20:58.0028 0324 dot3svc - ok
    18:20:58.0044 0324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:20:58.0044 0324 DPS - ok
    18:20:58.0075 0324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:20:58.0075 0324 drmkaud - ok
    18:20:58.0122 0324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:20:58.0138 0324 DXGKrnl - ok
    18:20:58.0138 0324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:20:58.0153 0324 EapHost - ok
    18:20:58.0200 0324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:20:58.0278 0324 ebdrv - ok
    18:20:58.0294 0324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:20:58.0294 0324 EFS - ok
    18:20:58.0372 0324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:20:58.0372 0324 ehRecvr - ok
    18:20:58.0403 0324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:20:58.0403 0324 ehSched - ok
    18:20:58.0450 0324 eltima_usb_stub (14f602863bca44eb837c6cfbce26ab33) C:\Windows\system32\DRIVERS\usbstub.sys
    18:20:58.0450 0324 eltima_usb_stub - ok
    18:20:58.0496 0324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:20:58.0496 0324 elxstor - ok
    18:20:58.0543 0324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:20:58.0543 0324 ErrDev - ok
    18:20:58.0590 0324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:20:58.0590 0324 EventSystem - ok
    18:20:58.0606 0324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:20:58.0606 0324 exfat - ok
    18:20:58.0621 0324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:20:58.0621 0324 fastfat - ok
    18:20:58.0684 0324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:20:58.0684 0324 Fax - ok
    18:20:58.0715 0324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:20:58.0715 0324 fdc - ok
    18:20:58.0730 0324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:20:58.0730 0324 fdPHost - ok
    18:20:58.0746 0324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:20:58.0746 0324 FDResPub - ok
    18:20:58.0762 0324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:20:58.0762 0324 FileInfo - ok
    18:20:58.0777 0324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:20:58.0777 0324 Filetrace - ok
    18:20:58.0855 0324 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:20:58.0855 0324 FLEXnet Licensing Service - ok
    18:20:58.0964 0324 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    18:20:58.0980 0324 FLEXnet Licensing Service 64 - ok
    18:20:58.0980 0324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:20:58.0980 0324 flpydisk - ok
    18:20:59.0011 0324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:20:59.0011 0324 FltMgr - ok
    18:20:59.0058 0324 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
    18:20:59.0058 0324 FlyUsb - ok
    18:20:59.0120 0324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:20:59.0136 0324 FontCache - ok
    18:20:59.0198 0324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:20:59.0198 0324 FontCache3.0.0.0 - ok
    18:20:59.0214 0324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:20:59.0230 0324 FsDepends - ok
    18:20:59.0276 0324 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:20:59.0276 0324 fssfltr - ok
    18:20:59.0417 0324 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    18:20:59.0432 0324 fsssvc - ok
    18:20:59.0448 0324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    18:20:59.0448 0324 Fs_Rec - ok
    18:20:59.0479 0324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:20:59.0479 0324 fvevol - ok
    18:20:59.0510 0324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:20:59.0510 0324 gagp30kx - ok
    18:20:59.0542 0324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:20:59.0557 0324 GEARAspiWDM - ok
    18:20:59.0620 0324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:20:59.0620 0324 gpsvc - ok
    18:20:59.0682 0324 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    18:20:59.0698 0324 Greg_Service - ok
    18:20:59.0760 0324 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:20:59.0760 0324 gupdate - ok
    18:20:59.0776 0324 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:20:59.0776 0324 gupdatem - ok
    18:20:59.0807 0324 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:20:59.0807 0324 gusvc - ok
    18:20:59.0854 0324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:20:59.0854 0324 hcw85cir - ok
    18:20:59.0916 0324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:20:59.0916 0324 HdAudAddService - ok
    18:20:59.0947 0324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:20:59.0947 0324 HDAudBus - ok
    18:20:59.0963 0324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:20:59.0963 0324 HidBatt - ok
    18:20:59.0978 0324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:20:59.0978 0324 HidBth - ok
    18:20:59.0978 0324 HidIr (0a77d29f311b88cfae3b13f9c1a73825)
     
