Services.exe Win64/patched.a

Inactive
By PopeInnocentXIV
Sep 24, 2012
  1. This evening I got the services.exe Win64/patched.a message from AVG.

    When I boot up I get these two messages:

    Location is not available
    C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

    Failed to connect to a windows service
    Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond.

    I tried installing Combofix, which created a directory in C: called 32788R22FWJFW, however it would not run correctly, and I got a registry error when trying to delete it. (I apologize for not having the actual error message.) I suspect the Desktop problem is related to an incomplete uninstall of Combofix.

    I did download FRST. Logs follow.

    FRST.txt:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2012
    Ran by SYSTEM at 24-09-2012 22:06:37
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Jim\...\Run: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-14] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /I CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] ()

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 NEOFLTR_710_19243; C:\Windows\System32\Drivers\NEOFLTR_710_19243.sys [99152 2011-09-07] (Juniper Networks)
    3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-24 22:06 - 2012-09-24 22:06 - 00000000 ____D C:\FRST
    2012-09-24 17:39 - 2012-09-24 17:39 - 00016712 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
    2012-09-24 17:36 - 2012-09-24 17:39 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-24 17:36 - 2012-09-24 17:39 - 00000000 ____D C:\Qoobox
    2012-09-24 17:36 - 2012-09-24 17:36 - 00000000 ____D C:\Windows\erdnt
    2012-09-24 17:34 - 2012-09-24 17:34 - 04759205 ____R (Swearware) C:\Users\Jim\Desktop\username123.exe
    2012-09-24 17:18 - 2012-09-24 17:18 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-22 23:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-22 23:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-22 23:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-22 23:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-22 23:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-22 23:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-22 23:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-22 23:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-22 23:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-22 23:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-22 23:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-22 23:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-22 23:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-22 23:00 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-22 23:00 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-22 23:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-22 23:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-22 23:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-22 23:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-22 23:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-22 23:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-22 23:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-22 23:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-22 23:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-22 23:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-22 23:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-22 23:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-22 23:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-22 23:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 23:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-22 23:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-22 23:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-18 15:34 - 2012-09-18 15:34 - 00000000 ____D C:\Users\Jim\AppData\Local\TechSmith
    2012-09-16 08:31 - 2012-09-16 08:31 - 04929052 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3125_setup.exe
    2012-09-15 13:10 - 2012-09-15 13:10 - 00927691 ____A C:\Users\Jim\Downloads\XML-Editor_1.0.0.1.zip
    2012-09-15 06:44 - 2012-09-15 06:45 - 00000000 ____D C:\Users\Jim\AppData\Local\Deployment
    2012-09-15 06:44 - 2012-09-15 06:44 - 00428544 ____A () C:\Users\Jim\Downloads\setup.exe
    2012-09-15 06:44 - 2012-09-15 06:44 - 00000000 ____D C:\Users\Jim\AppData\Local\Apps\2.0
    2012-09-12 16:23 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:23 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-11 06:02 - 2012-09-11 06:02 - 00000000 ___HD C:\$AVG
    2012-09-07 21:05 - 2012-09-15 20:59 - 00119296 ____A C:\Users\Jim\Copy of Big Band Theory 2.xls
    2012-09-06 18:44 - 2012-09-06 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-05 17:52 - 2012-09-05 17:52 - 00000000 ____D C:\tmp
    2012-09-04 20:43 - 2012-09-04 20:43 - 00000000 ___AH C:\Users\Jim\Documents\Default.rdp
    2012-08-27 20:09 - 2012-08-27 20:09 - 00001073 ____A C:\Users\Public\Desktop\XMedia Recode.lnk
    2012-08-27 20:08 - 2012-08-27 20:08 - 04914244 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3120_setup.exe

    ==================== 3 Months Modified Files ==================

    2012-09-24 18:03 - 2011-05-25 19:43 - 01974469 ____A C:\Windows\WindowsUpdate.log
    2012-09-24 18:03 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 18:03 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 18:02 - 2009-07-13 21:13 - 00727160 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-24 18:00 - 2012-04-01 08:59 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-24 18:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-24 17:59 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-24 17:59 - 2009-07-13 20:51 - 00034878 ____A C:\Windows\setupact.log
    2012-09-24 17:39 - 2012-09-24 17:39 - 00016712 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
    2012-09-24 17:34 - 2012-09-24 17:34 - 04759205 ____R (Swearware) C:\Users\Jim\Desktop\username123.exe
    2012-09-24 17:14 - 2012-04-01 08:59 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-24 17:12 - 2012-03-30 14:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-24 17:12 - 2012-03-14 14:52 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400246598-1791276097-185665454-1002UA.job
    2012-09-24 17:12 - 2011-07-29 18:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-24 16:12 - 2012-03-14 14:52 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400246598-1791276097-185665454-1002Core.job
    2012-09-16 18:36 - 2012-04-14 08:30 - 00001471 ____A C:\Users\Jim\Desktop\quotes.txt
    2012-09-16 08:31 - 2012-09-16 08:31 - 04929052 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3125_setup.exe
    2012-09-15 20:59 - 2012-09-07 21:05 - 00119296 ____A C:\Users\Jim\Copy of Big Band Theory 2.xls
    2012-09-15 13:10 - 2012-09-15 13:10 - 00927691 ____A C:\Users\Jim\Downloads\XML-Editor_1.0.0.1.zip
    2012-09-15 07:44 - 2011-08-16 19:01 - 00000069 ____A C:\Users\Jim\AppData\Roaming\AVSDVDPlayer.m3u
    2012-09-15 06:44 - 2012-09-15 06:44 - 00428544 ____A () C:\Users\Jim\Downloads\setup.exe
    2012-09-12 17:02 - 2011-08-04 20:22 - 00007602 ____A C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
    2012-09-12 16:14 - 2011-07-27 16:12 - 00467808 ____A C:\Windows\PFRO.log
    2012-09-11 06:03 - 2011-10-03 18:08 - 00000971 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-10 16:46 - 2011-08-09 17:47 - 00000600 ____A C:\Users\Jim\AppData\Local\PUTTY.RND
    2012-09-09 09:27 - 2012-04-25 16:22 - 00000778 ____A C:\Users\Jim\Documents\eros.txt
    2012-09-06 21:11 - 2011-11-14 21:11 - 00018833 ____A C:\Users\Jim\Documents\Good Eats HD.xlsx
    2012-09-04 20:43 - 2012-09-04 20:43 - 00000000 ___AH C:\Users\Jim\Documents\Default.rdp
    2012-09-04 10:07 - 2012-03-14 14:53 - 00002448 ____A C:\Users\Jim\Desktop\Google Chrome.lnk
    2012-09-03 15:21 - 2009-07-13 20:45 - 00361504 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-27 20:09 - 2012-08-27 20:09 - 00001073 ____A C:\Users\Public\Desktop\XMedia Recode.lnk
    2012-08-27 20:08 - 2012-08-27 20:08 - 04914244 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3120_setup.exe
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 03:15 - 2012-09-22 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-22 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-22 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 20:46 - 2011-07-28 15:37 - 00000600 ____A C:\Users\Jim\AppData\Roaming\winscp.rnd
    2012-08-22 20:39 - 2011-07-27 16:20 - 00084616 ____A C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-19 05:20 - 2012-08-19 05:20 - 00282976 ____A C:\Windows\Minidump\081912-21496-01.dmp
    2012-08-19 05:20 - 2012-08-18 15:49 - 694553353 ____A C:\Windows\MEMORY.DMP
    2012-08-18 20:17 - 2012-08-18 20:17 - 00282976 ____A C:\Windows\Minidump\081912-19390-01.dmp
    2012-08-18 15:50 - 2012-08-18 15:49 - 00282976 ____A C:\Windows\Minidump\081812-24117-01.dmp
    2012-08-08 15:53 - 2012-08-08 15:53 - 00000076 ____A C:\Users\Jim\Documents\galleries.txt
    2012-08-05 06:52 - 2012-08-05 06:51 - 04912733 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3118_setup.exe
    2012-08-02 09:55 - 2012-09-12 16:23 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 09:05 - 2012-09-12 16:23 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-28 07:26 - 2012-07-28 07:23 - 00011377 ____A C:\Users\Jim\Documents\Star Notes.xlsx
    2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-24 19:36 - 2012-07-24 19:36 - 00110736 ____A C:\Users\Jim\Downloads\wootwatcher_9.zip
    2012-07-18 09:31 - 2012-08-15 14:56 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-14 07:42 - 2012-07-14 07:42 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-07-14 07:42 - 2012-07-14 07:42 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-07-14 07:42 - 2012-07-14 07:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-07-14 07:42 - 2012-07-14 07:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-07-14 07:42 - 2011-08-16 19:18 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-12 18:45 - 2012-07-12 18:45 - 04837559 ____A (XMedia Recode ) C:\Users\Jim\Downloads\XMediaRecode3114_setup.exe
    2012-07-04 14:04 - 2012-08-15 14:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:01 - 2012-08-15 14:56 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:01 - 2012-08-15 14:56 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:26 - 2012-08-15 14:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:23 - 2012-08-15 14:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-01 09:44 - 2012-07-01 09:44 - 02709534 ____A C:\Users\Jim\Downloads\leggy-babe-flashing-003.wmv
    2012-07-01 09:42 - 2012-07-01 09:42 - 02725534 ____A C:\Users\Jim\Downloads\busty-and-skinny-004.wmv
    2012-07-01 09:42 - 2012-07-01 09:42 - 02709534 ____A C:\Users\Jim\Downloads\busty-and-skinny-003.wmv
    2012-07-01 09:41 - 2012-07-01 09:41 - 02725534 ____A C:\Users\Jim\Downloads\sexy-schoolgirl-003.wmv
    2012-07-01 09:40 - 2012-07-01 09:40 - 02717534 ____A C:\Users\Jim\Downloads\sexy-schoolgirl-002.wmv
    2012-07-01 09:38 - 2012-07-01 09:38 - 03614624 ____A C:\Users\Jim\Downloads\02.wmv
    2012-07-01 09:38 - 2012-07-01 09:38 - 03343064 ____A C:\Users\Jim\Downloads\04.wmv


