Solved Please help clean my PC of viruses

cjbrown

Posts: 45   +0
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.29.11
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Clint :: HOME [administrator]
10/29/2012 1:05:00 PM
mbam-log-2012-10-29 (13-05-00).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 433530
Time elapsed: 1 hour(s), 37 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-29 16:28:20
Windows 6.0.6002 Service Pack 2
Running: m7uckdhi.exe


---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccdee67
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ccdee67 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
 
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Clint at 16:30:22 on 2012-10-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4062 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Clint\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3FF713D2-3CCC-47B4-837E-0A9B99FEC298} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-14 752672]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-31 55024]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-4-14 335784]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-7-31 88576]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-7 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-8-5 103472]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-5-29 517632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-4-14 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-4-14 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-4-14 177144]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]
R2 wsnm;VMware View Client Service;C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe [2010-2-10 151552]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-1-7 10567680]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-1-7 325632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-1-7 90128]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-4-14 69672]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-7-31 316544]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-14 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-4-14 513456]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2009-3-5 135168]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-26 196440]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-4-14 106112]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-27 03:50:30 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-27 03:50:30 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-27 03:50:30 157680 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-10-27 03:50:30 149488 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-10-27 03:50:30 149488 ----a-w- C:\Windows\SysWow64\java.exe
2012-10-09 04:12:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 04:12:16 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-20 13:02:52 384512 ----a-w- C:\Windows\System32\services.exe
2012-08-16 08:01:02 62134624 ----a-w- C:\Windows\System32\mrt.exe
.
============= FINISH: 16:30:48.13 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/31/2009 3:12:53 AM
System Uptime: 10/28/2012 4:39:21 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 401.848 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.683 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1175: 9/21/2012 12:00:01 AM - Scheduled Checkpoint
RP1176: 9/22/2012 12:00:01 AM - Scheduled Checkpoint
RP1177: 9/23/2012 12:00:01 AM - Scheduled Checkpoint
RP1178: 9/24/2012 - Scheduled Checkpoint
RP1179: 9/25/2012 - Scheduled Checkpoint
RP1180: 9/26/2012 - Scheduled Checkpoint
RP1181: 9/28/2012 1:36:51 AM - Scheduled Checkpoint
RP1182: 9/30/2012 3:03:19 PM - Scheduled Checkpoint
RP1183: 10/2/2012 12:00:07 AM - Scheduled Checkpoint
RP1184: 10/3/2012 12:00:02 AM - Scheduled Checkpoint
RP1185: 10/4/2012 12:00:01 AM - Scheduled Checkpoint
RP1186: 10/5/2012 12:00:01 AM - Scheduled Checkpoint
RP1187: 10/6/2012 12:41:55 AM - Scheduled Checkpoint
RP1188: 10/7/2012 12:46:31 AM - Scheduled Checkpoint
RP1189: 10/8/2012 - Scheduled Checkpoint
RP1190: 10/9/2012 - Scheduled Checkpoint
RP1191: 10/10/2012 - Scheduled Checkpoint
RP1192: 10/12/2012 11:07:29 PM - Scheduled Checkpoint
RP1193: 10/14/2012 1:21:47 AM - Scheduled Checkpoint
RP1194: 10/14/2012 4:10:10 PM - Scheduled Checkpoint
RP1195: 10/16/2012 - Scheduled Checkpoint
RP1196: 10/17/2012 - Scheduled Checkpoint
RP1197: 10/18/2012 - Scheduled Checkpoint
RP1198: 10/19/2012 - Scheduled Checkpoint
RP1199: 10/20/2012 12:00:01 AM - Scheduled Checkpoint
RP1200: 10/21/2012 - Scheduled Checkpoint
RP1201: 10/22/2012 12:00:01 AM - Scheduled Checkpoint
RP1202: 10/23/2012 - Scheduled Checkpoint
RP1203: 10/24/2012 12:00:01 AM - Scheduled Checkpoint
RP1204: 10/25/2012 - Scheduled Checkpoint
RP1205: 10/26/2012 12:00:01 AM - Scheduled Checkpoint
RP1206: 10/26/2012 10:49:21 PM - Installed Java(TM) 6 Update 37
RP1207: 10/26/2012 10:50:47 PM - Installed Java Runtime Environment
RP1208: 10/28/2012 4:24:53 PM - Scheduled Checkpoint
RP1209: 10/29/2012 3:26:58 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
64 bit Windows Card Reader Driver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0.1
Adobe Reader 9.5.2
Age of Adventure - Playing the Hero
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.15
AMD APP SDK Runtime
AMD Catalyst Install Manager
Any Video Converter 2.7.9
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Ask Toolbar Updater
ATI AVIVO64 Codecs
ATI Catalyst Control Center
Banctec Service Agreement
Big Fish Games: Game Manager
Bing Bar
BufferChm
C6200
C6200_doccd
C6200_Help
Canon RAW Codec
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CCleaner
CCScore
Choice Guard
Contents
Copy
Corel Digital Studio 2010
Corel Paint Shop Pro Photo X2
Corel WinDVD 2010
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Video Chat
Destination Component
DeviceDiscovery
DeviceIO
DeviceManagementQFolder
Diablo III
DocProc
DocProcQFolder
DVDF10
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Fallout: New Vegas
Fax
Feeding Frenzy 2 (remove only)
Gadget
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Half-Life
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 3.5
HP Product Assistant
HP Solution Center 9.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Hulu Desktop
ICA
Intel(R) Network Connections 13.1.33.0
IPM_SU
Java Auto Updater
Java(TM) 6 Update 13 (64-bit)
Java(TM) 6 Update 37
Juniper Networks Host Checker
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
Juniper Terminal Services Client
Junk Mail filter update
Kodak EasyShare software
Logitech Harmony Remote Software
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.65.1.1000
Masque IGT Slots Little Green Men
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2000
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
MLE
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nations Photo Lab ROES
netbrdg
OfotoXMI
Pando Media Booster
PanoStandAlone
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSPH10
PSSWCORE
PureHD
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Setup
SFR
Shaiya(US)
Share
Share64
Shared C Run-time for x64
SHASTA
Sib Icon Editor
Sierra Utilities
skin0001
Skins
SKINXSDK
Skype web features
Skype™ 4.1
SolutionCenter
staticcr
Status
Steam
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
Total Immersion D'Fusion @Home Web Plug-In
TotalAudioConverter
TrayApp
Trojan Remover 6.8.4
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VDS10
VideoToolkit01
VIO
VLC media player 1.0.1
VMware View Client
VPRINTOL
Warcraft III
WebReg
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Mobile Device Updater Component
WinRAR archiver
WIRELESS
Yahoo! Install Manager
Yahoo! Widgets
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 4:40:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SRTSP SRTSPX
10/28/2012 4:40:39 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/28/2012 4:40:39 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/28/2012 4:40:39 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/28/2012 4:40:39 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
10/28/2012 4:40:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
10/28/2012 4:39:51 PM, Error: EventLog [6008] - The previous system shutdown at 4:37:13 PM on 10/28/2012 was unexpected.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
06:52:00.0299 6024 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

06:52:00.0595 6024 ============================================================

06:52:00.0595 6024 Current date / time: 2012/10/30 06:52:00.0595

06:52:00.0595 6024 SystemInfo:

06:52:00.0595 6024

06:52:00.0595 6024 OS Version: 6.0.6002 ServicePack: 2.0

06:52:00.0595 6024 Product type: Workstation

06:52:00.0595 6024 ComputerName: HOME

06:52:00.0595 6024 UserName: Clint

06:52:00.0595 6024 Windows directory: C:\Windows

06:52:00.0595 6024 System windows directory: C:\Windows

06:52:00.0595 6024 Running under WOW64

06:52:00.0595 6024 Processor architecture: Intel x64

06:52:00.0595 6024 Number of processors: 8

06:52:00.0595 6024 Page size: 0x1000

06:52:00.0595 6024 Boot type: Normal boot

06:52:00.0595 6024 ============================================================

06:52:01.0781 6024 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:52:01.0843 6024 ============================================================

06:52:01.0843 6024 \Device\Harddisk0\DR0:

06:52:01.0843 6024 MBR partitions:

06:52:01.0843 6024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000

06:52:01.0843 6024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x48A34000

06:52:01.0843 6024 ============================================================

06:52:01.0859 6024 C: <-> \Device\Harddisk0\DR0\Partition2

06:52:01.0890 6024 D: <-> \Device\Harddisk0\DR0\Partition1

06:52:01.0890 6024 ============================================================

06:52:01.0890 6024 Initialize success

06:52:01.0890 6024 ============================================================

06:52:06.0227 5860 ============================================================

06:52:06.0227 5860 Scan started

06:52:06.0227 5860 Mode: Manual;