  6. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    tdss log pt.2


    C:\Windows\system32\DRIVERS\hidir.sys
    18:20:59.0978 0324 HidIr - ok
    18:21:00.0025 0324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:21:00.0025 0324 hidserv - ok
    18:21:00.0025 0324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:21:00.0025 0324 HidUsb - ok
    18:21:00.0072 0324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:21:00.0072 0324 hkmsvc - ok
    18:21:00.0119 0324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:21:00.0119 0324 HomeGroupListener - ok
    18:21:00.0134 0324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:21:00.0134 0324 HomeGroupProvider - ok
    18:21:00.0212 0324 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    18:21:00.0228 0324 hpqcxs08 - ok
    18:21:00.0244 0324 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    18:21:00.0244 0324 hpqddsvc - ok
    18:21:00.0275 0324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:21:00.0275 0324 HpSAMD - ok
    18:21:00.0322 0324 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    18:21:00.0337 0324 HPSLPSVC - ok
    18:21:00.0400 0324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:21:00.0400 0324 HTTP - ok
    18:21:00.0431 0324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:21:00.0431 0324 hwpolicy - ok
    18:21:00.0493 0324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:21:00.0493 0324 i8042prt - ok
    18:21:00.0524 0324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:21:00.0524 0324 iaStorV - ok
    18:21:00.0618 0324 Icecast-trunk (817f805c75a82ac2827d243d5c0a4445) C:\Program Files (x86)\Icecast2 Win32\icecastService.exe
    18:21:00.0634 0324 Icecast-trunk - ok
    18:21:00.0712 0324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:21:00.0727 0324 idsvc - ok
    18:21:00.0758 0324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:21:00.0758 0324 iirsp - ok
    18:21:00.0836 0324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:21:00.0852 0324 IKEEXT - ok
    18:21:00.0914 0324 IntcAzAudAddService (e200f72882c1e4e45fa2c4b66f19f7fb) C:\Windows\system32\drivers\RTKVHD64.sys
    18:21:00.0961 0324 IntcAzAudAddService - ok
    18:21:00.0992 0324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:21:00.0992 0324 intelide - ok
    18:21:01.0024 0324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:21:01.0024 0324 intelppm - ok
    18:21:01.0039 0324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:21:01.0055 0324 IPBusEnum - ok
    18:21:01.0102 0324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:21:01.0102 0324 IpFilterDriver - ok
    18:21:01.0148 0324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    18:21:01.0148 0324 iphlpsvc - ok
    18:21:01.0180 0324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:21:01.0180 0324 IPMIDRV - ok
    18:21:01.0195 0324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:21:01.0195 0324 IPNAT - ok
    18:21:01.0273 0324 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
    18:21:01.0273 0324 iPod Service - ok
    18:21:01.0304 0324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:21:01.0304 0324 IRENUM - ok
    18:21:01.0336 0324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:21:01.0336 0324 isapnp - ok
    18:21:01.0367 0324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:21:01.0367 0324 iScsiPrt - ok
    18:21:01.0460 0324 jumi (ccb39c7006d436d238ac75d2abfde1fe) C:\Windows\system32\DRIVERS\jumi.sys
    18:21:01.0460 0324 jumi - ok
    18:21:01.0523 0324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    18:21:01.0523 0324 kbdclass - ok
    18:21:01.0538 0324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    18:21:01.0538 0324 kbdhid - ok
    18:21:01.0570 0324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:21:01.0570 0324 KeyIso - ok
    18:21:01.0616 0324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:21:01.0616 0324 KSecDD - ok
    18:21:01.0632 0324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:21:01.0648 0324 KSecPkg - ok
    18:21:01.0663 0324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:21:01.0663 0324 ksthunk - ok
    18:21:01.0694 0324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:21:01.0694 0324 KtmRm - ok
    18:21:01.0757 0324 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
    18:21:01.0757 0324 L8042Kbd - ok
    18:21:01.0804 0324 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
    18:21:01.0804 0324 L8042mou - ok
    18:21:01.0850 0324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    18:21:01.0850 0324 LanmanServer - ok
    18:21:01.0897 0324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:21:01.0897 0324 LanmanWorkstation - ok
    18:21:01.0991 0324 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    18:21:02.0006 0324 LBTServ - ok
    18:21:02.0162 0324 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    18:21:02.0240 0324 LeapFrog Connect Device Service - ok
    18:21:02.0287 0324 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
    18:21:02.0287 0324 LEqdUsb - ok
    18:21:02.0318 0324 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
    18:21:02.0318 0324 LHidEqd - ok
    18:21:02.0350 0324 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    18:21:02.0350 0324 LHidFilt - ok
    18:21:02.0381 0324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:21:02.0381 0324 lltdio - ok
    18:21:02.0412 0324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:21:02.0412 0324 lltdsvc - ok
    18:21:02.0428 0324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:21:02.0428 0324 lmhosts - ok
    18:21:02.0459 0324 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    18:21:02.0459 0324 LMouFilt - ok
    18:21:02.0474 0324 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
    18:21:02.0474 0324 LMouKE - ok
    18:21:02.0506 0324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:21:02.0506 0324 LSI_FC - ok
    18:21:02.0521 0324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:21:02.0521 0324 LSI_SAS - ok
    18:21:02.0521 0324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:21:02.0537 0324 LSI_SAS2 - ok
    18:21:02.0537 0324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:21:02.0537 0324 LSI_SCSI - ok
    18:21:02.0568 0324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:21:02.0568 0324 luafv - ok
    18:21:02.0599 0324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:21:02.0599 0324 Mcx2Svc - ok
    18:21:02.0615 0324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:21:02.0615 0324 megasas - ok
    18:21:02.0630 0324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:21:02.0630 0324 MegaSR - ok
    18:21:02.0708 0324 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    18:21:02.0708 0324 Microsoft Office Groove Audit Service - ok
    18:21:02.0724 0324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:21:02.0724 0324 MMCSS - ok
    18:21:02.0724 0324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:21:02.0724 0324 Modem - ok
    18:21:02.0771 0324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:21:02.0771 0324 monitor - ok
    18:21:02.0833 0324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:21:02.0833 0324 mouclass - ok
    18:21:02.0849 0324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:21:02.0849 0324 mouhid - ok
    18:21:02.0880 0324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:21:02.0880 0324 mountmgr - ok
    18:21:02.0911 0324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:21:02.0927 0324 mpio - ok
    18:21:02.0942 0324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:21:02.0942 0324 mpsdrv - ok
    18:21:03.0005 0324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    18:21:03.0005 0324 MpsSvc - ok
    18:21:03.0052 0324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:21:03.0052 0324 MRxDAV - ok
    18:21:03.0083 0324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:21:03.0083 0324 mrxsmb - ok
    18:21:03.0130 0324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:21:03.0130 0324 mrxsmb10 - ok