    ZeroAccess:
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\L
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\L\00000004.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\00000004.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\00000008.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\000000cb.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\80000000.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\80000032.@
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 7258.09 MB
    Total Pagefile: 8172.59 MB
    Available Pagefile: 7249.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (OSDisk) (Fixed) (Total:1383.59 GB) (Free:143.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.06 GB) NTFS
    4 Drive f: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.13 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 Online 3745 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1383 GB 1024 KB
    Partition 2 Primary 13 GB 1383 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OSDisk NTFS Partition 1383 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Recovery NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3741 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT32 Removable 3741 MB Healthy

    =========================================================

    Last Boot: 2012-09-16 17:30

    ==================== End Of Log =============================

    Search.txt:
    Farbar Recovery Scan Tool (x64) Version: 24-09-2012
    Ran by SYSTEM at 2012-09-24 22:07:45
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======

    Thanks
  2. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  3. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    FRST Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2012
    Ran by SYSTEM at 2012-09-24 22:36:18 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{6a417f29-ed51-7446-8917-dbfcd7f278d4} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    TDS Killer Log (0 infected files found):

    22:40:20.0840 3864 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    22:40:21.0214 3864 ============================================================
    22:40:21.0214 3864 Current date / time: 2012/09/24 22:40:21.0214
    22:40:21.0214 3864 SystemInfo:
    22:40:21.0214 3864
    22:40:21.0214 3864 OS Version: 6.1.7600 ServicePack: 0.0
    22:40:21.0214 3864 Product type: Workstation
    22:40:21.0214 3864 ComputerName: BRITANNIC
    22:40:21.0214 3864 UserName: Jim
    22:40:21.0214 3864 Windows directory: C:\Windows
    22:40:21.0214 3864 System windows directory: C:\Windows
    22:40:21.0214 3864 Running under WOW64
    22:40:21.0214 3864 Processor architecture: Intel x64
    22:40:21.0214 3864 Number of processors: 8
    22:40:21.0214 3864 Page size: 0x1000
    22:40:21.0214 3864 Boot type: Normal boot
    22:40:21.0214 3864 ============================================================
    22:40:22.0883 3864 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:40:22.0883 3864 Drive \Device\Harddisk1\DR1 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:40:22.0899 3864 ============================================================
    22:40:22.0899 3864 \Device\Harddisk0\DR0:
    22:40:22.0899 3864 MBR partitions:
    22:40:22.0899 3864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xACF2E000
    22:40:22.0899 3864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xACF2E800, BlocksNum 0x1B58800
    22:40:22.0899 3864 \Device\Harddisk1\DR1:
    22:40:22.0899 3864 MBR partitions:
    22:40:22.0899 3864 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
    22:40:22.0899 3864 ============================================================
    22:40:22.0915 3864 C: <-> \Device\Harddisk0\DR0\Partition1
    22:40:22.0961 3864 D: <-> \Device\Harddisk0\DR0\Partition2
    22:40:22.0961 3864 ============================================================
    22:40:22.0961 3864 Initialize success
    22:40:22.0961 3864 ============================================================
    22:40:26.0019 2332 ============================================================
    22:40:26.0019 2332 Scan started
    22:40:26.0019 2332 Mode: Manual;
    22:40:26.0019 2332 ============================================================
    22:40:27.0314 2332 ================ Scan system memory ========================
    22:40:27.0314 2332 System memory - ok
    22:40:27.0314 2332 ================ Scan services =============================
    22:40:27.0407 2332 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    22:40:27.0407 2332 1394ohci - ok
    22:40:27.0439 2332 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    22:40:27.0439 2332 ACPI - ok
    22:40:27.0439 2332 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    22:40:27.0439 2332 AcpiPmi - ok
    22:40:27.0454 2332 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:40:27.0470 2332 adp94xx - ok
    22:40:27.0470 2332 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:40:27.0470 2332 adpahci - ok
    22:40:27.0485 2332 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:40:27.0485 2332 adpu320 - ok
    22:40:27.0501 2332 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:40:27.0501 2332 AeLookupSvc - ok
    22:40:27.0532 2332 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    22:40:27.0548 2332 AFD - ok
    22:40:27.0563 2332 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    22:40:27.0563 2332 agp440 - ok
    22:40:27.0579 2332 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:40:27.0579 2332 ALG - ok
    22:40:27.0579 2332 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    22:40:27.0579 2332 aliide - ok
    22:40:27.0610 2332 [ EE048EF96EE7F7FDF1DCE45C9EBBF19A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    22:40:27.0610 2332 AMD External Events Utility - ok
    22:40:27.0610 2332 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    22:40:27.0610 2332 amdide - ok
    22:40:27.0626 2332 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:40:27.0626 2332 AmdK8 - ok
    22:40:27.0719 2332 [ 8D8D3E85EFD9DD9718F879A49F9180A4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    22:40:27.0797 2332 amdkmdag - ok
    22:40:27.0813 2332 [ B5EC8AEF50FE15B294EBC6AA3BDA1BE6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    22:40:27.0813 2332 amdkmdap - ok
    22:40:27.0829 2332 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:40:27.0829 2332 AmdPPM - ok
    22:40:27.0844 2332 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:40:27.0844 2332 amdsata - ok
    22:40:27.0860 2332 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:40:27.0860 2332 amdsbs - ok
    22:40:27.0875 2332 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:40:27.0875 2332 amdxata - ok
    22:40:27.0891 2332 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    22:40:27.0891 2332 AppID - ok
    22:40:27.0891 2332 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:40:27.0907 2332 AppIDSvc - ok
    22:40:27.0907 2332 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    22:40:27.0907 2332 Appinfo - ok
    22:40:27.0922 2332 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:40:27.0922 2332 arc - ok
    22:40:27.0922 2332 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:40:27.0922 2332 arcsas - ok
    22:40:27.0953 2332 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:40:27.0953 2332 AsyncMac - ok
    22:40:27.0969 2332 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    22:40:27.0969 2332 atapi - ok
    22:40:28.0000 2332 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    22:40:28.0000 2332 AtiHDAudioService - ok
    22:40:28.0016 2332 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:40:28.0016 2332 AudioEndpointBuilder - ok
    22:40:28.0031 2332 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:40:28.0031 2332 AudioSrv - ok
    22:40:28.0187 2332 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    22:40:28.0203 2332 AVGIDSAgent - ok
    22:40:28.0234 2332 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:40:28.0234 2332 AVGIDSDriver - ok
    22:40:28.0250 2332 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    22:40:28.0250 2332 AVGIDSFilter - ok
    22:40:28.0250 2332 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:40:28.0250 2332 AVGIDSHA - ok
    22:40:28.0265 2332 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:40:28.0265 2332 Avgldx64 - ok
    22:40:28.0281 2332 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:40:28.0281 2332 Avgmfx64 - ok
    22:40:28.0312 2332 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:40:28.0312 2332 Avgrkx64 - ok
    22:40:28.0328 2332 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:40:28.0328 2332 Avgtdia - ok
    22:40:28.0359 2332 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    22:40:28.0359 2332 avgwd - ok
    22:40:28.0390 2332 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:40:28.0390 2332 AxInstSV - ok
    22:40:28.0406 2332 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:40:28.0421 2332 b06bdrv - ok
    22:40:28.0437 2332 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:40:28.0453 2332 b57nd60a - ok
    22:40:28.0499 2332 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:40:28.0499 2332 BBSvc - ok
    22:40:28.0546 2332 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:40:28.0546 2332 BBUpdate - ok
    22:40:28.0609 2332 [ 0B0DF4CD7C2C188C95C4E09C568AD54A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    22:40:28.0609 2332 BCM43XX - ok
    22:40:28.0640 2332 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:40:28.0640 2332 BDESVC - ok
    22:40:28.0655 2332 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:40:28.0655 2332 Beep - ok
    22:40:28.0687 2332 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    22:40:28.0687 2332 BITS - ok
    22:40:28.0702 2332 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:40:28.0702 2332 blbdrive - ok
    22:40:28.0733 2332 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:40:28.0733 2332 bowser - ok
    22:40:28.0749 2332 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:40:28.0749 2332 BrFiltLo - ok
    22:40:28.0749 2332 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:40:28.0749 2332 BrFiltUp - ok
    22:40:28.0765 2332 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    22:40:28.0765 2332 BridgeMP - ok
    22:40:28.0796 2332 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    22:40:28.0796 2332 Browser - ok
    22:40:28.0811 2332 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:40:28.0811 2332 Brserid - ok
    22:40:28.0811 2332 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:40:28.0811 2332 BrSerWdm - ok
    22:40:28.0811 2332 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:40:28.0827 2332 BrUsbMdm - ok
    22:40:28.0827 2332 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:40:28.0827 2332 BrUsbSer - ok
    22:40:28.0843 2332 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:40:28.0843 2332 BTHMODEM - ok
    22:40:28.0858 2332 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:40:28.0858 2332 bthserv - ok
    22:40:28.0874 2332 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    22:40:28.0889 2332 btwavdt - ok
    22:40:28.0889 2332 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    22:40:28.0889 2332 btwrchid - ok
    22:40:28.0905 2332 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:40:28.0905 2332 cdfs - ok
    22:40:28.0921 2332 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:40:28.0921 2332 cdrom - ok
    22:40:28.0952 2332 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:40:28.0952 2332 CertPropSvc - ok
    22:40:28.0952 2332 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:40:28.0952 2332 circlass - ok
    22:40:28.0983 2332 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:40:28.0983 2332 CLFS - ok
    22:40:29.0030 2332 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:40:29.0045 2332 clr_optimization_v2.0.50727_32 - ok
    22:40:29.0077 2332 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:40:29.0077 2332 clr_optimization_v2.0.50727_64 - ok
    22:40:29.0139 2332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:40:29.0155 2332 clr_optimization_v4.0.30319_32 - ok
    22:40:29.0170 2332 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:40:29.0170 2332 clr_optimization_v4.0.30319_64 - ok
    22:40:29.0186 2332 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:40:29.0186 2332 CmBatt - ok
    22:40:29.0186 2332 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    22:40:29.0201 2332 cmdide - ok