06:52:06.0227 5860 ============================================================

06:52:07.0210 5860 ================ Scan system memory ========================

06:52:07.0210 5860 System memory - ok

06:52:07.0210 5860 ================ Scan services =============================

06:52:07.0303 5860 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

06:52:07.0397 5860 ACDaemon - ok

06:52:07.0678 5860 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

06:52:07.0678 5860 ACPI - ok

06:52:07.0818 5860 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

06:52:07.0818 5860 AdobeFlashPlayerUpdateSvc - ok

06:52:07.0896 5860 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

06:52:07.0896 5860 adp94xx - ok

06:52:07.0943 5860 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

06:52:07.0943 5860 adpahci - ok

06:52:07.0958 5860 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

06:52:07.0958 5860 adpu160m - ok

06:52:07.0974 5860 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

06:52:07.0974 5860 adpu320 - ok

06:52:08.0005 5860 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

06:52:08.0005 5860 AeLookupSvc - ok

06:52:08.0068 5860 [ 7394641611EF3AB2D041F104F1E8C1B9 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

06:52:08.0130 5860 AERTFilters - ok

06:52:08.0208 5860 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

06:52:08.0208 5860 AFD - ok

06:52:08.0224 5860 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

06:52:08.0224 5860 agp440 - ok

06:52:08.0255 5860 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

06:52:08.0255 5860 aic78xx - ok

06:52:08.0270 5860 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

06:52:08.0286 5860 ALG - ok

06:52:08.0286 5860 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

06:52:08.0317 5860 aliide - ok

06:52:08.0364 5860 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

06:52:08.0395 5860 AMD External Events Utility - ok

06:52:08.0395 5860 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

06:52:08.0395 5860 amdide - ok

06:52:08.0411 5860 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

06:52:08.0411 5860 AmdK8 - ok

06:52:09.0082 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

06:52:09.0113 5860 amdkmdag - ok

06:52:09.0160 5860 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

06:52:09.0206 5860 amdkmdap - ok

06:52:09.0238 5860 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

06:52:09.0238 5860 Appinfo - ok

06:52:09.0284 5860 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

06:52:09.0284 5860 arc - ok

06:52:09.0316 5860 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

06:52:09.0316 5860 arcsas - ok

06:52:09.0331 5860 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

06:52:09.0347 5860 AsyncMac - ok

06:52:09.0378 5860 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

06:52:09.0378 5860 atapi - ok

06:52:09.0456 5860 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys

06:52:09.0487 5860 AtiHDAudioService - ok

06:52:09.0674 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

06:52:09.0721 5860 atikmdag - ok

06:52:09.0768 5860 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

06:52:09.0768 5860 AudioEndpointBuilder - ok

06:52:09.0784 5860 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

06:52:09.0784 5860 AudioSrv - ok

06:52:09.0846 5860 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

06:52:09.0893 5860 BBSvc - ok

06:52:09.0940 5860 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

06:52:09.0986 5860 BBUpdate - ok

06:52:10.0002 5860 Beep - ok

06:52:10.0018 5860 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

06:52:10.0018 5860 blbdrive - ok

06:52:10.0080 5860 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

06:52:10.0111 5860 bowser - ok

06:52:10.0127 5860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

06:52:10.0127 5860 BrFiltLo - ok

06:52:10.0127 5860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

06:52:10.0142 5860 BrFiltUp - ok

06:52:10.0174 5860 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

06:52:10.0174 5860 Browser - ok

06:52:10.0205 5860 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

06:52:10.0205 5860 Brserid - ok

06:52:10.0236 5860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

06:52:10.0236 5860 BrSerWdm - ok

06:52:10.0236 5860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

06:52:10.0236 5860 BrUsbMdm - ok

06:52:10.0252 5860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

06:52:10.0252 5860 BrUsbSer - ok

06:52:10.0283 5860 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

06:52:10.0283 5860 BthEnum - ok

06:52:10.0283 5860 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

06:52:10.0298 5860 BTHMODEM - ok

06:52:10.0314 5860 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

06:52:10.0314 5860 BthPan - ok

06:52:10.0376 5860 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

06:52:10.0408 5860 BTHPORT - ok

06:52:10.0423 5860 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll

06:52:10.0439 5860 BthServ - ok

06:52:10.0439 5860 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

06:52:10.0486 5860 BTHUSB - ok

06:52:10.0517 5860 [ A44AD9AB3BF98A65EB58662E3C78EAE0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

06:52:10.0564 5860 btwaudio - ok

06:52:10.0595 5860 [ A441D453821A6336F516F97F79BBFA17 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

06:52:10.0626 5860 btwavdt - ok

06:52:10.0657 5860 [ B550C75397D96251A92391555FE5534C ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

06:52:10.0704 5860 btwrchid - ok

06:52:10.0720 5860 catchme - ok

06:52:10.0735 5860 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

06:52:10.0735 5860 cdfs - ok

06:52:10.0766 5860 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

06:52:10.0766 5860 cdrom - ok

06:52:10.0813 5860 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

06:52:10.0813 5860 CertPropSvc - ok

06:52:10.0844 5860 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys

06:52:10.0891 5860 cfwids - ok

06:52:10.0938 5860 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

06:52:10.0954 5860 circlass - ok

06:52:11.0032 5860 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

06:52:11.0047 5860 CLFS - ok

06:52:11.0266 5860 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:52:11.0266 5860 clr_optimization_v2.0.50727_32 - ok

06:52:11.0375 5860 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

06:52:11.0390 5860 clr_optimization_v2.0.50727_64 - ok

06:52:11.0515 5860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:52:11.0562 5860 clr_optimization_v4.0.30319_32 - ok

06:52:11.0609 5860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

06:52:11.0656 5860 clr_optimization_v4.0.30319_64 - ok

06:52:11.0671 5860 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

06:52:11.0671 5860 cmdide - ok

06:52:11.0671 5860 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

06:52:11.0718 5860 Compbatt - ok

06:52:11.0734 5860 COMSysApp - ok

06:52:11.0765 5860 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

06:52:11.0765 5860 crcdisk - ok

06:52:11.0812 5860 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll

06:52:11.0812 5860 CryptSvc - ok

06:52:11.0921 5860 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

06:52:11.0921 5860 DcomLaunch - ok

06:52:11.0968 5860 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

06:52:12.0014 5860 DfsC - ok

06:52:12.0092 5860 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

06:52:12.0124 5860 DFSR - ok

06:52:12.0155 5860 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

06:52:12.0170 5860 Dhcp - ok

06:52:12.0186 5860 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

06:52:12.0186 5860 disk - ok

06:52:12.0264 5860 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

06:52:12.0264 5860 Dnscache - ok

06:52:12.0326 5860 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

06:52:12.0389 5860 DockLoginService - ok

06:52:12.0420 5860 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

06:52:12.0420 5860 dot3svc - ok

06:52:12.0451 5860 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

06:52:12.0451 5860 Dot4 - ok

06:52:12.0467 5860 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

06:52:12.0482 5860 Dot4Print - ok

06:52:12.0498 5860 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

06:52:12.0498 5860 dot4usb - ok

06:52:12.0529 5860 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

06:52:12.0529 5860 DPS - ok

06:52:12.0560 5860 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

06:52:12.0560 5860 drmkaud - ok

06:52:12.0623 5860 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

06:52:12.0670 5860 dsNcAdpt - ok

06:52:12.0732 5860 [ DBB553EFC611BFC7FC2E658FFDD3AF33 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

06:52:12.0826 5860 dsNcService - ok

06:52:12.0966 5860 dump_wmimmc - ok

06:52:13.0075 5860 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

06:52:13.0153 5860 DXGKrnl - ok

06:52:13.0200 5860 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

06:52:13.0200 5860 e1express - ok

06:52:13.0216 5860 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

06:52:13.0216 5860 E1G60 - ok

06:52:13.0262 5860 [ B37F6853D6E0C6F5F8EFDE33E831B5F8 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