    18:21:03.0145 0324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:21:03.0161 0324 mrxsmb20 - ok
    18:21:03.0161 0324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:21:03.0176 0324 msahci - ok
    18:21:03.0192 0324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:21:03.0192 0324 msdsm - ok
    18:21:03.0223 0324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:21:03.0223 0324 MSDTC - ok
    18:21:03.0270 0324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:21:03.0270 0324 Msfs - ok
    18:21:03.0286 0324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:21:03.0286 0324 mshidkmdf - ok
    18:21:03.0317 0324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:21:03.0317 0324 msisadrv - ok
    18:21:03.0348 0324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:21:03.0348 0324 MSiSCSI - ok
    18:21:03.0364 0324 msiserver - ok
    18:21:03.0395 0324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:21:03.0395 0324 MSKSSRV - ok
    18:21:03.0410 0324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:21:03.0410 0324 MSPCLOCK - ok
    18:21:03.0410 0324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:21:03.0410 0324 MSPQM - ok
    18:21:03.0473 0324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:21:03.0473 0324 MsRPC - ok
    18:21:03.0488 0324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:21:03.0488 0324 mssmbios - ok
    18:21:03.0520 0324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:21:03.0520 0324 MSTEE - ok
    18:21:03.0535 0324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:21:03.0535 0324 MTConfig - ok
    18:21:03.0582 0324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:21:03.0582 0324 Mup - ok
    18:21:03.0629 0324 mv2 (621c40398b1a0242acbcc2ba65c23a66) C:\Windows\system32\DRIVERS\mv2.sys
    18:21:03.0629 0324 mv2 - ok
    18:21:03.0676 0324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:21:03.0691 0324 napagent - ok
    18:21:03.0722 0324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:21:03.0738 0324 NativeWifiP - ok
    18:21:03.0800 0324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:21:03.0800 0324 NDIS - ok
    18:21:03.0832 0324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:21:03.0847 0324 NdisCap - ok
    18:21:03.0878 0324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:21:03.0878 0324 NdisTapi - ok
    18:21:03.0910 0324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:21:03.0910 0324 Ndisuio - ok
    18:21:03.0956 0324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:21:03.0956 0324 NdisWan - ok
    18:21:03.0972 0324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:21:03.0972 0324 NDProxy - ok
    18:21:04.0034 0324 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    18:21:04.0034 0324 Net Driver HPZ12 - ok
    18:21:04.0050 0324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:21:04.0050 0324 NetBIOS - ok
    18:21:04.0066 0324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:21:04.0066 0324 NetBT - ok
    18:21:04.0097 0324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:21:04.0097 0324 Netlogon - ok
    18:21:04.0128 0324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:21:04.0144 0324 Netman - ok
    18:21:04.0175 0324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:21:04.0175 0324 netprofm - ok
    18:21:04.0268 0324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:21:04.0268 0324 NetTcpPortSharing - ok
    18:21:04.0300 0324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:21:04.0300 0324 nfrd960 - ok
    18:21:04.0456 0324 NIHardwareService (de7a5ad69e0d9a40867a5e8a9675cc26) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    18:21:04.0534 0324 NIHardwareService - ok
    18:21:04.0549 0324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:21:04.0565 0324 NlaSvc - ok
    18:21:04.0580 0324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:21:04.0580 0324 Npfs - ok
    18:21:04.0612 0324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:21:04.0627 0324 nsi - ok
    18:21:04.0658 0324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:21:04.0658 0324 nsiproxy - ok
    18:21:04.0705 0324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:21:04.0736 0324 Ntfs - ok
    18:21:04.0814 0324 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    18:21:04.0814 0324 NTI IScheduleSvc - ok
    18:21:04.0830 0324 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    18:21:04.0830 0324 NTIDrvr - ok
    18:21:04.0846 0324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:21:04.0846 0324 Null - ok
    18:21:04.0892 0324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:21:04.0892 0324 nvraid - ok
    18:21:04.0924 0324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:21:04.0924 0324 nvstor - ok
    18:21:04.0955 0324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:21:04.0955 0324 nv_agp - ok
    18:21:05.0017 0324 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:21:05.0033 0324 odserv - ok
    18:21:05.0064 0324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:21:05.0064 0324 ohci1394 - ok
    18:21:05.0095 0324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:21:05.0095 0324 ose - ok
    18:21:05.0142 0324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:21:05.0142 0324 p2pimsvc - ok
    18:21:05.0158 0324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:21:05.0173 0324 p2psvc - ok
    18:21:05.0189 0324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:21:05.0189 0324 Parport - ok
    18:21:05.0236 0324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    18:21:05.0236 0324 partmgr - ok
    18:21:05.0236 0324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:21:05.0251 0324 PcaSvc - ok
    18:21:05.0282 0324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:21:05.0282 0324 pci - ok
    18:21:05.0298 0324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:21:05.0298 0324 pciide - ok
    18:21:05.0314 0324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:21:05.0314 0324 pcmcia - ok
    18:21:05.0329 0324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:21:05.0329 0324 pcw - ok
    18:21:05.0345 0324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:21:05.0360 0324 PEAUTH - ok
    18:21:05.0407 0324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:21:05.0407 0324 PerfHost - ok
    18:21:05.0485 0324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:21:05.0501 0324 pla - ok
    18:21:05.0563 0324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:21:05.0563 0324 PlugPlay - ok
    18:21:05.0626 0324 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    18:21:05.0626 0324 Pml Driver HPZ12 - ok
    18:21:05.0657 0324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:21:05.0657 0324 PNRPAutoReg - ok
    18:21:05.0672 0324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:21:05.0688 0324 PNRPsvc - ok
    18:21:05.0735 0324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:21:05.0735 0324 PolicyAgent - ok
    18:21:05.0766 0324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:21:05.0766 0324 Power - ok
    18:21:05.0813 0324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:21:05.0813 0324 PptpMiniport - ok
    18:21:05.0844 0324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:21:05.0844 0324 Processor - ok
    18:21:05.0891 0324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    18:21:05.0906 0324 ProfSvc - ok
    18:21:05.0938 0324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:21:05.0938 0324 ProtectedStorage - ok
    18:21:05.0969 0324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:21:05.0969 0324 Psched - ok
    18:21:06.0031 0324 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    18:21:06.0031 0324 PSI - ok
    18:21:06.0062 0324 PxHlpa64 (f2eecf8977bd3fe4e38743ddcfbecd20) C:\Windows\system32\Drivers\PxHlpa64.sys
    18:21:06.0062 0324 PxHlpa64 - ok
    18:21:06.0109 0324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:21:06.0125 0324 ql2300 - ok