    22:40:29.0233 2332 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    22:40:29.0233 2332 CNG - ok
    22:40:29.0233 2332 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:40:29.0233 2332 Compbatt - ok
    22:40:29.0248 2332 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:40:29.0248 2332 CompositeBus - ok
    22:40:29.0248 2332 COMSysApp - ok
    22:40:29.0264 2332 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:40:29.0264 2332 crcdisk - ok
    22:40:29.0295 2332 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:40:29.0295 2332 CryptSvc - ok
    22:40:29.0389 2332 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:40:29.0389 2332 cvhsvc - ok
    22:40:29.0420 2332 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:40:29.0420 2332 DcomLaunch - ok
    22:40:29.0435 2332 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:40:29.0435 2332 defragsvc - ok
    22:40:29.0451 2332 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:40:29.0467 2332 DfsC - ok
    22:40:29.0482 2332 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:40:29.0482 2332 Dhcp - ok
    22:40:29.0498 2332 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:40:29.0498 2332 discache - ok
    22:40:29.0513 2332 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:40:29.0513 2332 Disk - ok
    22:40:29.0545 2332 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:40:29.0545 2332 Dnscache - ok
    22:40:29.0560 2332 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    22:40:29.0560 2332 dot3svc - ok
    22:40:29.0576 2332 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    22:40:29.0576 2332 DPS - ok
    22:40:29.0591 2332 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:40:29.0591 2332 drmkaud - ok
    22:40:29.0623 2332 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:40:29.0623 2332 DXGKrnl - ok
    22:40:29.0638 2332 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:40:29.0638 2332 EapHost - ok
    22:40:29.0685 2332 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:40:29.0747 2332 ebdrv - ok
    22:40:29.0763 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    22:40:29.0779 2332 EFS - ok
    22:40:29.0825 2332 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:40:29.0841 2332 ehRecvr - ok
    22:40:29.0857 2332 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:40:29.0857 2332 ehSched - ok
    22:40:29.0888 2332 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:40:29.0888 2332 elxstor - ok
    22:40:29.0903 2332 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    22:40:29.0903 2332 ErrDev - ok
    22:40:29.0919 2332 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:40:29.0919 2332 EventSystem - ok
    22:40:29.0935 2332 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:40:29.0935 2332 exfat - ok
    22:40:29.0950 2332 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:40:29.0950 2332 fastfat - ok
    22:40:29.0966 2332 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    22:40:29.0981 2332 Fax - ok
    22:40:29.0981 2332 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:40:29.0981 2332 fdc - ok
    22:40:29.0997 2332 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:40:29.0997 2332 fdPHost - ok
    22:40:30.0013 2332 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:40:30.0013 2332 FDResPub - ok
    22:40:30.0013 2332 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:40:30.0013 2332 FileInfo - ok
    22:40:30.0028 2332 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:40:30.0028 2332 Filetrace - ok
    22:40:30.0028 2332 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:40:30.0028 2332 flpydisk - ok
    22:40:30.0044 2332 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:40:30.0044 2332 FltMgr - ok
    22:40:30.0075 2332 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    22:40:30.0091 2332 FontCache - ok
    22:40:30.0122 2332 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:40:30.0137 2332 FontCache3.0.0.0 - ok
    22:40:30.0137 2332 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:40:30.0137 2332 FsDepends - ok
    22:40:30.0169 2332 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:40:30.0169 2332 Fs_Rec - ok
    22:40:30.0200 2332 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:40:30.0200 2332 fvevol - ok
    22:40:30.0215 2332 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:40:30.0215 2332 gagp30kx - ok
    22:40:30.0231 2332 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    22:40:30.0231 2332 gpsvc - ok
    22:40:30.0309 2332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:40:30.0309 2332 gupdate - ok
    22:40:30.0309 2332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:40:30.0309 2332 gupdatem - ok
    22:40:30.0325 2332 [ C3097DDF0618315438A660CE34CAB4E6 ] hcw85cir C:\Windows\system32\drivers\hcw85cir3.sys
    22:40:30.0340 2332 hcw85cir - ok
    22:40:30.0356 2332 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:40:30.0356 2332 HDAudBus - ok
    22:40:30.0371 2332 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:40:30.0371 2332 HidBatt - ok
    22:40:30.0371 2332 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:40:30.0371 2332 HidBth - ok
    22:40:30.0387 2332 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:40:30.0387 2332 HidIr - ok
    22:40:30.0403 2332 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    22:40:30.0403 2332 hidserv - ok
    22:40:30.0434 2332 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:40:30.0434 2332 HidUsb - ok
    22:40:30.0434 2332 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:40:30.0449 2332 hkmsvc - ok
    22:40:30.0449 2332 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:40:30.0449 2332 HomeGroupListener - ok
    22:40:30.0481 2332 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:40:30.0481 2332 HomeGroupProvider - ok
    22:40:30.0481 2332 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    22:40:30.0496 2332 HpSAMD - ok
    22:40:30.0512 2332 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:40:30.0512 2332 HTTP - ok
    22:40:30.0527 2332 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:40:30.0527 2332 hwpolicy - ok
    22:40:30.0543 2332 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    22:40:30.0543 2332 i8042prt - ok
    22:40:30.0574 2332 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:40:30.0574 2332 iaStorV - ok
    22:40:30.0621 2332 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:40:30.0637 2332 idsvc - ok
    22:40:30.0652 2332 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:40:30.0652 2332 iirsp - ok
    22:40:30.0683 2332 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    22:40:30.0683 2332 IKEEXT - ok
    22:40:30.0715 2332 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    22:40:30.0715 2332 Impcd - ok
    22:40:30.0761 2332 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:40:30.0777 2332 IntcAzAudAddService - ok
    22:40:30.0793 2332 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:40:30.0793 2332 IntcDAud - ok
    22:40:30.0808 2332 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    22:40:30.0808 2332 intelide - ok
    22:40:30.0839 2332 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:40:30.0839 2332 intelppm - ok
    22:40:30.0839 2332 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:40:30.0839 2332 IPBusEnum - ok
    22:40:30.0871 2332 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:40:30.0871 2332 IpFilterDriver - ok
    22:40:30.0886 2332 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    22:40:30.0886 2332 IPMIDRV - ok
    22:40:30.0886 2332 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:40:30.0902 2332 IPNAT - ok
    22:40:30.0917 2332 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:40:30.0917 2332 IRENUM - ok
    22:40:30.0917 2332 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    22:40:30.0933 2332 isapnp - ok
    22:40:30.0949 2332 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    22:40:30.0949 2332 iScsiPrt - ok
    22:40:30.0980 2332 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    22:40:30.0980 2332 k57nd60a - ok
    22:40:30.0980 2332 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:40:30.0980 2332 kbdclass - ok
    22:40:30.0995 2332 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:40:30.0995 2332 kbdhid - ok
    22:40:31.0011 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    22:40:31.0011 2332 KeyIso - ok
    22:40:31.0042 2332 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:40:31.0042 2332 KSecDD - ok
    22:40:31.0058 2332 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:40:31.0058 2332 KSecPkg - ok
    22:40:31.0058 2332 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:40:31.0058 2332 ksthunk - ok
    22:40:31.0089 2332 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:40:31.0089 2332 KtmRm - ok
    22:40:31.0120 2332 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    22:40:31.0120 2332 LanmanServer - ok
    22:40:31.0151 2332 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:40:31.0151 2332 LanmanWorkstation - ok
    22:40:31.0183 2332 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:40:31.0183 2332 lltdio - ok
    22:40:31.0198 2332 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:40:31.0198 2332 lltdsvc - ok
    22:40:31.0214 2332 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:40:31.0214 2332 lmhosts - ok
    22:40:31.0229 2332 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:40:31.0229 2332 LSI_FC - ok
    22:40:31.0245 2332 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:40:31.0261 2332 LSI_SAS - ok
    22:40:31.0261 2332 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:40:31.0261 2332 LSI_SAS2 - ok
    22:40:31.0261 2332 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:40:31.0261 2332 LSI_SCSI - ok
    22:40:31.0276 2332 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:40:31.0276 2332 luafv - ok
    22:40:31.0307 2332 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:40:31.0307 2332 Mcx2Svc - ok
    22:40:31.0323 2332 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:40:31.0323 2332 megasas - ok
    22:40:31.0323 2332 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:40:31.0339 2332 MegaSR - ok
    22:40:31.0354 2332 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    22:40:31.0354 2332 MEIx64 - ok
    22:40:31.0385 2332 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:40:31.0385 2332 MMCSS - ok
    22:40:31.0385 2332 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:40:31.0385 2332 Modem - ok
    22:40:31.0401 2332 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:40:31.0401 2332 monitor - ok
    22:40:31.0417 2332 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:40:31.0417 2332 mouclass - ok
    22:40:31.0432 2332 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:40:31.0432 2332 mouhid - ok
    22:40:31.0432 2332 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:40:31.0432 2332 mountmgr - ok
    22:40:31.0479 2332 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:40:31.0479 2332 MozillaMaintenance - ok
    22:40:31.0495 2332 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    22:40:31.0495 2332 mpio - ok
    22:40:31.0495 2332 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:40:31.0495 2332 mpsdrv - ok
    22:40:31.0510 2332 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:40:31.0510 2332 MRxDAV - ok
    22:40:31.0541 2332 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:40:31.0541 2332 mrxsmb - ok
    22:40:31.0557 2332 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:40:31.0573 2332 mrxsmb10 - ok
    22:40:31.0573 2332 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:40:31.0573 2332 mrxsmb20 - ok
    22:40:31.0588 2332 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    22:40:31.0588 2332 msahci - ok
    22:40:31.0604 2332 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    22:40:31.0604 2332 msdsm - ok
    22:40:31.0619 2332 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:40:31.0619 2332 MSDTC - ok
    22:40:31.0635 2332 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:40:31.0635 2332 Msfs - ok
    22:40:31.0635 2332 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:40:31.0651 2332 mshidkmdf - ok
    22:40:31.0666 2332 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    22:40:31.0666 2332 msisadrv - ok
    22:40:31.0682 2332 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:40:31.0682 2332 MSiSCSI - ok
    22:40:31.0697 2332 msiserver - ok
    22:40:31.0713 2332 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:40:31.0713 2332 MSKSSRV - ok