06:52:13.0309 5860 e1yexpress - ok

06:52:13.0309 5860 EagleX64 - ok

06:52:13.0356 5860 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

06:52:13.0356 5860 EapHost - ok

06:52:13.0403 5860 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

06:52:13.0403 5860 Ecache - ok

06:52:13.0450 5860 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

06:52:13.0450 5860 ehRecvr - ok

06:52:13.0481 5860 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

06:52:13.0496 5860 ehSched - ok

06:52:13.0543 5860 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

06:52:13.0559 5860 ehstart - ok

06:52:13.0590 5860 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

06:52:13.0606 5860 elxstor - ok

06:52:13.0668 5860 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

06:52:13.0668 5860 EMDMgmt - ok

06:52:13.0684 5860 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys

06:52:13.0715 5860 ErrDev - ok

06:52:13.0762 5860 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

06:52:13.0762 5860 EventSystem - ok

06:52:13.0777 5860 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

06:52:13.0793 5860 exfat - ok

06:52:13.0808 5860 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

06:52:13.0808 5860 fastfat - ok

06:52:13.0824 5860 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

06:52:13.0824 5860 fdc - ok

06:52:13.0840 5860 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

06:52:13.0840 5860 fdPHost - ok

06:52:13.0855 5860 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

06:52:13.0855 5860 FDResPub - ok

06:52:13.0871 5860 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

06:52:13.0871 5860 FileInfo - ok

06:52:13.0871 5860 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

06:52:13.0886 5860 Filetrace - ok

06:52:13.0886 5860 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

06:52:13.0886 5860 flpydisk - ok

06:52:13.0918 5860 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

06:52:13.0918 5860 FltMgr - ok

06:52:14.0276 5860 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

06:52:14.0323 5860 FontCache - ok

06:52:14.0354 5860 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

06:52:14.0370 5860 FontCache3.0.0.0 - ok

06:52:14.0386 5860 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

06:52:14.0432 5860 Fs_Rec - ok

06:52:14.0448 5860 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

06:52:14.0448 5860 gagp30kx - ok

06:52:14.0526 5860 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

06:52:14.0542 5860 GoToAssist - ok

06:52:14.0588 5860 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

06:52:14.0604 5860 gpsvc - ok

06:52:14.0760 5860 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

06:52:14.0760 5860 gupdate - ok

06:52:14.0776 5860 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

06:52:14.0776 5860 gupdatem - ok

06:52:14.0854 5860 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

06:52:14.0900 5860 gusvc - ok

06:52:14.0947 5860 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

06:52:14.0947 5860 HdAudAddService - ok

06:52:14.0994 5860 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

06:52:14.0994 5860 HDAudBus - ok

06:52:15.0010 5860 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

06:52:15.0025 5860 HidBth - ok

06:52:15.0025 5860 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

06:52:15.0025 5860 HidIr - ok

06:52:15.0056 5860 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll

06:52:15.0056 5860 hidserv - ok

06:52:15.0088 5860 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

06:52:15.0088 5860 HidUsb - ok

06:52:15.0103 5860 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

06:52:15.0150 5860 HipShieldK - ok

06:52:15.0181 5860 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

06:52:15.0181 5860 hkmsvc - ok

06:52:15.0212 5860 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

06:52:15.0212 5860 HpCISSs - ok

06:52:15.0290 5860 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

06:52:15.0290 5860 hpqcxs08 - ok

06:52:15.0322 5860 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

06:52:15.0322 5860 hpqddsvc - ok

06:52:15.0368 5860 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

06:52:15.0368 5860 HTTP - ok

06:52:15.0384 5860 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

06:52:15.0400 5860 i2omp - ok

06:52:15.0446 5860 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

06:52:15.0462 5860 i8042prt - ok

06:52:15.0493 5860 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\drivers\iastor.sys

06:52:15.0556 5860 iaStor - ok

06:52:15.0571 5860 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

06:52:15.0571 5860 iaStorV - ok

06:52:15.0618 5860 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

06:52:15.0634 5860 idsvc - ok

06:52:15.0634 5860 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

06:52:15.0634 5860 iirsp - ok

06:52:15.0680 5860 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

06:52:15.0680 5860 IKEEXT - ok

06:52:15.0743 5860 [ E28EDF74900E68184F44CFCDD66F1BC3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

06:52:15.0790 5860 IntcAzAudAddService - ok

06:52:15.0805 5860 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys

06:52:15.0805 5860 intelide - ok

06:52:15.0821 5860 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

06:52:15.0821 5860 intelppm - ok

06:52:15.0852 5860 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

06:52:15.0852 5860 IPBusEnum - ok

06:52:15.0899 5860 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:52:15.0899 5860 IpFilterDriver - ok

06:52:15.0899 5860 IpInIp - ok

06:52:15.0914 5860 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

06:52:15.0930 5860 IPMIDRV - ok

06:52:15.0930 5860 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

06:52:15.0946 5860 IPNAT - ok

06:52:15.0946 5860 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

06:52:15.0946 5860 IRENUM - ok

06:52:15.0961 5860 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

06:52:15.0961 5860 isapnp - ok

06:52:16.0008 5860 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

06:52:16.0008 5860 iScsiPrt - ok

06:52:16.0008 5860 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

06:52:16.0024 5860 iteatapi - ok

06:52:16.0039 5860 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

06:52:16.0039 5860 iteraid - ok

06:52:16.0055 5860 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

06:52:16.0055 5860 kbdclass - ok

06:52:16.0070 5860 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

06:52:16.0086 5860 kbdhid - ok

06:52:16.0117 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

06:52:16.0117 5860 KeyIso - ok

06:52:16.0148 5860 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

06:52:16.0195 5860 KSecDD - ok

06:52:16.0211 5860 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

06:52:16.0211 5860 ksthunk - ok

06:52:16.0258 5860 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

06:52:16.0273 5860 KtmRm - ok

06:52:16.0320 5860 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll

06:52:16.0320 5860 LanmanServer - ok

06:52:16.0367 5860 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

06:52:16.0367 5860 LanmanWorkstation - ok

06:52:16.0382 5860 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

06:52:16.0398 5860 lltdio - ok

06:52:16.0414 5860 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

06:52:16.0414 5860 lltdsvc - ok

06:52:16.0429 5860 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

06:52:16.0429 5860 lmhosts - ok

06:52:16.0460 5860 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

06:52:16.0460 5860 LSI_FC - ok

06:52:16.0507 5860 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

06:52:16.0507 5860 LSI_SAS - ok

06:52:16.0507 5860 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

06:52:16.0507 5860 LSI_SCSI - ok

06:52:16.0538 5860 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

06:52:16.0554 5860 luafv - ok

06:52:16.0585 5860 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys

06:52:16.0648 5860 LVPr2M64 - ok

06:52:16.0679 5860 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys

06:52:16.0679 5860 LVPr2Mon - ok

06:52:16.0726 5860 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

06:52:16.0788 5860 LVPrcS64 - ok

06:52:16.0850 5860 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

06:52:16.0913 5860 LVRS64 - ok

06:52:17.0053 5860 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

06:52:17.0131 5860 LVUVC64 - ok

06:52:17.0209 5860 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

06:52:17.0209 5860 McAfee SiteAdvisor Service - ok

06:52:17.0272 5860 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

06:52:17.0350 5860 McciCMService - ok

06:52:17.0381 5860 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe

06:52:17.0443 5860 McciCMService64 - ok

06:52:17.0506 5860 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

06:52:17.0584 5860 McComponentHostService - ok

06:52:17.0724 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:52:17.0724 5860 McMPFSvc - ok

06:52:17.0786 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:52:17.0786 5860 mcmscsvc - ok

06:52:17.0833 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:52:17.0833 5860 McNaiAnn - ok

06:52:17.0974 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:52:17.0974 5860 McNASvc - ok

06:52:18.0067 5860 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

06:52:18.0130 5860 McODS - ok

06:52:18.0145 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:52:18.0145 5860 McProxy - ok