    18:21:06.0140 0324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:21:06.0140 0324 ql40xx - ok
    18:21:06.0172 0324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:21:06.0187 0324 QWAVE - ok
    18:21:06.0203 0324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:21:06.0203 0324 QWAVEdrv - ok
    18:21:06.0218 0324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:21:06.0218 0324 RasAcd - ok
    18:21:06.0250 0324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:21:06.0250 0324 RasAgileVpn - ok
    18:21:06.0281 0324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:21:06.0281 0324 RasAuto - ok
    18:21:06.0281 0324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:21:06.0296 0324 Rasl2tp - ok
    18:21:06.0343 0324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:21:06.0343 0324 RasMan - ok
    18:21:06.0359 0324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:21:06.0359 0324 RasPppoe - ok
    18:21:06.0374 0324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:21:06.0374 0324 RasSstp - ok
    18:21:06.0406 0324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:21:06.0406 0324 rdbss - ok
    18:21:06.0421 0324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:21:06.0421 0324 rdpbus - ok
    18:21:06.0437 0324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:21:06.0437 0324 RDPCDD - ok
    18:21:06.0468 0324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:21:06.0468 0324 RDPENCDD - ok
    18:21:06.0484 0324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:21:06.0484 0324 RDPREFMP - ok
    18:21:06.0530 0324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    18:21:06.0530 0324 RDPWD - ok
    18:21:06.0546 0324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:21:06.0546 0324 rdyboost - ok
    18:21:06.0577 0324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:21:06.0577 0324 RemoteAccess - ok
    18:21:06.0624 0324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:21:06.0624 0324 RemoteRegistry - ok
    18:21:06.0671 0324 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    18:21:06.0671 0324 RimUsb - ok
    18:21:06.0780 0324 RoxMediaDB13 (879bf5333a3df407019fb16b35f2a352) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
    18:21:06.0796 0324 RoxMediaDB13 - ok
    18:21:06.0827 0324 RoxWatch12 (ddb9fe116df539ad256ab18c9bca883b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
    18:21:06.0842 0324 RoxWatch12 - ok
    18:21:06.0858 0324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:21:06.0858 0324 RpcEptMapper - ok
    18:21:06.0874 0324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:21:06.0874 0324 RpcLocator - ok
    18:21:06.0936 0324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:21:06.0936 0324 RpcSs - ok
    18:21:06.0983 0324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:21:06.0983 0324 rspndr - ok
    18:21:07.0030 0324 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
    18:21:07.0030 0324 Sahdad64 - ok
    18:21:07.0061 0324 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
    18:21:07.0061 0324 Saibad64 - ok
    18:21:07.0092 0324 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
    18:21:07.0092 0324 SaibVdAd64 - ok
    18:21:07.0108 0324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:21:07.0108 0324 SamSs - ok
    18:21:07.0139 0324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:21:07.0139 0324 sbp2port - ok
    18:21:07.0170 0324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:21:07.0170 0324 SCardSvr - ok
    18:21:07.0201 0324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:21:07.0201 0324 scfilter - ok
    18:21:07.0232 0324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:21:07.0248 0324 Schedule - ok
    18:21:07.0295 0324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:21:07.0295 0324 SCPolicySvc - ok
    18:21:07.0326 0324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:21:07.0342 0324 SDRSVC - ok
    18:21:07.0404 0324 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    18:21:07.0404 0324 SeaPort - ok
    18:21:07.0435 0324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:21:07.0435 0324 secdrv - ok
    18:21:07.0466 0324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:21:07.0466 0324 seclogon - ok
    18:21:07.0498 0324 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    18:21:07.0513 0324 Secunia PSI Agent - ok
    18:21:07.0529 0324 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files (x86)\Secunia\PSI\sua.exe
    18:21:07.0529 0324 Secunia Update Agent - ok
    18:21:07.0544 0324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    18:21:07.0544 0324 SENS - ok
    18:21:07.0576 0324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:21:07.0576 0324 SensrSvc - ok
    18:21:07.0607 0324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:21:07.0607 0324 Serenum - ok
    18:21:07.0607 0324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:21:07.0607 0324 Serial - ok
    18:21:07.0654 0324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:21:07.0654 0324 sermouse - ok
    18:21:07.0716 0324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:21:07.0716 0324 SessionEnv - ok
    18:21:07.0747 0324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:21:07.0747 0324 sffdisk - ok
    18:21:07.0778 0324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:21:07.0778 0324 sffp_mmc - ok
    18:21:07.0794 0324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:21:07.0794 0324 sffp_sd - ok
    18:21:07.0810 0324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:21:07.0810 0324 sfloppy - ok
    18:21:07.0856 0324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:21:07.0856 0324 SharedAccess - ok
    18:21:07.0903 0324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:21:07.0903 0324 ShellHWDetection - ok
    18:21:07.0903 0324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:21:07.0919 0324 SiSRaid2 - ok
    18:21:07.0919 0324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:21:07.0919 0324 SiSRaid4 - ok
    18:21:07.0950 0324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:21:07.0950 0324 Smb - ok
    18:21:07.0966 0324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:21:07.0966 0324 SNMPTRAP - ok
    18:21:07.0981 0324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:21:07.0981 0324 spldr - ok
    18:21:08.0028 0324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:21:08.0028 0324 Spooler - ok
    18:21:08.0122 0324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:21:08.0184 0324 sppsvc - ok
    18:21:08.0215 0324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:21:08.0215 0324 sppuinotify - ok
    18:21:08.0278 0324 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
    18:21:08.0293 0324 sptd - ok
    18:21:08.0340 0324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:21:08.0340 0324 srv - ok
    18:21:08.0356 0324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:21:08.0371 0324 srv2 - ok
    18:21:08.0387 0324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:21:08.0387 0324 srvnet - ok
    18:21:08.0418 0324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:21:08.0418 0324 SSDPSRV - ok
    18:21:08.0449 0324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:21:08.0449 0324 SstpSvc - ok
    18:21:08.0480 0324 StarPortLite (b90634b0b0b9665ed7430ee08cdd14b2) C:\Windows\system32\DRIVERS\StarPortLite.sys
    18:21:08.0480 0324 StarPortLite - ok
    18:21:08.0512 0324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:21:08.0512 0324 stexstor - ok
    18:21:08.0543 0324 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    18:21:08.0543 0324 StillCam - ok
    18:21:08.0590 0324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:21:08.0605 0324 stisvc - ok
    18:21:08.0652 0324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:21:08.0652 0324 swenum - ok
    18:21:08.0668 0324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:21:08.0683 0324 swprv - ok
    18:21:08.0714 0324 SysCow (1f1d1bcc1b746de700e3e21d758262a7) C:\Windows\system32\drivers\syscowad64v.sys