    22:40:31.0713 2332 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:40:31.0713 2332 MSPCLOCK - ok
    22:40:31.0729 2332 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:40:31.0729 2332 MSPQM - ok
    22:40:31.0744 2332 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:40:31.0744 2332 MsRPC - ok
    22:40:31.0760 2332 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    22:40:31.0760 2332 mssmbios - ok
    22:40:31.0760 2332 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:40:31.0760 2332 MSTEE - ok
    22:40:31.0760 2332 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:40:31.0775 2332 MTConfig - ok
    22:40:31.0775 2332 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:40:31.0775 2332 Mup - ok
    22:40:31.0791 2332 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    22:40:31.0807 2332 napagent - ok
    22:40:31.0838 2332 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:40:31.0838 2332 NativeWifiP - ok
    22:40:31.0853 2332 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:40:31.0853 2332 NDIS - ok
    22:40:31.0869 2332 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:40:31.0869 2332 NdisCap - ok
    22:40:31.0885 2332 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:40:31.0900 2332 NdisTapi - ok
    22:40:31.0900 2332 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:40:31.0900 2332 Ndisuio - ok
    22:40:31.0916 2332 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:40:31.0916 2332 NdisWan - ok
    22:40:31.0931 2332 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:40:31.0931 2332 NDProxy - ok
    22:40:31.0978 2332 [ 89FD76A90CBE63F03A70C2D1B85E802C ] NEOFLTR_710_19243 C:\Windows\system32\Drivers\NEOFLTR_710_19243.SYS
    22:40:31.0978 2332 NEOFLTR_710_19243 - ok
    22:40:31.0978 2332 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:40:31.0978 2332 NetBIOS - ok
    22:40:31.0994 2332 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:40:31.0994 2332 NetBT - ok
    22:40:32.0009 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    22:40:32.0009 2332 Netlogon - ok
    22:40:32.0025 2332 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:40:32.0025 2332 Netman - ok
    22:40:32.0041 2332 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:40:32.0041 2332 netprofm - ok
    22:40:32.0072 2332 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:40:32.0072 2332 NetTcpPortSharing - ok
    22:40:32.0087 2332 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:40:32.0087 2332 nfrd960 - ok
    22:40:32.0103 2332 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:40:32.0103 2332 NlaSvc - ok
    22:40:32.0119 2332 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:40:32.0119 2332 Npfs - ok
    22:40:32.0119 2332 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:40:32.0119 2332 nsi - ok
    22:40:32.0134 2332 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:40:32.0134 2332 nsiproxy - ok
  4. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    (continued - hit the 50,000 character post limit)
    22:40:32.0165 2332 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:40:32.0165 2332 Ntfs - ok
    22:40:32.0197 2332 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    22:40:32.0197 2332 NuidFltr - ok
    22:40:32.0212 2332 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:40:32.0212 2332 Null - ok
    22:40:32.0228 2332 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    22:40:32.0228 2332 nusb3hub - ok
    22:40:32.0243 2332 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    22:40:32.0243 2332 nusb3xhc - ok
    22:40:32.0275 2332 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:40:32.0275 2332 nvraid - ok
    22:40:32.0306 2332 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:40:32.0306 2332 nvstor - ok
    22:40:32.0321 2332 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    22:40:32.0321 2332 nv_agp - ok
    22:40:32.0337 2332 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    22:40:32.0337 2332 ohci1394 - ok
    22:40:32.0368 2332 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:40:32.0368 2332 ose - ok
    22:40:32.0462 2332 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:40:32.0524 2332 osppsvc - ok
    22:40:32.0555 2332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:40:32.0555 2332 p2pimsvc - ok
    22:40:32.0571 2332 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:40:32.0571 2332 p2psvc - ok
    22:40:32.0587 2332 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:40:32.0587 2332 Parport - ok
    22:40:32.0602 2332 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:40:32.0602 2332 partmgr - ok
    22:40:32.0618 2332 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:40:32.0618 2332 PcaSvc - ok
    22:40:32.0618 2332 PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - ok
    22:40:32.0633 2332 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    22:40:32.0633 2332 pci - ok
    22:40:32.0633 2332 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    22:40:32.0649 2332 pciide - ok
    22:40:32.0665 2332 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:40:32.0665 2332 pcmcia - ok
    22:40:32.0680 2332 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:40:32.0680 2332 pcw - ok
    22:40:32.0696 2332 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:40:32.0696 2332 PEAUTH - ok
    22:40:32.0758 2332 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:40:32.0758 2332 PerfHost - ok
    22:40:32.0899 2332 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\32788R22FWJFW\pev.3XE
    22:40:32.0899 2332 PEVSystemStart - ok
    22:40:32.0930 2332 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    22:40:32.0961 2332 pla - ok
    22:40:33.0008 2332 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:40:33.0008 2332 PlugPlay - ok
    22:40:33.0023 2332 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:40:33.0023 2332 PNRPAutoReg - ok
    22:40:33.0039 2332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:40:33.0039 2332 PNRPsvc - ok
    22:40:33.0070 2332 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    22:40:33.0070 2332 Point64 - ok
    22:40:33.0086 2332 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:40:33.0086 2332 PolicyAgent - ok
    22:40:33.0117 2332 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:40:33.0117 2332 Power - ok
    22:40:33.0148 2332 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:40:33.0148 2332 PptpMiniport - ok
    22:40:33.0179 2332 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:40:33.0179 2332 Processor - ok
    22:40:33.0211 2332 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    22:40:33.0211 2332 ProfSvc - ok
    22:40:33.0211 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:40:33.0226 2332 ProtectedStorage - ok
    22:40:33.0226 2332 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:40:33.0226 2332 Psched - ok
    22:40:33.0273 2332 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    22:40:33.0273 2332 PxHlpa64 - ok
    22:40:33.0320 2332 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:40:33.0351 2332 ql2300 - ok
    22:40:33.0367 2332 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:40:33.0367 2332 ql40xx - ok
    22:40:33.0382 2332 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:40:33.0382 2332 QWAVE - ok
    22:40:33.0398 2332 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:40:33.0398 2332 QWAVEdrv - ok
    22:40:33.0398 2332 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:40:33.0413 2332 RasAcd - ok
    22:40:33.0429 2332 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:40:33.0429 2332 RasAgileVpn - ok
    22:40:33.0445 2332 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:40:33.0445 2332 RasAuto - ok
    22:40:33.0445 2332 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:40:33.0445 2332 Rasl2tp - ok
    22:40:33.0460 2332 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    22:40:33.0476 2332 RasMan - ok
    22:40:33.0476 2332 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:40:33.0476 2332 RasPppoe - ok
    22:40:33.0491 2332 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:40:33.0491 2332 RasSstp - ok
    22:40:33.0491 2332 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:40:33.0507 2332 rdbss - ok
    22:40:33.0523 2332 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:40:33.0523 2332 rdpbus - ok
    22:40:33.0523 2332 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:40:33.0538 2332 RDPCDD - ok
    22:40:33.0538 2332 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:40:33.0538 2332 RDPENCDD - ok
    22:40:33.0554 2332 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:40:33.0554 2332 RDPREFMP - ok
    22:40:33.0569 2332 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:40:33.0585 2332 RDPWD - ok
    22:40:33.0601 2332 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:40:33.0601 2332 rdyboost - ok
    22:40:33.0616 2332 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:40:33.0632 2332 RemoteAccess - ok
    22:40:33.0632 2332 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:40:33.0632 2332 RemoteRegistry - ok
    22:40:33.0710 2332 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    22:40:33.0725 2332 RoxMediaDB12OEM - ok
    22:40:33.0741 2332 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    22:40:33.0757 2332 RoxWatch12 - ok
    22:40:33.0757 2332 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:40:33.0757 2332 RpcEptMapper - ok
    22:40:33.0788 2332 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:40:33.0788 2332 RpcLocator - ok
    22:40:33.0788 2332 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    22:40:33.0803 2332 RpcSs - ok
    22:40:33.0803 2332 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:40:33.0803 2332 rspndr - ok
    22:40:33.0819 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    22:40:33.0819 2332 SamSs - ok
    22:40:33.0819 2332 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    22:40:33.0835 2332 sbp2port - ok
    22:40:33.0835 2332 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:40:33.0835 2332 SCardSvr - ok
    22:40:33.0850 2332 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:40:33.0850 2332 scfilter - ok
    22:40:33.0882 2332 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    22:40:33.0882 2332 Schedule - ok
    22:40:33.0897 2332 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:40:33.0897 2332 SCPolicySvc - ok
    22:40:33.0913 2332 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:40:33.0913 2332 SDRSVC - ok
    22:40:33.0928 2332 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:40:33.0928 2332 secdrv - ok
    22:40:33.0944 2332 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    22:40:33.0944 2332 seclogon - ok
    22:40:33.0944 2332 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:40:33.0944 2332 SENS - ok
    22:40:33.0944 2332 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:40:33.0944 2332 SensrSvc - ok
    22:40:33.0960 2332 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:40:33.0960 2332 Serenum - ok
    22:40:33.0991 2332 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:40:33.0991 2332 Serial - ok
    22:40:34.0006 2332 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:40:34.0006 2332 sermouse - ok
    22:40:34.0022 2332 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    22:40:34.0022 2332 SessionEnv - ok
    22:40:34.0053 2332 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    22:40:34.0053 2332 sffdisk - ok
    22:40:34.0053 2332 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    22:40:34.0053 2332 sffp_mmc - ok
    22:40:34.0053 2332 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    22:40:34.0053 2332 sffp_sd - ok
    22:40:34.0053 2332 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:40:34.0053 2332 sfloppy - ok
    22:40:34.0100 2332 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    22:40:34.0100 2332 Sftfs - ok
    22:40:34.0147 2332 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:40:34.0147 2332 sftlist - ok
    22:40:34.0162 2332 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    22:40:34.0162 2332 Sftplay - ok
    22:40:34.0178 2332 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    22:40:34.0178 2332 Sftredir - ok
    22:40:34.0194 2332 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    22:40:34.0194 2332 Sftvol - ok
    22:40:34.0209 2332 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:40:34.0209 2332 sftvsa - ok
    22:40:34.0225 2332 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:40:34.0225 2332 ShellHWDetection - ok