06:52:18.0176 5860 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

06:52:18.0176 5860 McShield - ok

06:52:18.0208 5860 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

06:52:18.0208 5860 Mcx2Svc - ok

06:52:18.0254 5860 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

06:52:18.0254 5860 megasas - ok

06:52:18.0301 5860 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

06:52:18.0301 5860 MegaSR - ok

06:52:18.0348 5860 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

06:52:18.0410 5860 mfeapfk - ok

06:52:18.0457 5860 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

06:52:18.0535 5860 mfeavfk - ok

06:52:18.0551 5860 mfeavfk01 - ok

06:52:18.0582 5860 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

06:52:18.0582 5860 mfefire - ok

06:52:18.0598 5860 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

06:52:18.0676 5860 mfefirek - ok

06:52:18.0707 5860 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

06:52:18.0785 5860 mfehidk - ok

06:52:18.0800 5860 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

06:52:18.0863 5860 mferkdet - ok

06:52:18.0894 5860 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

06:52:18.0894 5860 mfevtp - ok

06:52:18.0925 5860 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

06:52:19.0003 5860 mfewfpk - ok

06:52:19.0034 5860 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
 
06:52:19.0034 5860 MMCSS - ok
06:52:19.0034 5860 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
06:52:19.0034 5860 Modem - ok
06:52:19.0066 5860 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:52:19.0066 5860 monitor - ok
06:52:19.0097 5860 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:52:19.0097 5860 mouclass - ok
06:52:19.0128 5860 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:52:19.0128 5860 mouhid - ok
06:52:19.0128 5860 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
06:52:19.0128 5860 MountMgr - ok
06:52:19.0175 5860 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
06:52:19.0175 5860 mpio - ok
06:52:19.0190 5860 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:52:19.0190 5860 mpsdrv - ok
06:52:19.0190 5860 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
06:52:19.0206 5860 Mraid35x - ok
06:52:19.0237 5860 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
06:52:19.0300 5860 MREMP50 - ok
06:52:19.0315 5860 MREMP50a64 - ok
06:52:19.0315 5860 MREMPR5 - ok
06:52:19.0315 5860 MRENDIS5 - ok
06:52:19.0346 5860 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
06:52:19.0409 5860 MRESP50 - ok
06:52:19.0409 5860 MRESP50a64 - ok
06:52:19.0440 5860 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:52:19.0440 5860 MRxDAV - ok
06:52:19.0487 5860 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:52:19.0565 5860 mrxsmb - ok
06:52:19.0612 5860 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:52:19.0674 5860 mrxsmb10 - ok
06:52:19.0674 5860 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:52:19.0736 5860 mrxsmb20 - ok
06:52:19.0752 5860 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
06:52:19.0814 5860 msahci - ok
06:52:19.0814 5860 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:52:19.0814 5860 msdsm - ok
06:52:19.0846 5860 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
06:52:19.0846 5860 MSDTC - ok
06:52:19.0877 5860 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:52:19.0892 5860 Msfs - ok
06:52:19.0924 5860 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:52:19.0939 5860 msisadrv - ok
06:52:19.0955 5860 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:52:19.0955 5860 MSiSCSI - ok
06:52:19.0955 5860 msiserver - ok
06:52:19.0986 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
06:52:19.0986 5860 MSK80Service - ok
06:52:20.0017 5860 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:52:20.0017 5860 MSKSSRV - ok
06:52:20.0033 5860 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:52:20.0048 5860 MSPCLOCK - ok
06:52:20.0064 5860 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:52:20.0064 5860 MSPQM - ok
06:52:20.0095 5860 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:52:20.0095 5860 MsRPC - ok
06:52:20.0111 5860 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:52:20.0111 5860 mssmbios - ok
06:52:20.0126 5860 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:52:20.0126 5860 MSTEE - ok
06:52:20.0126 5860 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
06:52:20.0126 5860 Mup - ok
06:52:20.0173 5860 [ B5A7DED4455D6D694091827DC91FED99 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
06:52:20.0220 5860 NAL - ok
06:52:20.0236 5860 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
06:52:20.0236 5860 napagent - ok
06:52:20.0267 5860 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:52:20.0267 5860 NativeWifiP - ok
06:52:20.0298 5860 NAVENG - ok
06:52:20.0298 5860 NAVEX15 - ok
06:52:20.0329 5860 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:52:20.0329 5860 NDIS - ok
06:52:20.0360 5860 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:52:20.0360 5860 NdisTapi - ok
06:52:20.0376 5860 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:52:20.0376 5860 Ndisuio - ok
06:52:20.0407 5860 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:52:20.0407 5860 NdisWan - ok
06:52:20.0438 5860 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:52:20.0438 5860 NDProxy - ok
06:52:20.0485 5860 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:52:20.0516 5860 Net Driver HPZ12 - ok
06:52:20.0516 5860 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:52:20.0532 5860 NetBIOS - ok
06:52:20.0563 5860 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
06:52:20.0563 5860 netbt - ok
06:52:20.0563 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
06:52:20.0563 5860 Netlogon - ok
06:52:20.0594 5860 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
06:52:20.0610 5860 Netman - ok
06:52:20.0610 5860 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
06:52:20.0610 5860 netprofm - ok
06:52:20.0641 5860 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:52:20.0641 5860 NetTcpPortSharing - ok
06:52:20.0657 5860 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:52:20.0657 5860 nfrd960 - ok
06:52:20.0672 5860 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
06:52:20.0672 5860 NlaSvc - ok
06:52:20.0672 5860 Norton Internet Security - ok
06:52:20.0688 5860 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:52:20.0704 5860 Npfs - ok
06:52:20.0704 5860 npggsvc - ok
06:52:20.0704 5860 NPPTNT2 - ok
06:52:20.0735 5860 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
06:52:20.0735 5860 nsi - ok
06:52:20.0750 5860 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:52:20.0750 5860 nsiproxy - ok
06:52:20.0782 5860 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:52:20.0797 5860 Ntfs - ok
06:52:20.0813 5860 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
06:52:20.0813 5860 Null - ok
06:52:20.0828 5860 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:52:20.0828 5860 nvraid - ok
06:52:20.0844 5860 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:52:20.0844 5860 nvstor - ok
06:52:20.0844 5860 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:52:20.0860 5860 nv_agp - ok
06:52:20.0860 5860 NwlnkFlt - ok
06:52:20.0860 5860 NwlnkFwd - ok
06:52:20.0938 5860 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:52:20.0984 5860 odserv - ok
06:52:21.0031 5860 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:52:21.0031 5860 ohci1394 - ok
06:52:21.0078 5860 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:52:21.0125 5860 ose - ok
06:52:21.0172 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
06:52:21.0172 5860 p2pimsvc - ok
06:52:21.0187 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
06:52:21.0187 5860 p2psvc - ok
06:52:21.0203 5860 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
06:52:21.0203 5860 Parport - ok
06:52:21.0250 5860 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:52:21.0296 5860 partmgr - ok
06:52:21.0328 5860 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
06:52:21.0328 5860 PcaSvc - ok
06:52:21.0390 5860 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
06:52:21.0437 5860 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
06:52:21.0452 5860 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
06:52:21.0452 5860 pci - ok
06:52:21.0484 5860 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
06:52:21.0499 5860 pciide - ok
06:52:21.0530 5860 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:52:21.0530 5860 pcmcia - ok
06:52:21.0593 5860 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
06:52:21.0640 5860 pcouffin - ok
06:52:21.0655 5860 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:52:21.0671 5860 PEAUTH - ok
06:52:21.0764 5860 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:52:21.0764 5860 PerfHost - ok
06:52:21.0827 5860 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
06:52:21.0842 5860 pla - ok
06:52:21.0874 5860 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:52:21.0889 5860 PlugPlay - ok
06:52:21.0936 5860 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:52:21.0967 5860 Pml Driver HPZ12 - ok
06:52:21.0983 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
06:52:21.0998 5860 PNRPAutoReg - ok
06:52:22.0014 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
06:52:22.0030 5860 PNRPsvc - ok
06:52:22.0061 5860 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:52:22.0076 5860 PolicyAgent - ok
06:52:22.0123 5860 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:52:22.0123 5860 PptpMiniport - ok
06:52:22.0139 5860 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
06:52:22.0154 5860 Processor - ok
06:52:22.0186 5860 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
06:52:22.0186 5860 ProfSvc - ok
06:52:22.0186 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
06:52:22.0201 5860 ProtectedStorage - ok
06:52:22.0248 5860 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
06:52:22.0342 5860 ProtexisLicensing - ok
06:52:22.0373 5860 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
06:52:22.0373 5860 PSched - ok
06:52:22.0435 5860 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
06:52:22.0544 5860 PSI_SVC_2 - ok
06:52:22.0576 5860 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
06:52:22.0638 5860 PxHlpa64 - ok
06:52:22.0669 5860 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:52:22.0685 5860 ql2300 - ok
06:52:22.0685 5860 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:52:22.0685 5860 ql40xx - ok
06:52:22.0716 5860 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
06:52:22.0716 5860 QWAVE - ok
06:52:22.0732 5860 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:52:22.0732 5860 QWAVEdrv - ok
06:52:22.0934 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
06:52:22.0997 5860 R300 - ok
06:52:23.0090 5860 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
06:52:23.0090 5860 RapiMgr - ok
06:52:23.0106 5860 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:52:23.0106 5860 RasAcd - ok
06:52:23.0137 5860 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
06:52:23.0137 5860 RasAuto - ok
06:52:23.0168 5860 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:52:23.0168 5860 Rasl2tp - ok
06:52:23.0184 5860 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
06:52:23.0184 5860 RasMan - ok
06:52:23.0215 5860 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:52:23.0215 5860 RasPppoe - ok
06:52:23.0246 5860 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:52:23.0246 5860 RasSstp - ok
06:52:23.0278 5860 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:52:23.0278 5860 rdbss - ok
06:52:23.0278 5860 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:52:23.0278 5860 RDPCDD - ok
06:52:23.0293 5860 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
06:52:23.0309 5860 rdpdr - ok
06:52:23.0309 5860 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:52:23.0309 5860 RDPENCDD - ok
06:52:23.0480 5860 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:52:23.0512 5860 RDPWD - ok
06:52:23.0574 5860 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:52:23.0590 5860 RemoteAccess - ok
06:52:23.0668 5860 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:52:23.0668 5860 RemoteRegistry - ok
06:52:23.0699 5860 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
06:52:23.0699 5860 RFCOMM - ok
06:52:23.0746 5860 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
06:52:23.0761 5860 RpcLocator - ok
06:52:23.0902 5860 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
06:52:23.0902 5860 RpcSs - ok
06:52:23.0917 5860 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:52:23.0917 5860 rspndr - ok
06:52:24.0026 5860 [ 86044D29E67B27F8BB80B381486BC1ED ] SaiK0728 C:\Windows\system32\DRIVERS\SaiK0728.sys
06:52:24.0073 5860 SaiK0728 - ok
06:52:24.0089 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
06:52:24.0089 5860 SamSs - ok
06:52:24.0104 5860 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:52:24.0120 5860 sbp2port - ok
06:52:24.0167 5860 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:52:24.0167 5860 SCardSvr - ok
06:52:24.0229 5860 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
06:52:24.0229 5860 Schedule - ok
06:52:24.0245 5860 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:52:24.0245 5860 SCPolicySvc - ok
06:52:24.0276 5860 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:52:24.0276 5860 SDRSVC - ok
06:52:24.0307 5860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:52:24.0307 5860 secdrv - ok
06:52:24.0307 5860 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
06:52:24.0307 5860 seclogon - ok
06:52:24.0323 5860 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
06:52:24.0338 5860 SENS - ok
06:52:24.0338 5860 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
06:52:24.0338 5860 Serenum - ok
06:52:24.0354 5860 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
06:52:24.0354 5860 Serial - ok
06:52:24.0354 5860 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:52:24.0354 5860 sermouse - ok
06:52:24.0401 5860 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
06:52:24.0401 5860 SessionEnv - ok
06:52:24.0401 5860 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:52:24.0401 5860 sffdisk - ok
06:52:24.0416 5860 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:52:24.0416 5860 sffp_mmc - ok
06:52:24.0416 5860 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:52:24.0416 5860 sffp_sd - ok
06:52:24.0416 5860 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
06:52:24.0432 5860 sfloppy - ok
06:52:24.0479 5860 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:52:24.0494 5860 ShellHWDetection - ok
06:52:24.0494 5860 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
06:52:24.0494 5860 SiSRaid2 - ok
06:52:24.0526 5860 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:52:24.0526 5860 SiSRaid4 - ok
06:52:24.0604 5860 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
06:52:24.0635 5860 slsvc - ok
06:52:24.0650 5860 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
06:52:24.0650 5860 SLUINotify - ok
06:52:24.0666 5860 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:52:24.0666 5860 Smb - ok
06:52:24.0697 5860 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:52:24.0697 5860 SNMPTRAP - ok
06:52:24.0728 5860 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
06:52:24.0728 5860 spldr - ok
06:52:24.0744 5860 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
06:52:24.0744 5860 Spooler - ok
06:52:24.0760 5860 SRTSP - ok
06:52:24.0760 5860 SRTSPX - ok
06:52:24.0806 5860 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
06:52:24.0853 5860 srv - ok
06:52:24.0900 5860 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:52:24.0947 5860 srv2 - ok
06:52:24.0962 5860 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:52:25.0009 5860 srvnet - ok
06:52:25.0040 5860 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:52:25.0040 5860 SSDPSRV - ok
06:52:25.0087 5860 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:52:25.0087 5860 SstpSvc - ok
06:52:25.0103 5860 Steam Client Service - ok
06:52:25.0150 5860 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
06:52:25.0150 5860 stisvc - ok