    18:21:08.0730 0324 SysCow - ok
    18:21:08.0792 0324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:21:08.0839 0324 SysMain - ok
    18:21:08.0870 0324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:21:08.0886 0324 TabletInputService - ok
    18:21:08.0917 0324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:21:08.0917 0324 TapiSrv - ok
    18:21:08.0933 0324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:21:08.0933 0324 TBS - ok
    18:21:09.0011 0324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    18:21:09.0042 0324 Tcpip - ok
    18:21:09.0089 0324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    18:21:09.0089 0324 TCPIP6 - ok
    18:21:09.0136 0324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:21:09.0136 0324 tcpipreg - ok
    18:21:09.0167 0324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:21:09.0167 0324 TDPIPE - ok
    18:21:09.0167 0324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    18:21:09.0182 0324 TDTCP - ok
    18:21:09.0214 0324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:21:09.0214 0324 tdx - ok
    18:21:09.0245 0324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:21:09.0245 0324 TermDD - ok
    18:21:09.0276 0324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:21:09.0292 0324 TermService - ok
    18:21:09.0292 0324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:21:09.0292 0324 Themes - ok
    18:21:09.0307 0324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:21:09.0323 0324 THREADORDER - ok
    18:21:09.0323 0324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:21:09.0323 0324 TrkWks - ok
    18:21:09.0354 0324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:21:09.0354 0324 TrustedInstaller - ok
    18:21:09.0385 0324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:21:09.0401 0324 tssecsrv - ok
    18:21:09.0432 0324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:21:09.0432 0324 TsUsbFlt - ok
    18:21:09.0448 0324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:21:09.0463 0324 tunnel - ok
    18:21:09.0588 0324 TVersityMediaServer (685a80878bab2e587b07053793c47bc4) C:\Users\Pierce\AppData\Local\TVersity\Media Server\MediaServer.exe
    18:21:09.0588 0324 TVersityMediaServer - ok
    18:21:09.0635 0324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:21:09.0635 0324 uagp35 - ok
    18:21:09.0650 0324 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    18:21:09.0650 0324 UBHelper - ok
    18:21:09.0682 0324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:21:09.0682 0324 udfs - ok
    18:21:09.0728 0324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:21:09.0728 0324 UI0Detect - ok
    18:21:09.0760 0324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:21:09.0775 0324 uliagpkx - ok
    18:21:09.0822 0324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:21:09.0822 0324 umbus - ok
    18:21:09.0853 0324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:21:09.0853 0324 UmPass - ok
    18:21:09.0884 0324 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    18:21:09.0884 0324 Updater Service - ok
    18:21:09.0900 0324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:21:09.0916 0324 upnphost - ok
    18:21:09.0962 0324 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    18:21:09.0962 0324 USBAAPL64 - ok
    18:21:09.0978 0324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:21:09.0978 0324 usbccgp - ok
    18:21:10.0025 0324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:21:10.0025 0324 usbcir - ok
    18:21:10.0056 0324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:21:10.0056 0324 usbehci - ok
    18:21:10.0087 0324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:21:10.0087 0324 usbhub - ok
    18:21:10.0118 0324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    18:21:10.0118 0324 usbohci - ok
    18:21:10.0165 0324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:21:10.0165 0324 usbprint - ok
    18:21:10.0196 0324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:21:10.0196 0324 USBSTOR - ok
    18:21:10.0212 0324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:21:10.0212 0324 usbuhci - ok
    18:21:10.0306 0324 uvnc_service (dc21a408dc2b8da41ffc1ae6c015e748) C:\Program Files\UltraVNC2\WinVNC.exe
    18:21:10.0352 0324 uvnc_service - ok
    18:21:10.0384 0324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:21:10.0384 0324 UxSms - ok
    18:21:10.0415 0324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:21:10.0415 0324 VaultSvc - ok
    18:21:10.0446 0324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:21:10.0446 0324 vdrvroot - ok
    18:21:10.0493 0324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:21:10.0493 0324 vds - ok
    18:21:10.0508 0324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:21:10.0508 0324 vga - ok
    18:21:10.0524 0324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:21:10.0524 0324 VgaSave - ok
    18:21:10.0571 0324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:21:10.0571 0324 vhdmp - ok
    18:21:10.0618 0324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:21:10.0618 0324 viaide - ok
    18:21:10.0649 0324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:21:10.0649 0324 volmgr - ok
    18:21:10.0696 0324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:21:10.0696 0324 volmgrx - ok
    18:21:10.0711 0324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:21:10.0711 0324 volsnap - ok
    18:21:10.0742 0324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:21:10.0742 0324 vsmraid - ok
    18:21:10.0789 0324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:21:10.0805 0324 VSS - ok
    18:21:10.0852 0324 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\Windows\system32\DRIVERS\vuhub.sys
    18:21:10.0852 0324 vuhub - ok
    18:21:10.0883 0324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:21:10.0883 0324 vwifibus - ok
    18:21:10.0930 0324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:21:10.0930 0324 W32Time - ok
    18:21:10.0961 0324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:21:10.0961 0324 WacomPen - ok
    18:21:11.0008 0324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:21:11.0008 0324 WANARP - ok
    18:21:11.0008 0324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:21:11.0008 0324 Wanarpv6 - ok
    18:21:11.0086 0324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:21:11.0101 0324 WatAdminSvc - ok
    18:21:11.0164 0324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:21:11.0179 0324 wbengine - ok
    18:21:11.0210 0324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:21:11.0226 0324 WbioSrvc - ok
    18:21:11.0257 0324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:21:11.0273 0324 wcncsvc - ok
    18:21:11.0273 0324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:21:11.0288 0324 WcsPlugInService - ok
    18:21:11.0288 0324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:21:11.0288 0324 Wd - ok
    18:21:11.0320 0324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    18:21:11.0320 0324 WDC_SAM - ok
    18:21:11.0351 0324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:21:11.0351 0324 Wdf01000 - ok
    18:21:11.0366 0324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:21:11.0366 0324 WdiServiceHost - ok
    18:21:11.0382 0324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:21:11.0398 0324 WdiSystemHost - ok
    18:21:11.0413 0324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:21:11.0413 0324 WebClient - ok
    18:21:11.0429 0324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:21:11.0444 0324 Wecsvc - ok
    18:21:11.0460 0324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:21:11.0460 0324 wercplsupport - ok
    18:21:11.0476 0324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:21:11.0476 0324 WerSvc - ok
    18:21:11.0507 0324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:21:11.0507 0324 WfpLwf - ok
    18:21:11.0538 0324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:21:11.0538 0324 WIMMount - ok