    22:40:34.0240 2332 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:40:34.0240 2332 SiSRaid2 - ok
    22:40:34.0256 2332 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:40:34.0256 2332 SiSRaid4 - ok
    22:40:34.0256 2332 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:40:34.0272 2332 Smb - ok
    22:40:34.0287 2332 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:40:34.0287 2332 SNMPTRAP - ok
    22:40:34.0287 2332 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:40:34.0287 2332 spldr - ok
    22:40:34.0318 2332 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    22:40:34.0318 2332 Spooler - ok
    22:40:34.0365 2332 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    22:40:34.0428 2332 sppsvc - ok
    22:40:34.0443 2332 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:40:34.0443 2332 sppuinotify - ok
    22:40:34.0474 2332 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:40:34.0474 2332 srv - ok
    22:40:34.0490 2332 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:40:34.0490 2332 srv2 - ok
    22:40:34.0506 2332 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:40:34.0506 2332 srvnet - ok
    22:40:34.0521 2332 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:40:34.0521 2332 SSDPSRV - ok
    22:40:34.0537 2332 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:40:34.0537 2332 SstpSvc - ok
    22:40:34.0552 2332 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:40:34.0552 2332 stexstor - ok
    22:40:34.0584 2332 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    22:40:34.0584 2332 stisvc - ok
    22:40:34.0615 2332 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:40:34.0630 2332 stllssvr - ok
    22:40:34.0646 2332 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    22:40:34.0646 2332 swenum - ok
    22:40:34.0646 2332 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:40:34.0662 2332 swprv - ok
    22:40:34.0693 2332 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    22:40:34.0693 2332 SysMain - ok
    22:40:34.0708 2332 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:40:34.0708 2332 TabletInputService - ok
    22:40:34.0708 2332 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:40:34.0708 2332 TapiSrv - ok
    22:40:34.0740 2332 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:40:34.0740 2332 TBS - ok
    22:40:34.0786 2332 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:40:34.0786 2332 Tcpip - ok
    22:40:34.0833 2332 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:40:34.0833 2332 TCPIP6 - ok
    22:40:34.0864 2332 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:40:34.0864 2332 tcpipreg - ok
    22:40:34.0880 2332 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:40:34.0880 2332 TDPIPE - ok
    22:40:34.0896 2332 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:40:34.0911 2332 TDTCP - ok
    22:40:34.0927 2332 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:40:34.0927 2332 tdx - ok
    22:40:34.0942 2332 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    22:40:34.0942 2332 TermDD - ok
    22:40:34.0958 2332 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    22:40:34.0958 2332 TermService - ok
    22:40:34.0974 2332 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:40:34.0974 2332 Themes - ok
    22:40:34.0989 2332 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:40:34.0989 2332 THREADORDER - ok
    22:40:35.0005 2332 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:40:35.0005 2332 TrkWks - ok
    22:40:35.0052 2332 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:40:35.0052 2332 TrustedInstaller - ok
    22:40:35.0067 2332 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:40:35.0067 2332 tssecsrv - ok
    22:40:35.0098 2332 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:40:35.0098 2332 tunnel - ok
    22:40:35.0114 2332 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:40:35.0114 2332 uagp35 - ok
    22:40:35.0130 2332 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:40:35.0130 2332 udfs - ok
    22:40:35.0145 2332 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:40:35.0145 2332 UI0Detect - ok
    22:40:35.0176 2332 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    22:40:35.0176 2332 uliagpkx - ok
    22:40:35.0192 2332 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:40:35.0192 2332 umbus - ok
    22:40:35.0192 2332 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:40:35.0192 2332 UmPass - ok
    22:40:35.0239 2332 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
    22:40:35.0270 2332 UnlockerDriver5 - ok
    22:40:35.0301 2332 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:40:35.0317 2332 upnphost - ok
    22:40:35.0348 2332 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:40:35.0348 2332 usbccgp - ok
    22:40:35.0348 2332 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    22:40:35.0348 2332 usbcir - ok
    22:40:35.0364 2332 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:40:35.0364 2332 usbehci - ok
    22:40:35.0364 2332 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:40:35.0364 2332 usbhub - ok
    22:40:35.0379 2332 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:40:35.0395 2332 usbohci - ok
    22:40:35.0410 2332 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:40:35.0410 2332 usbprint - ok
    22:40:35.0426 2332 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:40:35.0426 2332 USBSTOR - ok
    22:40:35.0442 2332 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:40:35.0442 2332 usbuhci - ok
    22:40:35.0457 2332 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:40:35.0457 2332 UxSms - ok
    22:40:35.0473 2332 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    22:40:35.0473 2332 VaultSvc - ok
    22:40:35.0473 2332 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    22:40:35.0473 2332 vdrvroot - ok
    22:40:35.0488 2332 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    22:40:35.0504 2332 vds - ok
    22:40:35.0504 2332 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:40:35.0504 2332 vga - ok
    22:40:35.0504 2332 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:40:35.0504 2332 VgaSave - ok
    22:40:35.0520 2332 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    22:40:35.0520 2332 vhdmp - ok
    22:40:35.0520 2332 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    22:40:35.0520 2332 viaide - ok
    22:40:35.0520 2332 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    22:40:35.0535 2332 volmgr - ok
    22:40:35.0551 2332 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:40:35.0551 2332 volmgrx - ok
    22:40:35.0551 2332 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    22:40:35.0551 2332 volsnap - ok
    22:40:35.0566 2332 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:40:35.0582 2332 vsmraid - ok
    22:40:35.0598 2332 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    22:40:35.0629 2332 VSS - ok
    22:40:35.0629 2332 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:40:35.0629 2332 vwifibus - ok
    22:40:35.0644 2332 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:40:35.0644 2332 vwififlt - ok
    22:40:35.0660 2332 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    22:40:35.0660 2332 vwifimp - ok
    22:40:35.0676 2332 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:40:35.0676 2332 W32Time - ok
    22:40:35.0691 2332 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:40:35.0691 2332 WacomPen - ok
    22:40:35.0707 2332 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:40:35.0707 2332 WANARP - ok
    22:40:35.0707 2332 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:40:35.0707 2332 Wanarpv6 - ok
    22:40:35.0754 2332 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:40:35.0769 2332 WatAdminSvc - ok
    22:40:35.0785 2332 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    22:40:35.0816 2332 wbengine - ok
    22:40:35.0832 2332 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:40:35.0832 2332 WbioSrvc - ok
    22:40:35.0847 2332 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:40:35.0863 2332 wcncsvc - ok
    22:40:35.0863 2332 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:40:35.0863 2332 WcsPlugInService - ok
    22:40:35.0878 2332 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:40:35.0878 2332 Wd - ok
    22:40:35.0894 2332 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:40:35.0910 2332 Wdf01000 - ok
    22:40:35.0910 2332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:40:35.0910 2332 WdiServiceHost - ok
    22:40:35.0910 2332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:40:35.0925 2332 WdiSystemHost - ok
    22:40:35.0941 2332 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    22:40:35.0956 2332 WebClient - ok
    22:40:35.0956 2332 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:40:35.0972 2332 Wecsvc - ok
    22:40:35.0972 2332 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:40:35.0988 2332 wercplsupport - ok
    22:40:36.0003 2332 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:40:36.0003 2332 WerSvc - ok
    22:40:36.0003 2332 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:40:36.0003 2332 WfpLwf - ok
    22:40:36.0019 2332 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:40:36.0019 2332 WIMMount - ok
    22:40:36.0034 2332 WinDefend - ok
    22:40:36.0034 2332 WinHttpAutoProxySvc - ok
    22:40:36.0066 2332 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:40:36.0066 2332 Winmgmt - ok
    22:40:36.0097 2332 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    22:40:36.0128 2332 WinRM - ok
    22:40:36.0175 2332 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:40:36.0175 2332 Wlansvc - ok
    22:40:36.0175 2332 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:40:36.0175 2332 WmiAcpi - ok
    22:40:36.0190 2332 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:40:36.0190 2332 wmiApSrv - ok
    22:40:36.0206 2332 WMPNetworkSvc - ok
    22:40:36.0206 2332 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:40:36.0222 2332 WPCSvc - ok
    22:40:36.0222 2332 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:40:36.0222 2332 WPDBusEnum - ok
    22:40:36.0237 2332 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:40:36.0237 2332 ws2ifsl - ok
    22:40:36.0253 2332 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
    22:40:36.0253 2332 wscsvc - ok
    22:40:36.0268 2332 WSearch - ok
    22:40:36.0315 2332 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:40:36.0346 2332 wuauserv - ok
    22:40:36.0362 2332 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:40:36.0362 2332 WudfPf - ok
    22:40:36.0378 2332 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:40:36.0378 2332 WUDFRd - ok
    22:40:36.0378 2332 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:40:36.0378 2332 wudfsvc - ok
    22:40:36.0393 2332 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:40:36.0409 2332 WwanSvc - ok
    22:40:36.0409 2332 ================ Scan global ===============================
    22:40:36.0424 2332 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:40:36.0456 2332 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    22:40:36.0456 2332 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    22:40:36.0471 2332 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:40:36.0502 2332 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:40:36.0502 2332 [Global] - ok
    22:40:36.0502 2332 ================ Scan MBR ==================================
    22:40:36.0518 2332 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:40:36.0690 2332 \Device\Harddisk0\DR0 - ok
    22:40:36.0705 2332 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
    22:40:36.0721 2332 \Device\Harddisk1\DR1 - ok
    22:40:36.0721 2332 ================ Scan VBR ==================================
    22:40:36.0721 2332 [ 4E807A0B3990DC907004B61C8F60600A ] \Device\Harddisk0\DR0\Partition1
    22:40:36.0721 2332 \Device\Harddisk0\DR0\Partition1 - ok
    22:40:36.0768 2332 [ 9B084DCF96124FD40C4AC3E1BB9600E9 ] \Device\Harddisk0\DR0\Partition2
    22:40:36.0768 2332 \Device\Harddisk0\DR0\Partition2 - ok
    22:40:36.0768 2332 [ B1850404AD6FF4CD25C3EC39DE5FF27A ] \Device\Harddisk1\DR1\Partition1
    22:40:36.0768 2332 \Device\Harddisk1\DR1\Partition1 - ok
    22:40:36.0768 2332 ============================================================
    22:40:36.0768 2332 Scan finished
    22:40:36.0768 2332 ============================================================
    22:40:36.0783 1172 Detected object count: 0
    22:40:36.0783 1172 Actual detected object count: 0