06:52:25.0212 5860 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
06:52:25.0274 5860 stllssvr - ok
06:52:25.0306 5860 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:52:25.0306 5860 swenum - ok
06:52:25.0337 5860 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
06:52:25.0337 5860 swprv - ok
06:52:25.0368 5860 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
06:52:25.0368 5860 Symc8xx - ok
06:52:25.0477 5860 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
06:52:25.0493 5860 Sym_hi - ok
06:52:25.0524 5860 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
06:52:25.0524 5860 Sym_u3 - ok
06:52:25.0571 5860 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
06:52:25.0586 5860 SysMain - ok
06:52:25.0602 5860 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:52:25.0618 5860 TabletInputService - ok
06:52:25.0649 5860 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:52:25.0649 5860 TapiSrv - ok
06:52:25.0664 5860 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
06:52:25.0664 5860 TBS - ok
06:52:25.0742 5860 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:52:25.0789 5860 Tcpip - ok
06:52:25.0805 5860 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
06:52:25.0820 5860 Tcpip6 - ok
06:52:25.0852 5860 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:52:25.0852 5860 tcpipreg - ok
06:52:25.0883 5860 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:52:25.0883 5860 TDPIPE - ok
06:52:25.0883 5860 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:52:25.0883 5860 TDTCP - ok
06:52:25.0914 5860 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:52:25.0930 5860 tdx - ok
06:52:25.0961 5860 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:52:25.0961 5860 TermDD - ok
06:52:25.0992 5860 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
06:52:25.0992 5860 TermService - ok
06:52:26.0008 5860 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
06:52:26.0008 5860 Themes - ok
06:52:26.0039 5860 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
06:52:26.0039 5860 THREADORDER - ok
06:52:26.0117 5860 [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
06:52:26.0195 5860 TomTomHOMEService - ok
06:52:26.0210 5860 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
06:52:26.0210 5860 TrkWks - ok
06:52:26.0257 5860 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:52:26.0273 5860 TrustedInstaller - ok
06:52:26.0288 5860 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:52:26.0288 5860 tssecsrv - ok
06:52:26.0320 5860 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
06:52:26.0335 5860 tunmp - ok
06:52:26.0366 5860 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:52:26.0366 5860 tunnel - ok
06:52:26.0366 5860 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:52:26.0382 5860 uagp35 - ok
06:52:26.0491 5860 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:52:26.0507 5860 udfs - ok
06:52:26.0522 5860 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:52:26.0538 5860 UI0Detect - ok
06:52:26.0585 5860 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:52:26.0585 5860 uliagpkx - ok
06:52:26.0632 5860 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
06:52:26.0632 5860 uliahci - ok
06:52:26.0647 5860 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
06:52:26.0647 5860 UlSata - ok
06:52:26.0663 5860 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
06:52:26.0678 5860 ulsata2 - ok
06:52:26.0694 5860 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:52:26.0710 5860 umbus - ok
06:52:26.0725 5860 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
06:52:26.0725 5860 upnphost - ok
06:52:26.0788 5860 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:52:26.0788 5860 usbaudio - ok
06:52:26.0834 5860 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:52:26.0834 5860 usbccgp - ok
06:52:26.0850 5860 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:52:26.0866 5860 usbcir - ok
06:52:26.0912 5860 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:52:26.0912 5860 usbehci - ok
06:52:26.0944 5860 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:52:26.0959 5860 usbhub - ok
06:52:26.0990 5860 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:52:26.0990 5860 usbohci - ok
06:52:27.0053 5860 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:52:27.0053 5860 usbprint - ok
06:52:27.0178 5860 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:52:27.0178 5860 usbscan - ok
06:52:27.0224 5860 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:52:27.0224 5860 USBSTOR - ok
06:52:27.0271 5860 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:52:27.0287 5860 usbuhci - ok
06:52:27.0318 5860 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
06:52:27.0318 5860 usbvideo - ok
06:52:27.0334 5860 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
06:52:27.0349 5860 usb_rndisx - ok
06:52:27.0365 5860 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
06:52:27.0365 5860 UxSms - ok
06:52:27.0380 5860 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
06:52:27.0396 5860 vds - ok
06:52:27.0443 5860 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:52:27.0443 5860 vga - ok
06:52:27.0458 5860 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
06:52:27.0458 5860 VgaSave - ok
06:52:27.0458 5860 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
06:52:27.0458 5860 viaide - ok
06:52:27.0474 5860 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:52:27.0490 5860 volmgr - ok
06:52:27.0521 5860 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:52:27.0521 5860 volmgrx - ok
06:52:27.0552 5860 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:52:27.0568 5860 volsnap - ok
06:52:27.0599 5860 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:52:27.0599 5860 vsmraid - ok
06:52:27.0646 5860 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
06:52:27.0677 5860 VSS - ok
06:52:27.0724 5860 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
06:52:27.0724 5860 W32Time - ok
06:52:27.0770 5860 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:52:27.0770 5860 WacomPen - ok
06:52:27.0802 5860 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
06:52:27.0802 5860 Wanarp - ok
06:52:27.0817 5860 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:52:27.0817 5860 Wanarpv6 - ok
06:52:27.0864 5860 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
06:52:27.0864 5860 WcesComm - ok
06:52:27.0911 5860 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:52:27.0926 5860 wcncsvc - ok
06:52:27.0958 5860 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:52:27.0958 5860 WcsPlugInService - ok
06:52:27.0989 5860 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
06:52:27.0989 5860 Wd - ok
06:52:28.0129 5860 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:52:28.0145 5860 Wdf01000 - ok
06:52:28.0160 5860 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:52:28.0160 5860 WdiServiceHost - ok
06:52:28.0192 5860 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:52:28.0192 5860 WdiSystemHost - ok
06:52:28.0223 5860 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
06:52:28.0223 5860 WebClient - ok
06:52:28.0285 5860 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:52:28.0332 5860 Wecsvc - ok
06:52:28.0348 5860 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:52:28.0348 5860 wercplsupport - ok
06:52:28.0363 5860 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
06:52:28.0363 5860 WerSvc - ok
06:52:28.0363 5860 WinHttpAutoProxySvc - ok
06:52:28.0410 5860 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:52:28.0426 5860 Winmgmt - ok
06:52:28.0504 5860 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
06:52:28.0566 5860 WinRM - ok
06:52:28.0628 5860 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
06:52:28.0628 5860 WinUSB - ok
06:52:28.0675 5860 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:52:28.0675 5860 Wlansvc - ok
06:52:28.0706 5860 [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:52:28.0769 5860 WmiAcpi - ok
06:52:28.0784 5860 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:52:28.0784 5860 wmiApSrv - ok
06:52:28.0816 5860 WMPNetworkSvc - ok
06:52:28.0894 5860 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
06:52:28.0972 5860 WMZuneComm - ok
06:52:28.0987 5860 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:52:29.0003 5860 WPCSvc - ok
06:52:29.0018 5860 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:52:29.0034 5860 WPDBusEnum - ok
06:52:29.0050 5860 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
06:52:29.0050 5860 WpdUsb - ok
06:52:29.0190 5860 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:52:29.0237 5860 WPFFontCache_v0400 - ok
06:52:29.0237 5860 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:52:29.0237 5860 ws2ifsl - ok
06:52:29.0252 5860 WSearch - ok
06:52:29.0346 5860 [ 4CC0B7D16A516238A789C641061E9FC8 ] wsnm C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe
06:52:29.0393 5860 wsnm - ok
06:52:29.0424 5860 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:52:29.0424 5860 WudfPf - ok
06:52:29.0471 5860 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:52:29.0471 5860 WUDFRd - ok
06:52:29.0502 5860 [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:52:29.0533 5860 wudfsvc - ok
06:52:29.0689 5860 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
06:52:29.0767 5860 ZuneNetworkSvc - ok
06:52:29.0798 5860 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
06:52:29.0830 5860 ZuneWlanCfgSvc - ok
06:52:29.0861 5860 ================ Scan global ===============================
06:52:29.0876 5860 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
06:52:29.0923 5860 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
06:52:29.0939 5860 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
06:52:29.0970 5860 [ E2D076F2C1239AA6C7412BA6B8B1DE4E ] C:\Windows\system32\services.exe
06:52:29.0970 5860 [Global] - ok
06:52:29.0970 5860 ================ Scan MBR ==================================
06:52:29.0970 5860 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
06:52:30.0376 5860 \Device\Harddisk0\DR0 - ok
06:52:30.0376 5860 ================ Scan VBR ==================================
06:52:30.0391 5860 [ A0DFA4F67A6F7E1BE17943CC7A6A15DB ] \Device\Harddisk0\DR0\Partition1
06:52:30.0391 5860 \Device\Harddisk0\DR0\Partition1 - ok
06:52:30.0391 5860 [ CBF2A027F935BD82F02C6CB73373DC32 ] \Device\Harddisk0\DR0\Partition2
06:52:30.0407 5860 \Device\Harddisk0\DR0\Partition2 - ok
06:52:30.0407 5860 ============================================================
06:52:30.0407 5860 Scan finished
06:52:30.0407 5860 ============================================================
06:52:30.0407 5988 Detected object count: 0
06:52:30.0407 5988 Actual detected object count: 0
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Clint [Admin rights]
Mode : Remove -- Date : 10/30/2012 17:18:50
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {15177EB6-50E1-4AEE-A902-4D54CFBE7530} : C:\Windows\System32\pcalua.exe -a C:\Users\Clint\AppData\Roaming\C285D5A21A028C27A1499E3BF47BD7F4\modulesetup70700.exe -c /uninstall -> DELETED
[TASK][SUSP PATH] {B2E7CFCB-BE7A-411B-9C0A-AC7828660B49} : C:\Windows\System32\pcalua.exe -a C:\PROGRA~2\COMMON~1\Logishrd\LQCVFX\MODELF~1.EXE -d C:\Windows\system32 -c "C:\Users\Clint\AppData\Local\Temp\Red Carnival Mask.LVF" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L --> REMOVED
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\erdnt\cache64\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] d817dc7469c9ee045035e89a50a8a653
[BSP] 0f085dc2ede3df40f901047f0a61eb78 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31602688 | Size: 595048 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: HP Photosmart C6200 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-30 17:49:37
-----------------------------
17:49:37.892 OS Version: Windows x64 6.0.6002 Service Pack 2
17:49:37.892 Number of processors: 8 586 0x1A05
17:49:37.892 ComputerName: HOME UserName:
17:49:39.639 Initialize success
17:50:40.914 AVAST engine defs: 12103001
17:52:13.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:52:13.872 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01117 Size: 610480MB BusType: 3
17:52:13.872 Disk 0 MBR read successfully
17:52:13.888 Disk 0 MBR scan
17:52:13.888 Disk 0 Windows VISTA default MBR code
17:52:13.888 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
17:52:13.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
17:52:13.935 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595048 MB offset 31602688
17:52:13.950 Disk 0 scanning C:\Windows\system32\drivers
17:52:23.342 Service scanning
17:52:43.450 Modules scanning
17:52:43.450 Disk 0 trace - called modules:
17:52:43.466 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:52:43.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b94790]
17:52:43.481 3 CLASSPNP.SYS[fffffa6001023c33] -> nt!IofCallDriver -> [0xfffffa8006582520]
17:52:43.497 5 acpi.sys[fffffa60008c4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800657f060]
17:52:45.182 AVAST engine scan C:\Windows
17:52:52.280 AVAST engine scan C:\Windows\system32
17:57:52.048 AVAST engine scan C:\Windows\system32\drivers
17:58:05.402 AVAST engine scan C:\Users\Clint
18:14:31.592 AVAST engine scan C:\ProgramData
18:23:50.992 Scan finished successfully
18:39:16.132 Disk 0 MBR has been saved successfully to "C:\Users\Clint\Documents\Scan Logs\MBR.dat"
18:39:16.132 The log file has been saved successfully to "C:\Users\Clint\Documents\Scan Logs\2012_1030 aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-30.03 - Clint 10/30/2012 20:51:30.4.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4486 [GMT -5:00]
Running from: c:\users\Clint\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
c:\programdata\rat_0ybba.pad
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 04:42 . 2012-10-31 04:49 -------- d-----w- c:\users\Clint\AppData\Local\temp
2012-10-31 04:42 . 2012-10-31 04:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-31 04:42 . 2012-10-31 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 04:01 . 2012-10-27 04:01 -------- d-----w- c:\program files (x86)\Ask.com
2012-10-27 04:01 . 2012-10-27 04:01 -------- d-----w- C:\Firefox
2012-10-27 03:51 . 2012-10-27 03:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 03:51 . 2012-10-27 03:51 -------- d-----w- c:\programdata\Ask
2012-10-27 03:50 . 2012-10-27 03:50 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-27 03:50 . 2012-10-27 03:50 -------- d-----w- c:\program files (x86)\Java
2012-10-22 01:53 . 2012-10-22 01:53 -------- d-----w- c:\users\Clint\AppData\Roaming\AlawarEntertainment
2012-10-22 01:52 . 2012-10-22 01:52 -------- d-----w- C:\Games
2012-10-22 01:51 . 2012-10-22 01:51 -------- d-----w- c:\program files (x86)\RealArcade
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 03:50 . 2010-09-15 11:56 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-09 04:12 . 2012-04-03 11:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 04:12 . 2011-05-27 02:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-08-19 15:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 08:01 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Clint\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-03 1244432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-3 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:12]
.
2012-10-29 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 22:27]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 22:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-10-31 531784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-75296469.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\VMware\VMware View\Client\bin\wsnm.exe
c:\program files (x86)\Java\jre6\bin\java.exe
c:\program files (x86)\Trojan Remover\sschk.exe
.
**************************************************************************
.
Completion time: 2012-10-30 23:54:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-31 04:54
ComboFix2.txt 2012-08-06 17:28
ComboFix3.txt 2012-08-06 14:52
ComboFix4.txt 2012-07-29 17:12
.
Pre-Run: 431,426,932,736 bytes free
Post-Run: 430,971,555,840 bytes free
.
- - End Of File - - 00B009A639B80B900281F910AF043527
 