    18:21:11.0585 0324 WinDefend - ok
    18:21:11.0585 0324 WinHttpAutoProxySvc - ok
    18:21:11.0632 0324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:21:11.0632 0324 Winmgmt - ok
    18:21:11.0694 0324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:21:11.0741 0324 WinRM - ok
    18:21:11.0803 0324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:21:11.0803 0324 WinUsb - ok
    18:21:11.0850 0324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:21:11.0866 0324 Wlansvc - ok
    18:21:11.0944 0324 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:21:11.0944 0324 wlcrasvc - ok
    18:21:12.0053 0324 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:21:12.0115 0324 wlidsvc - ok
    18:21:12.0178 0324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:21:12.0178 0324 WmiAcpi - ok
    18:21:12.0224 0324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:21:12.0224 0324 wmiApSrv - ok
    18:21:12.0271 0324 WMPNetworkSvc - ok
    18:21:12.0287 0324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:21:12.0302 0324 WPCSvc - ok
    18:21:12.0334 0324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:21:12.0349 0324 WPDBusEnum - ok
    18:21:12.0365 0324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:21:12.0365 0324 ws2ifsl - ok
    18:21:12.0396 0324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    18:21:12.0396 0324 wscsvc - ok
    18:21:12.0396 0324 WSearch - ok
    18:21:12.0474 0324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    18:21:12.0521 0324 wuauserv - ok
    18:21:12.0568 0324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:21:12.0568 0324 WudfPf - ok
    18:21:12.0614 0324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:21:12.0614 0324 WUDFRd - ok
    18:21:12.0614 0324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:21:12.0614 0324 wudfsvc - ok
    18:21:12.0646 0324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:21:12.0646 0324 WwanSvc - ok
    18:21:12.0677 0324 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    18:21:12.0677 0324 xusb21 - ok
    18:21:12.0708 0324 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
    18:21:12.0708 0324 yukonw7 - ok
    18:21:12.0739 0324 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
    18:21:15.0048 0324 \Device\Harddisk0\DR0 - ok
    18:21:15.0064 0324 Boot (0x1200) (78bb8f18b4f60916c912ce5fc1daee69) \Device\Harddisk0\DR0\Partition0
    18:21:15.0064 0324 \Device\Harddisk0\DR0\Partition0 - ok
    18:21:15.0079 0324 Boot (0x1200) (3bdb7083c4413064e872a8ac4c828fdf) \Device\Harddisk0\DR0\Partition1
    18:21:15.0079 0324 \Device\Harddisk0\DR0\Partition1 - ok
    18:21:15.0079 0324 ============================================================
    18:21:15.0079 0324 Scan finished
    18:21:15.0079 0324 ============================================================
    18:21:15.0079 1748 Detected object count: 0
    18:21:15.0079 1748 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  8. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    no infections found
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    ComboFix 12-03-21.02 - Pierce 03/21/2012 19:26:15.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5886.4121 [GMT -7:00]
    Running from: c:\users\Pierce\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\SysWow64\mshtml.dll was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!SysWOW64!mshtml.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-22 02:33 . 2012-03-22 02:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{723FD9CB-74EB-4E9F-9B40-B514F78F2E87}\offreg.dll
    2012-03-22 02:32 . 2012-03-22 02:32 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-03-22 02:32 . 2012-03-22 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-17 09:34 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{723FD9CB-74EB-4E9F-9B40-B514F78F2E87}\mpengine.dll
    2012-03-12 03:40 . 2012-03-12 03:40 -------- d-----w- c:\users\Pierce\Desktopa
    2012-03-05 04:47 . 2012-03-05 04:47 -------- d-----w- c:\users\Pierce\AppData\Local\SKIDROW
    2012-03-05 04:47 . 2012-03-05 04:47 -------- d-----w- c:\users\Pierce\AppData\Local\BigHugeEngine
    2012-03-05 04:44 . 2012-03-05 04:44 -------- d-----w- c:\users\Public\OEM
    2012-02-27 21:04 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-27 21:04 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-27 21:04 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-02-27 21:04 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-02-27 21:04 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-02-27 21:04 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-02-27 21:04 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-02-27 21:04 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-02-26 04:50 . 2012-02-26 04:50 -------- d-----w- c:\users\Pierce\AppData\Local\AMD
    2012-02-26 04:50 . 2012-02-26 04:50 -------- d-----w- c:\programdata\ATI
    2012-02-26 04:50 . 2012-02-26 04:50 -------- d-----w- c:\program files (x86)\AMD APP
    2012-02-26 04:50 . 2012-02-26 04:50 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2012-02-26 04:50 . 2012-02-26 04:50 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2012-02-26 04:49 . 2012-02-26 04:49 -------- d-----w- c:\programdata\AMD
    2012-02-26 04:49 . 2010-02-18 17:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
    2012-02-26 04:44 . 2012-02-26 04:44 -------- d-----w- C:\AMD
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-08 17:56 . 2011-09-16 02:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 17:18 . 2010-09-13 01:37 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 01:46 . 2012-01-04 01:46 53248 ----a-r- c:\users\Pierce\AppData\Roaming\Microsoft\Installer\{3A9527CF-4E91-4683-A03F-F1AD022126E5}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
    "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
    "CPMonitor"="c:\program files (x86)\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-13 506352]
    "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
    .
    c:\users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Pierce\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-1 1207312]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-03 1038088]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
    R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
    R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 BOTService;BOTService;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
    S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S0 SysCow;SysCow;c:\windows\system32\drivers\syscowad64v.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
    S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]
    S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-10 457200]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-02-26 5017600]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S2 uvnc_service;uvnc_service;c:\program files\UltraVNC2\WinVNC.exe [2009-12-07 1793976]
    S3 a8djavs_x64;a8djavs_x64;c:\windows\system32\Drivers\a8djavs_x64.sys [x]
    S3 a8djusb_x64;a8djusb_x64;c:\windows\system32\Drivers\a8djusb_x64.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 20:45]
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 20:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pierce\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-21 8115744]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{01B61CB0-4163-4636-81E5-CCE5B6F9B06a} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\users\Pierce\AppData\Local\TVersity\Media Server\MediaServer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-21 19:42:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-22 02:42
    .
    Pre-Run: 545,943,592,960 bytes free
    Post-Run: 545,791,590,400 bytes free
    .
    - - End Of File - - 1139F1653189662B5B0B1DDDAF046B58
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    computer is running noticeably better thank you very much