    Rogue Killer
    Rogue Killer's scan found 3 items. When I clicked Delete, Rogue Killer crashed.
    I ran Rogue Killer again, and this time the scan found 0 items.
    This is the log from the first scan:
    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Jim [Admin rights]
    Mode : Scan -- Date : 09/24/2012 22:53:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 creatives.livejasmin.com
    127.0.0.1 www.livejasmin.com
    127.0.0.1 www.exposedwebcams.com
    127.0.0.1 secure-online-chat.com
    127.0.0.1 www.menepe.com
    127.0.0.1 www.xpress.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31500341AS ATA Device +++++
    --- User ---
    [MBR] 05d8a02112bf228e1a327ab2007d000f
    [BSP] 1c0fefecd630885a9f77b620b94b1220 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1416796 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2901600256 | Size: 14001 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Kingston DataTraveler G3 USB Device +++++
    --- User ---
    [MBR] b972d503b3fc8a1106bf485fe4d0176f
    [BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    MBAM v2012.09.25.02Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.25.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jim :: BRITANNIC [administrator]

    9/24/2012 11:01:04 PM
    mbam-log-2012-09-24 (23-01-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202513
    Time elapsed: 2 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Jim\Local Settings\Temporary Internet Files\Content.IE5\6Q7S7FRV\VideoToMp3Setup[1].exe (Adware.InstallCore) -> Quarantined and deleted successfully.