Hi Broni, (I'm at work)
During the ComboFix scan, the exe gave me a prompt telling me that McAffee firewall and anti-virus were still enabled although I had disabled them so I ran it anyway. Thought I'd mention this in the event you find something in the report that is unusual. Thanks for all your help!!
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 01-11-2012 20:00:52
Running from D:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [531784 2007-10-30] (Corel, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot [1244432 2012-07-03] (Simply Super Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKU\Clint\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Clint\...\Run: [Akamai NetSession Interface] "C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Clint\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)
HKU\Clint\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-07-26] (TomTom)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Clint\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103472 2012-06-15] (McAfee, Inc.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-07-26] (TomTom)
2 wsnm; "C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup [151552 2010-02-10] (VMware, Inc.)
2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
==================== Drivers (Whitelisted) =====================
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
3 SaiK0728; C:\Windows\System32\Drivers\SaiK0728.sys [135168 2009-03-05] (Saitek)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; \??\c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090527.003\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090527.003\EX64.SYS [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-01 20:00 - 2012-11-01 20:00 - 00000000 ____D C:\FRST
2012-11-01 16:48 - 2012-11-01 16:48 - 01459963 ____A (Farbar) C:\Users\Clint\Downloads\FRST64.exe
2012-10-31 00:03 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-31 00:03 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-31 00:03 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-31 00:03 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-31 00:03 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-31 00:03 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-31 00:03 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-31 00:03 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-31 00:03 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-31 00:03 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-31 00:03 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-31 00:03 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-31 00:03 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-31 00:03 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-31 00:03 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-31 00:03 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-31 00:03 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-31 00:03 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-31 00:03 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-31 00:03 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-31 00:03 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-31 00:03 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-31 00:03 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-31 00:03 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-31 00:03 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-31 00:03 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-31 00:03 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-31 00:03 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-31 00:03 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-31 00:03 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-31 00:03 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-31 00:03 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-30 20:59 - 2012-09-13 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-30 20:59 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-30 20:59 - 2012-08-29 03:40 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-30 20:59 - 2012-08-24 08:07 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-30 20:59 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-30 20:59 - 2012-06-01 16:20 - 01268736 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-30 20:59 - 2012-06-01 16:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-30 20:59 - 2012-06-01 16:20 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-30 20:59 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-30 20:59 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-30 20:59 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-30 20:54 - 2012-10-30 20:54 - 00016782 ____A C:\ComboFix.txt
2012-10-30 17:44 - 2012-10-30 17:44 - 04991862 ____R (Swearware) C:\Users\Clint\Desktop\ComboFix.exe
2012-10-30 14:21 - 2012-10-30 14:42 - 04731392 ____A (AVAST Software) C:\Users\Clint\Downloads\aswMBR.exe
2012-10-30 14:18 - 2012-10-30 14:18 - 00003786 ____A C:\Users\Clint\Desktop\RKreport[2].txt
2012-10-30 14:16 - 2012-10-30 14:16 - 00003554 ____A C:\Users\Clint\Desktop\RKreport[1].txt
2012-10-30 14:15 - 2012-10-30 14:17 - 00000000 ____D C:\Users\Clint\Desktop\RK_Quarantine
2012-10-30 14:15 - 2012-10-30 14:16 - 01584640 ____A C:\Users\Clint\Downloads\RogueKiller.exe
2012-10-29 16:53 - 2012-10-29 16:54 - 02194704 ____A C:\Users\Clint\Downloads\tdsskiller.zip
2012-10-29 13:31 - 2012-10-29 13:31 - 00014367 ____A C:\Users\Clint\Desktop\attach.txt
2012-10-29 13:31 - 2012-10-29 13:30 - 00019118 ____A C:\Users\Clint\Desktop\dds.txt
2012-10-26 20:01 - 2012-10-26 20:01 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-10-26 20:01 - 2012-10-26 20:01 - 00000000 ____D C:\Firefox
2012-10-26 19:51 - 2012-10-26 19:51 - 00000000 ____D C:\Users\All Users\Ask
2012-10-26 19:50 - 2012-10-26 19:50 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-10-26 19:50 - 2012-10-26 19:50 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-10-26 19:50 - 2012-10-26 19:50 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-21 17:53 - 2012-10-21 17:53 - 00000000 ____D C:\Users\Clint\AppData\Roaming\AlawarEntertainment
2012-10-21 17:52 - 2012-10-21 17:52 - 00000147 ____A C:\Users\Clint\Desktop\Games.com.url
2012-10-21 17:52 - 2012-10-21 17:52 - 00000000 ____D C:\Games
2012-10-21 17:51 - 2012-10-21 17:51 - 00000000 ____D C:\Program Files (x86)\RealArcade
2012-10-20 05:09 - 2012-10-20 05:09 - 00851640 ____A C:\Users\Clint\Desktop\Return & Exchange FAQs - BestBuy_c.mht
==================== 3 Months Modified Files ==================
2012-11-01 16:55 - 2009-07-31 00:11 - 01722166 ____A C:\Windows\WindowsUpdate.log
2012-11-01 16:55 - 2009-07-31 00:11 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-11-01 16:55 - 2006-11-02 07:42 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-01 16:55 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-01 16:55 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-01 16:55 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-01 16:51 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-01 16:49 - 2012-05-03 14:27 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-01 16:48 - 2012-11-01 16:48 - 01459963 ____A (Farbar) C:\Users\Clint\Downloads\FRST64.exe
2012-11-01 16:48 - 2009-08-05 13:54 - 00114896 ____A C:\Users\Clint\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-01 16:12 - 2012-04-03 03:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-01 10:49 - 2012-05-03 14:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-01 02:36 - 2011-12-15 01:55 - 00001737 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-10-31 00:22 - 2012-08-19 11:09 - 00015428 ____A C:\Windows\PFRO.log
2012-10-31 00:01 - 2009-09-23 17:36 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-10-30 20:54 - 2012-10-30 20:54 - 00016782 ____A C:\ComboFix.txt
2012-10-30 20:49 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-10-30 17:44 - 2012-10-30 17:44 - 04991862 ____R (Swearware) C:\Users\Clint\Desktop\ComboFix.exe
2012-10-30 14:42 - 2012-10-30 14:21 - 04731392 ____A (AVAST Software) C:\Users\Clint\Downloads\aswMBR.exe
2012-10-30 14:18 - 2012-10-30 14:18 - 00003786 ____A C:\Users\Clint\Desktop\RKreport[2].txt
2012-10-30 14:16 - 2012-10-30 14:16 - 00003554 ____A C:\Users\Clint\Desktop\RKreport[1].txt
2012-10-30 14:16 - 2012-10-30 14:15 - 01584640 ____A C:\Users\Clint\Downloads\RogueKiller.exe
2012-10-29 16:54 - 2012-10-29 16:53 - 02194704 ____A C:\Users\Clint\Downloads\tdsskiller.zip
2012-10-29 13:31 - 2012-10-29 13:31 - 00014367 ____A C:\Users\Clint\Desktop\attach.txt
2012-10-29 13:30 - 2012-10-29 13:31 - 00019118 ____A C:\Users\Clint\Desktop\dds.txt
2012-10-29 10:04 - 2012-08-19 07:37 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-28 18:05 - 2011-03-06 17:04 - 00000400 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-10-26 19:50 - 2012-10-26 19:50 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-10-26 19:50 - 2012-10-26 19:50 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-10-26 19:50 - 2010-09-15 03:56 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-10-23 04:08 - 2012-03-06 11:16 - 00378501 ____A C:\Users\Clint\Documents\OnLine Billing 2012.xlsx
2012-10-21 17:52 - 2012-10-21 17:52 - 00000147 ____A C:\Users\Clint\Desktop\Games.com.url
2012-10-20 05:09 - 2012-10-20 05:09 - 00851640 ____A C:\Users\Clint\Desktop\Return & Exchange FAQs - BestBuy_c.mht
2012-10-10 21:49 - 2012-08-30 03:11 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-08 20:12 - 2012-04-03 03:50 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 20:12 - 2011-05-26 18:33 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-29 16:54 - 2012-08-19 07:37 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-27 21:18 - 2006-11-02 04:35 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-26 19:14 - 2012-09-26 19:14 - 00256794 ____A C:\Users\Clint\Downloads\photo (3)
2012-09-15 13:01 - 2012-08-19 12:00 - 00000336 ____A C:\Windows\setupact.log
2012-09-13 05:45 - 2012-10-30 20:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-13 05:28 - 2012-10-30 20:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-07 04:02 - 2012-09-07 04:02 - 00000686 ____A C:\Users\Clint\Desktop\2012-2013 Football Season - master (2).xls - Shortcut.lnk
2012-09-07 04:01 - 2012-09-07 04:01 - 00622592 ____A C:\Users\Clint\Documents\2012-2013 Football Season - master (2).xls
2012-08-29 03:40 - 2012-10-30 20:59 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-24 08:07 - 2012-10-30 20:59 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 07:53 - 2012-10-30 20:59 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-31 00:03 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-31 00:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-31 00:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-31 00:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-31 00:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-31 00:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-31 00:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-31 00:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-31 00:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-31 00:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-31 00:03 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-31 00:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-31 00:03 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-31 00:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-31 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-31 00:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-31 00:03 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-31 00:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-31 00:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-31 00:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-31 00:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-31 00:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-31 00:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-31 00:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-31 00:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-31 00:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-31 00:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-31 00:03 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-31 00:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-31 00:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-31 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-31 00:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-20 04:58 - 2012-08-20 04:58 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Clint\Desktop\tdsskiller.exe
2012-08-20 04:41 - 2012-08-20 04:41 - 00000950 ____A C:\Users\Public\Desktop\Trojan Remover.lnk
2012-08-20 04:39 - 2012-08-20 04:38 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Clint\Downloads\tdsskiller
2012-08-20 04:25 - 2012-01-27 05:08 - 00001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-19 12:00 - 2012-08-19 12:00 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 06:55 - 2012-08-19 06:55 - 00012824 ____A C:\Users\Clint\Desktop\hs_err_pid7432.log
2012-08-16 00:26 - 2006-11-02 07:21 - 00405976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 00:03 - 2012-08-16 00:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-13 18:33 - 2011-03-24 04:04 - 02198528 ____A C:\Users\Clint\Documents\OnLine Billing 2011.xls
2012-08-12 09:20 - 2006-11-02 04:33 - 83361792 ____A C:\Windows\System32\config\software_previous
2012-08-12 09:20 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
2012-08-12 09:20 - 2006-11-02 04:33 - 31457280 ____A C:\Windows\System32\config\system_previous
2012-08-12 09:20 - 2006-11-02 04:33 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-08-12 09:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-12 09:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-06 09:18 - 2012-08-06 09:18 - 04725168 ____R (Swearware) C:\Users\Clint\Downloads\ComboFix.exe
2012-08-06 06:10 - 2009-08-05 17:56 - 00001356 ____A C:\Users\Clint\AppData\Local\d3d9caps.dat