    OTL log pt 1

    OTL logfile created on: 3/21/2012 8:51:09 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Pierce\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 68.08% Memory free
    11.49 Gb Paging File | 9.24 Gb Available in Paging File | 80.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 915.41 Gb Total Space | 506.22 Gb Free Space | 55.30% Space Free | Partition Type: NTFS
    Drive K: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ACERMEDIAROOM | User Name: Pierce | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/21 20:49:05 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Downloads\OTL.exe
    PRC - [2012/03/09 18:36:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pierce\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/07/15 02:03:00 | 000,021,488 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    PRC - [2011/07/08 13:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
    PRC - [2011/06/12 20:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2011/04/18 23:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/09 18:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2010/07/24 23:26:02 | 000,884,736 | ---- | M] () -- C:\Users\Pierce\AppData\Local\TVersity\Media Server\MediaServer.exe
    PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/08/12 15:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2008/05/24 15:02:50 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Icecast2 Win32\icecastService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/09 18:36:08 | 001,911,736 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/03/08 10:56:23 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/07/08 13:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/12 20:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/12/05 23:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/12/05 20:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/02 18:29:23 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/02/26 09:28:40 | 005,017,600 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
    SRV:64bit: - [2009/12/07 00:22:14 | 001,793,976 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC2\winvnc.exe -- (uvnc_service)
    SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2011/07/15 02:03:00 | 000,021,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
    SRV - [2011/07/13 08:41:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
    SRV - [2011/07/13 08:41:30 | 001,095,664 | ---- | M] (Rovi Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
    SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/09 18:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
    SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/07/30 19:57:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/07/24 23:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Users\Pierce\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/24 15:02:50 | 000,417,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Icecast2 Win32\icecastService.exe -- (Icecast-trunk)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/05 20:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/12/05 20:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/12/05 19:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/11/28 10:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/11/28 10:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/11/28 10:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/11/28 10:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/11/28 10:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/11/28 10:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2011/05/24 04:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/02/09 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
    DRV:64bit: - [2011/02/09 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
    DRV:64bit: - [2011/02/09 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/13 18:02:37 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
    DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/07/24 16:32:46 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/06/03 08:07:18 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
    DRV:64bit: - [2010/05/23 20:47:08 | 000,164,848 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\syscowad64v.sys -- (SysCow)
    DRV:64bit: - [2010/05/06 02:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/10/07 00:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/10/07 00:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/17 09:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
    DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2009/06/17 09:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
    DRV:64bit: - [2009/06/17 09:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2008/12/09 01:59:42 | 000,233,488 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\a8djusb_x64.sys -- (a8djusb_x64)
    DRV:64bit: - [2008/12/09 01:59:42 | 000,044,560 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\a8djavs_x64.sys -- (a8djavs_x64)
    DRV:64bit: - [2008/11/20 10:34:26 | 000,117,352 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
    DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2008/04/01 13:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2007/12/17 20:25:20 | 000,014,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbstub.sys -- (eltima_usb_stub)
    DRV:64bit: - [2007/12/17 20:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B0 1C B6 01 63 41 36 46 81 E5 CC E5 B6 F9 B0 6A [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B0 1C B6 01 63 41 36 46 81 E5 CC E5 B6 F9 B0 6A [binary data]

    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m3300&r=17360710z216p04d5v125w4541s235
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B0 1C B6 01 63 41 36 46 81 E5 CC E5 B6 F9 B0 6A [binary data]
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS389US389
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
    FF - prefs.js..extensions.enabledItems: {246B0AC1-31AB-4786-A4CC-A6AF89647D7F}:0.3.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Pierce\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 19:05:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/03 09:52:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 10:50:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 18:54:21 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 19:05:27 | 000,000,000 | ---D | M]

    [2010/07/24 13:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Extensions
    [2012/03/16 10:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions
    [2010/08/14 11:19:40 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
    [2010/07/24 15:03:53 | 000,000,000 | ---D | M] (Wikipedia Lookup Add-on) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\{246B0AC1-31AB-4786-A4CC-A6AF89647D7F}
    [2012/03/04 23:04:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/03/16 10:49:35 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2012/03/04 23:04:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/10/22 17:27:09 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2011/08/28 13:02:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\firefox@tvunetworks.com
    [2010/10/03 11:34:53 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Pierce\AppData\Roaming\Mozilla\Firefox\Profiles\r0dtcpxo.default\extensions\vshare@toolbar
    [2012/03/16 10:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/03 09:52:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    () (No name found) -- C:\USERS\PIERCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R0DTCPXO.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
    [2012/03/09 18:36:40 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/09 18:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/09 18:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/21 19:34:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {01B61CB0-4163-4636-81E5-CCE5B6F9B06a} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Rovi Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pierce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2092210950-1611175034-646978345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{865521DE-8F0F-4D93-A21B-3C85E0F89724}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/25 02:27:38 | 000,000,052 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  13. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    otl log pt2

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/21 19:50:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/21 19:23:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/21 19:23:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/21 19:23:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/21 19:23:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/16 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Desktop\aarons wall pics
    [2012/03/11 20:40:54 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Desktopa
    [2012/03/10 11:31:38 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\{0CA66095-7561-487F-A397-7D3B6AC17D73}
    [2012/03/10 11:31:16 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\{03A94F98-612F-44A6-9088-B0BC3BB4764E}
    [2012/03/04 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\SKIDROW
    [2012/03/04 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Documents\My Games
    [2012/03/04 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\BigHugeEngine
    [2012/03/04 21:07:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/25 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\AMD
    [2012/02/25 21:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/02/25 21:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/02/25 21:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2012/02/25 21:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2012/02/25 21:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/02/25 21:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
    [2012/02/25 21:44:15 | 000,000,000 | ---D | C] -- C:\AMD

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 20:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/21 19:57:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 19:57:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 19:49:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 19:49:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/21 19:49:27 | 334,196,735 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/21 19:34:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/20 23:48:26 | 000,000,512 | ---- | M] () -- C:\Users\Pierce\Desktop\MBR.dat
    [2012/03/18 13:43:01 | 663,757,586 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/18 10:44:14 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/16 19:39:17 | 071,110,740 | ---- | M] () -- C:\Users\Pierce\Desktop\drybones.avi
    [2012/03/16 14:55:11 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/16 14:55:11 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/16 14:55:11 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/16 10:50:59 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/27 14:44:39 | 003,063,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/03/21 19:23:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/21 19:23:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/21 19:23:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/21 19:23:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/21 19:23:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/20 23:48:26 | 000,000,512 | ---- | C] () -- C:\Users\Pierce\Desktop\MBR.dat
    [2012/03/18 10:44:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/16 19:54:04 | 071,110,740 | ---- | C] () -- C:\Users\Pierce\Desktop\drybones.avi
    [2012/03/08 11:12:53 | 663,757,586 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
    [2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/12/05 19:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/12/05 19:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/06/05 10:53:58 | 000,000,171 | ---- | C] () -- C:\Windows\icecast2.ini
    [2010/09/19 08:56:53 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/08/26 15:34:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/19 19:35:24 | 000,000,600 | ---- | C] () -- C:\Users\Pierce\AppData\Roaming\winscp.rnd
    [2010/08/07 22:22:50 | 000,011,776 | ---- | C] () -- C:\Users\Pierce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/25 14:04:32 | 000,210,625 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2010/07/25 14:04:32 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
    [2010/07/24 13:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    ========== LOP Check ==========