    (end)

    aswMBR
    aswMBR seemed to hang up for a few minutes when scanning a toolbar for Microsoft Bing. After about 6 minutes I clicked the Show Log button, and it wrote out the MBR and finished up (though the Scan and Fix buttons are still grayed out).

    Because of the situation with the desktop I had to run it off a different computer (which is where it saved the MBR).

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-24 23:04:48
    -----------------------------
    23:04:48.191 OS Version: Windows x64 6.1.7600
    23:04:48.191 Number of processors: 8 586 0x2A07
    23:04:48.191 ComputerName: BRITANNIC UserName: Jim
    23:04:50.687 Initialize success
    23:10:44.687 AVAST engine defs: 12092401
    23:11:00.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:11:00.489 Disk 0 Vendor: ST31500341AS CC4G Size: 1430799MB BusType: 11
    23:11:00.489 Disk 0 MBR read successfully
    23:11:00.489 Disk 0 MBR scan
    23:11:00.489 Disk 0 Windows 7 default MBR code
    23:11:00.489 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1416796 MB offset 2048
    23:11:00.536 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 2901600256
    23:11:00.567 Disk 0 scanning C:\Windows\system32\drivers
    23:11:07.400 Service scanning
    23:11:19.436 Modules scanning
    23:11:19.436 Disk 0 trace - called modules:
    23:11:19.456 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:11:19.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007986060]
    23:11:19.466 3 CLASSPNP.SYS[fffff8800166543f] -> nt!IofCallDriver -> [0xfffffa800782d520]
    23:11:19.466 5 ACPI.sys[fffff88000f8a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007710680]
    23:11:27.724 AVAST engine scan C:\Windows
    23:11:30.188 AVAST engine scan C:\Windows\system32
    23:13:39.857 AVAST engine scan C:\Windows\system32\drivers
    23:13:49.903 AVAST engine scan C:\Users\Jim
    23:20:42.473 Disk 0 MBR has been saved successfully to "\\Titanic\radio podcasts\MBR.dat"
    23:20:42.473 The log file has been saved successfully to "\\Titanic\radio podcasts\aswMBR.txt"



  5. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Very good :)

    How is computer doing?

    ============================

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  6. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    My desktop is still messed up (see the beginning of my first post). I'm thinking that I should get that cleared up before proceeding with Combofix. What do you think?

    Thanks
  7. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    As I said create new restore point and run Combofix.
  8. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    When I run Combofix, it says "NSIS Error -- Error launching installer."

    I booted up in safe mode and ran rkill. The DOS window flashed and then disappeared. Running the renamed Combofix still says "NSIS Error -- Error launching installer."

    I still have that c:\32788R22FWJFW directory from when I tried running Combofix earlier.

    ---
    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/25/2012 12:41:56 AM in x64 mode.
    Windows Version: Windows 7 Home Premium

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\Jim\Desktop\rkill\rkill-09-25-2012-12-41-58.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
    * HKCU\SOFTWARE\Classes\.exe has been deleted!
    * HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!
    * HKCU\SOFTWARE\Classes\.bat has been deleted!

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * BFE [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]

    * SharedAccess [Missing ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 creatives.livejasmin.com
    127.0.0.1 www.livejasmin.com
    127.0.0.1 www.exposedwebcams.com
    127.0.0.1 secure-online-chat.com
    127.0.0.1 www.menepe.com
    127.0.0.1 www.xpress.com

    Program finished at: 09/25/2012 12:42:04 AM
    Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
  9. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    That's fine.

    Please restate your current issues.

    =======================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    Extras.txt

    OTL Extras logfile created on: 9/25/2012 8:27:05 PM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Jim\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.04% Memory free
    15.96 Gb Paging File | 13.91 Gb Available in Paging File | 87.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.59 Gb Total Space | 140.15 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
    Drive D: | 13.67 Gb Total Space | 7.06 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
    Drive F: | 3.65 Gb Total Space | 3.13 Gb Free Space | 85.84% Space Free | Partition Type: FAT32

    Computer Name: BRITANNIC | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3400246598-1791276097-185665454-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
    "{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "MediaInfo" = MediaInfo 0.7.58
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}" = Smart Cutter for DV and DVB
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode version 3.1.2.0
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "AviSynth" = AviSynth 2.5
    "AVS DVD Player_is1" = AVS DVD Player version 2.4
    "AVS Media Player_is1" = AVS Media Player 4.1.8.93
    "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
    "FastStone Image Viewer" = FastStone Image Viewer 4.6
    "Foxit Reader_is1" = Foxit Reader
    "HandBrake" = HandBrake 0.9.6
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSYS-1.0_is1" = "Minimal SYStem 1.0.11"
    "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PSPad editor_is1" = PSPad editor
    "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
    "Sweet Home 3D_is1" = Sweet Home 3D version 3.3
    "Unlocker" = Unlocker 1.9.1
    "Winamp" = Winamp
    "WinFF_is1" = WinFF 1.4
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.4
    "Xvid Video Codec 1.3.2" = Xvid Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3400246598-1791276097-185665454-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "124d7bfeeda3fda0" = The TVDB XML Fetcher for the WDTV Live Hub
    "Google Chrome" = Google Chrome
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "Neoteris_Host_Checker" = Juniper Networks Host Checker
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/19/2012 12:30:42 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/20/2012 12:31:04 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/21/2012 12:30:06 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/22/2012 1:37:45 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/23/2012 12:30:23 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/24/2012 12:30:54 AM | Computer Name = BRITANNIC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 9/24/2012 9:37:51 PM | Computer Name = BRITANNIC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7419c9f1 Faulting process id: 0x14e4 Faulting application
    start time: 0x01cd9abe5f6830ab Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 9df9622d-06b1-11e2-ba5f-782bcb945b98

    Error - 9/24/2012 9:40:03 PM | Computer Name = BRITANNIC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7419c9f1 Faulting process id: 0x5a4 Faulting application
    start time: 0x01cd9abeada653d5 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: ec84bc19-06b1-11e2-ba5f-782bcb945b98

    Error - 9/24/2012 9:41:03 PM | Computer Name = BRITANNIC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7419c9f1 Faulting process id: 0xf4 Faulting application
    start time: 0x01cd9abed2a67517 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 10535dc1-06b2-11e2-ba5f-782bcb945b98

    Error - 9/24/2012 9:42:03 PM | Computer Name = BRITANNIC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7419c9f1 Faulting process id: 0x1d0 Faulting application
    start time: 0x01cd9abef67738bd Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 3423c39d-06b2-11e2-ba5f-782bcb945b98

    [ System Events ]
    Error - 9/25/2012 8:13:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7031
    Description = The System Event Notification Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 9/25/2012 8:13:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7031
    Description = The Shell Hardware Detection service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 9/25/2012 8:13:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7031
    Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 60000 milliseconds: Restart the
    service.