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-23 21:00:24
Restore point made on: 2012-09-24 21:00:23
Restore point made on: 2012-09-25 21:00:22
Restore point made on: 2012-09-27 22:37:50
Restore point made on: 2012-09-30 12:04:06
Restore point made on: 2012-10-01 21:00:29
Restore point made on: 2012-10-02 21:00:23
Restore point made on: 2012-10-03 21:00:23
Restore point made on: 2012-10-04 21:00:23
Restore point made on: 2012-10-05 21:42:14
Restore point made on: 2012-10-06 21:46:53
Restore point made on: 2012-10-07 21:00:19
Restore point made on: 2012-10-08 21:00:19
Restore point made on: 2012-10-09 21:00:18
Restore point made on: 2012-10-12 20:07:47
Restore point made on: 2012-10-13 22:22:04
Restore point made on: 2012-10-14 13:10:32
Restore point made on: 2012-10-15 21:00:22
Restore point made on: 2012-10-16 21:00:21
Restore point made on: 2012-10-17 21:00:21
Restore point made on: 2012-10-18 21:00:22
Restore point made on: 2012-10-19 21:00:24
Restore point made on: 2012-10-20 21:00:22
Restore point made on: 2012-10-21 21:00:24
Restore point made on: 2012-10-22 21:00:22
Restore point made on: 2012-10-23 21:00:23
Restore point made on: 2012-10-24 21:00:22
Restore point made on: 2012-10-25 21:00:22
Restore point made on: 2012-10-26 19:49:42
Restore point made on: 2012-10-26 19:50:55
Restore point made on: 2012-10-28 13:25:15
Restore point made on: 2012-10-29 12:27:21
Restore point made on: 2012-10-30 17:41:52
Restore point made on: 2012-10-31 00:00:29
Restore point made on: 2012-10-31 21:00:23
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 6134.26 MB
Available physical RAM: 5579.38 MB
Total Pagefile: 5944.15 MB
Available Pagefile: 5548.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:581.1 GB) (Free:400.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.86 GB) (Free:1.28 GB) FAT
10 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.68 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1908 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 71 MB 32 KB
Partition 2 Primary 15 GB 71 MB
Partition 3 Primary 581 GB 15 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 71 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 15 GB Healthy Boot
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 581 GB Healthy
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB
==================================================================================
Disk: 6
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 D FAT Removable 1908 MB Healthy
=========================================================
Last Boot: 2012-11-01 12:42
==================== End Of Log =============================
 