    [2010/07/24 13:29:57 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Acer
    [2010/08/18 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\BOXEE
    [2010/07/24 15:07:31 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\COWON
    [2010/09/12 17:42:56 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\DisplayFusion
    [2012/03/21 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Dropbox
    [2011/11/09 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Foxit Software
    [2011/07/05 23:10:17 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Gyazo
    [2010/07/24 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Leadertech
    [2010/08/16 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Mp3tag
    [2010/07/24 19:18:36 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Publish Providers
    [2010/07/24 19:18:39 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Sony
    [2010/08/24 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Steinberg
    [2011/04/23 11:55:01 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\StreamTorrent
    [2010/07/30 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\SWF.max
    [2012/03/13 01:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\uTorrent
    [2011/10/31 22:04:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/11/25 07:35:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/03/21 19:42:50 | 000,017,622 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/21 19:49:27 | 334,196,735 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/12 18:38:15 | 000,067,804 | ---- | M] () -- C:\JavaRa.log
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/03/21 19:49:30 | 1877,254,143 | -HS- | M] () -- C:\pagefile.sys
    [2009/11/25 07:43:13 | 000,002,168 | ---- | M] () -- C:\RHDSetup.log
    [2011/09/01 21:08:59 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2012/03/21 18:25:46 | 000,136,968 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_21.03.2012_18.20.28_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 11:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/12 07:18:42 | 000,000,221 | -HS- | M] () -- C:\Users\Pierce\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/12 18:49:46 | 000,879,028 | ---- | M] () -- C:\Users\Pierce\Desktop\SecurityCheck.exe
    [2011/09/12 18:52:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/21 19:49:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 20:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/21 19:49:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2011/10/31 22:04:15 | 000,032,632 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2007/10/10 19:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/07/02 08:57:12 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/07/02 08:57:12 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/07/02 08:57:12 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/07/02 08:57:12 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/07/02 08:57:12 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/07/02 08:57:12 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/27 14:45:41 | 000,000,402 | -HS- | M] () -- C:\Users\Pierce\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/05 18:50:00 | 000,002,586 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\Pierce\Desktop\drybones.avi:Roxio EMC Stream

    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Extras.txt.
     
  15. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    sorry, forgot about that one

    OTL Extras logfile created on: 3/21/2012 8:51:09 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Pierce\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 68.08% Memory free
    11.49 Gb Paging File | 9.24 Gb Available in Paging File | 80.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 915.41 Gb Total Space | 506.22 Gb Free Space | 55.30% Space Free | Partition Type: NTFS
    Drive K: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ACERMEDIAROOM | User Name: Pierce | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2092210950-1611175034-646978345-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Pierce\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Pierce\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio System Rollback
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "Ultravnc2_is1" = UltraVNC 1.0.8.2
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio System Rollback Recovery Disk
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
    "{302763FD-5CEA-4DFF-80C8-9B41414C4822}" = Roxio CinePlayer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2012 Pro
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}" = Roxio Creator 2012 Pro
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
    "{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE86D656-C887-4EF1-B2D7-2A1075435964}" = Face Filter
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
    "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
    "{F53529E7-07B1-409A-ACE0-3910D2338D12}" = Roxio Creator 2012 Pro
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "avast" = avast! Free Antivirus
    "BOXEE" = Boxee
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader_is1" = Foxit Reader 5.1
    "FreeStar Free AMR MP3 Converter" = FreeStar Free AMR MP3 Converter 1.0.5
    "Icecast2 Win32_is1" = Icecast 2.3.2
    "Identity Card" = Identity Card
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox 10.0.3 (x86 en-US)" = Mozilla Firefox 10.0.3 (x86 en-US)
    "Mp3tag" = Mp3tag v2.46a
    "Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
    "Native Instruments Controller Editor" = Native Instruments Controller Editor
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Traktor" = Native Instruments Traktor
    "Open Codecs" = Xiph.Org Open Codecs 0.85.17777
    "Paragon Easy CD/DVD Recorder 9.0_is1" = Paragon Easy CD/DVD Recorder 9.0
    "SCDNAS" = SHOUTcast DNAS (remove only)
    "Secunia PSI" = Secunia PSI (2.0.0.3003)
    "Soulseek2" = SoulSeek 157 NS 13e
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    "TagScanner_is1" = TagScanner 5.1 build 571
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.2
    "UPCShell" = LeapFrog Connect
    "uTorrent" = ĀµTorrent
    "Veetle TV" = Veetle TV 0.9.18
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2092210950-1611175034-646978345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {01B61CB0-4163-4636-81E5-CCE5B6F9B06a} - No CLSID value found.
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
      @Alternate Data Stream - 76 bytes -> C:\Users\Pierce\Desktop\drybones.avi:Roxio EMC Stream
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    i ran the otl fix, ran security check, ran the fss, saved those logs, tried to run TFC and...

    twice it got severly hung up and i had to hold down the power button to restart, couldn't open task manager. i let it run for quite a while on the second attempt, i didn't want to appear impatient so i ran it on my laptop and it worked very quickly so i know something is wrong running it here on the desktop

    i started windows normally after the manual shut down. would you like me to post the logs from the steps up to tfc now? shall i skip tfc and run the ESET scanner? please advise.

    thanks.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run TFC from safe mode.
     
  19. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    thanks. tfc worked in safe mode.

    otl fix log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01B61CB0-4163-4636-81E5-CCE5B6F9B06a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01B61CB0-4163-4636-81E5-CCE5B6F9B06a}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ADS C:\Users\Pierce\Desktop\drybones.avi:Roxio EMC Stream deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pierce
    ->Temp folder emptied: 73499 bytes
    ->Temporary Internet Files folder emptied: 28691150 bytes
    ->Java cache emptied: 35961 bytes
    ->FireFox cache emptied: 201654114 bytes
    ->Flash cache emptied: 15859 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 764508 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 221.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Pierce
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Pierce
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.1 log created on 03222012_184803

    Files\Folders moved on Reboot...
    C:\Users\Pierce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    security checkup log


    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Secunia PSI (2.0.0.3003)
    Java(TM) 6 Update 29
    Adobe Flash Player 11.1.102.63
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````


    FSS log


    Farbar Service Scanner Version: 01-03-2012
    Ran by Pierce (administrator) on 22-03-2012 at 18:56:07
    Running from "C:\Users\Pierce\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    ESET scan had no results
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. fennisdembo88

    fennisdembo88 TS Rookie Topic Starter Posts: 20

    computer is working great. you are a life saver again!!

    final otl fix log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pierce
    ->Temp folder emptied: 785940 bytes
    ->Temporary Internet Files folder emptied: 2392308 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 35246978 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10618 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 37.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Pierce
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Pierce
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.39.1 log created on 03222012_211843

    Files\Folders moved on Reboot...
    C:\Users\Pierce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    thanks again broni
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...