It looks good.

It seems like false alarm from Combofix.

How is computer doing?

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-01 20:41:28
Running from J:\
================== Search: "search" ===================
====== End Of Search ======
 
Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-01 20:41:28
Running from J:\
================== Search: "search" ===================
====== End Of Search ======
 
OTL Extras logfile created on: 11/1/2012 9:00:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = Q:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.88% Memory free
12.09 Gb Paging File | 10.25 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 400.84 Gb Free Space | 68.98% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.68 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
Drive Q: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.59% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BC A7 97 C9 8E 34 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BE8D68C-4C81-423F-8C83-D779F801F1D1}" = Share64
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9948404D-150F-9D6C-69C3-245AC4A90E2A}" = ATI AVIVO64 Codecs
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Dell Support Center
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{017C30E3-AB22-4074-820D-DDDE7F0F9E83}" = Corel Digital Studio 2010
"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00A5E019-BB9A-4090-87EA-4E8267CD5D79}" = Setup
"{017C30E3-AB22-4074-820D-DDDE7F0F9E83}" = ICA
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58192647-B4DD-45E1-9C3C-1614B4A03897}" = 64 bit Windows Card Reader Driver
"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
"{A54F806B-A2E1-4794-A7FE-365167EC67CB}" = Masque IGT Slots Little Green Men
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D0EBD385-7764-402D-892C-B5EA03E0DEEC}" = VMware View Client
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F73459A3-36B8-42e4-A982-AAF06A44D508}" = C6200_doccd
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2552d4470d494caf842cd1049c5ac579" = Age of Adventure - Playing the Hero
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Any Video Converter_is1" = Any Video Converter 2.7.9
"BFGC" = Big Fish Games: Game Manager
"Canon RAW Codec" = Canon RAW Codec
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"Diablo III" = Diablo III
"Feeding Frenzy 2" = Feeding Frenzy 2 (remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Half-Life" = Half-Life
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee Total Protection
"Sib Icon Editor" = Sib Icon Editor
"Sierra Utilities" = Sierra Utilities
"Steam App 22380" = Fallout: New Vegas
"Total Audio Converter_is1" = TotalAudioConverter
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"HuluDesktop" = Hulu Desktop
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Nations Photo Lab ROES" = Nations Photo Lab ROES
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 10:12:46 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1ed8, application
start time 0x01cd795db64b2206.

Error - 8/13/2012 10:12:58 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x3a60, application
start time 0x01cd795dbd92f6a6.

Error - 8/13/2012 10:13:10 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x32a8, application
start time 0x01cd795dc4d3a726.

Error - 8/13/2012 10:13:22 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1518, application
start time 0x01cd795dcc1457a6.

Error - 8/13/2012 10:13:34 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x2a24, application
start time 0x01cd795dd360ef06.

Error - 8/13/2012 10:13:47 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x2e60, application
start time 0x01cd795ddaa19f86.

Error - 8/13/2012 10:13:47 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d,
exception code 0xc0000005, fault offset 0x00003993, process id 0x2e60, application
start time 0x01cd795ddaa19f86.

Error - 8/13/2012 10:13:59 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x18b4, application
start time 0x01cd795de203a346.

Error - 8/13/2012 10:14:11 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x2ea4, application
start time 0x01cd795de9529c06.

Error - 8/13/2012 10:14:24 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1ce8, application
start time 0x01cd795df0a194c6.

[ Media Center Events ]
Error - 10/7/2009 5:43:52 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 5:45:55 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/4/2012 9:14:38 AM | Computer Name = Home | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description =

Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 11/1/2012 9:51:12 PM | Computer Name = Home | Source = Service Control Manager | ID = 7022
Description =

Error - 11/1/2012 9:51:12 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 11/1/2012 9:51:17 PM | Computer Name = Home | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >
 
Back