    Error - 9/25/2012 8:13:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7031
    Description = The Windows Management Instrumentation service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 9/25/2012 8:13:52 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 9/25/2012 8:13:52 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 9/25/2012 8:14:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Shell Hardware Detection service,
    but this action failed with the following error: %%1056

    Error - 9/25/2012 8:15:25 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 9/25/2012 8:19:17 PM | Computer Name = BRITANNIC | Source = Service Control Manager | ID = 7023
    Description = The Windows Modules Installer service terminated with the following
    error: %%32

    Error - 9/25/2012 8:19:46 PM | Computer Name = BRITANNIC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  11. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    OTL.txt
    OTL logfile created on: 9/25/2012 8:27:05 PM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Jim\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.04% Memory free
    15.96 Gb Paging File | 13.91 Gb Available in Paging File | 87.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.59 Gb Total Space | 140.15 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
    Drive D: | 13.67 Gb Total Space | 7.06 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
    Drive F: | 3.65 Gb Total Space | 3.13 Gb Free Space | 85.84% Space Free | Partition Type: FAT32

    Computer Name: BRITANNIC | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/25 20:26:36 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Downloads\OTL.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
    MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
    MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
    MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/08/03 23:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/06 22:44:35 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
    SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/08 03:29:24 | 000,099,152 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_710_19243.SYS -- (NEOFLTR_710_19243)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/09 10:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/04 00:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/08/03 23:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/07/20 00:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/07/20 00:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/07/15 10:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2010/06/03 12:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/10/27 01:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2009/10/27 01:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://myvpn.book.com/dana-na/auth/url_18/welcome.cgi?p=failed
    IE - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
    FF - prefs.js..extensions.enabledAddons: wootwatcher@will.mcsweeney:2.0.1
    FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 10:03:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/10 18:57:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 22:44:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 22:44:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 22:44:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 22:44:34 | 000,000,000 | ---D | M]

    [2011/07/27 20:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
    [2012/09/14 23:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions
    [2012/06/30 21:29:38 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2012/09/14 23:25:31 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2012/09/03 20:19:14 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\firebug@software.joehewitt.com.xpi
    [2012/09/14 23:25:31 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/09/05 21:06:07 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2012/07/27 22:42:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011/11/03 22:54:02 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/09/14 23:25:31 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/08/19 11:40:59 | 000,001,599 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\searchplugins\b-ref-search.xml
    [2012/02/07 22:32:35 | 000,012,703 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\searchplugins\imdb.xml
    [2012/02/12 13:50:21 | 000,001,336 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\searchplugins\wiktionary-en.xml
    [2012/01/31 01:02:20 | 000,002,509 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\searchplugins\wr-italian-english.xml
    [2012/01/23 01:36:25 | 000,002,057 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ha3o9vnv.default\searchplugins\youtube-video-search.xml
    [2012/09/06 22:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/06 22:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/06 22:44:34 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
    [2012/09/06 22:44:34 | 000,000,000 | ---D | M] (Woot! Watcher) -- C:\Program Files (x86)\Mozilla Firefox\extensions\wootwatcher@will.mcsweeney
    [2012/09/06 22:44:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012/09/03 19:30:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/03 19:30:47 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://my.yahoo.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://my.yahoo.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Better Pop Up Blocker = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
    CHR - Extension: ScriptNo = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
    CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/09 10:59:19 | 000,001,010 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 creatives.livejasmin.com
    O1 - Hosts: 127.0.0.1 www.livejasmin.com
    O1 - Hosts: 127.0.0.1 www.exposedwebcams.com
    O1 - Hosts: 127.0.0.1 secure-online-chat.com
    O1 - Hosts: 127.0.0.1 www.menepe.com
    O1 - Hosts: 127.0.0.1 www.xpress.com
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3400246598-1791276097-185665454-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://myvpn.book.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{284C79B4-0C6F-40B5-8B1D-2B26BCE741E7}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FD05FF-3306-4B88-9018-8C3554BC1087}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{0da58042-0d56-11e1-87b9-782bcb945b98}\Shell - "" = AutoRun
    O33 - MountPoints2\{0da58042-0d56-11e1-87b9-782bcb945b98}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{a0cf87ee-f393-11e0-96fd-782bcb945b98}\Shell - "" = AutoRun
    O33 - MountPoints2\{a0cf87ee-f393-11e0-96fd-782bcb945b98}\Shell\AutoRun\command - "" = L:\setup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/25 20:13:57 | 000,000,000 | ---D | C] -- C:\AVG2012
    [2012/09/25 02:06:21 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/25 00:52:12 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.exe
    [2012/09/25 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\rkill
    [2012/09/24 23:00:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes
    [2012/09/24 23:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/24 23:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/24 23:00:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/24 23:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/24 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\RK_Quarantine
    [2012/09/24 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\tdsskiller
    [2012/09/24 21:39:13 | 000,016,712 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP113.SYS
    [2012/09/24 21:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/24 21:36:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/24 21:36:47 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/09/24 21:34:52 | 004,759,205 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\username123.exe
    [2012/09/24 21:18:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/18 19:34:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\TechSmith
    [2012/09/15 10:45:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVDB XML Fetcher
    [2012/09/15 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Apps
    [2012/09/15 10:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Deployment
    [2012/09/11 10:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/09/11 10:02:07 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/09/06 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/05 21:52:21 | 000,000,000 | ---D | C] -- C:\tmp
    [2012/08/28 00:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/25 20:22:53 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 20:22:53 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 20:20:42 | 000,727,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/25 20:20:42 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/25 20:20:42 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/25 20:16:53 | 095,764,220 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/09/25 20:14:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/25 20:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/25 20:13:14 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/25 01:14:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/25 01:12:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400246598-1791276097-185665454-1002UA.job
    [2012/09/24 23:50:26 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.exe
    [2012/09/24 23:00:10 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/24 21:39:13 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP113.SYS
    [2012/09/24 21:34:53 | 004,759,205 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\username123.exe
    [2012/09/24 20:12:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400246598-1791276097-185665454-1002Core.job
    [2012/09/18 19:35:33 | 000,368,621 | ---- | M] () -- C:\Users\Jim\Documents\mri.png
    [2012/09/15 17:02:33 | 000,295,592 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/09/15 11:44:32 | 000,000,069 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\AVSDVDPlayer.m3u
    [2012/09/12 21:02:59 | 000,007,602 | ---- | M] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
    [2012/09/11 10:03:29 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/09/10 20:46:35 | 000,000,600 | ---- | M] () -- C:\Users\Jim\AppData\Local\PUTTY.RND
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/05 00:43:56 | 000,000,000 | -H-- | M] () -- C:\Users\Jim\Documents\Default.rdp
    [2012/09/04 14:07:55 | 000,002,448 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
    [2012/09/03 19:21:48 | 000,361,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/28 00:09:38 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/24 23:00:10 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/18 19:35:33 | 000,368,621 | ---- | C] () -- C:\Users\Jim\Documents\mri.png
    [2012/09/05 00:43:56 | 000,000,000 | -H-- | C] () -- C:\Users\Jim\Documents\Default.rdp
    [2012/08/28 00:09:38 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
    [2011/12/21 13:02:11 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/12/21 13:02:11 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/12/21 12:23:28 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI
    [2011/08/16 23:01:53 | 000,000,069 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\AVSDVDPlayer.m3u
    [2011/08/09 21:47:09 | 000,000,600 | ---- | C] () -- C:\Users\Jim\AppData\Local\PUTTY.RND
    [2011/08/05 00:22:47 | 000,007,602 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
    [2011/08/03 23:23:42 | 000,743,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/30 18:10:28 | 000,000,678 | ---- | C] () -- C:\Users\Jim\.jmf-resource
    [2011/07/28 19:37:27 | 000,000,600 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\winscp.rnd
    [2011/05/26 02:28:56 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/05/26 01:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/05/25 23:44:19 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
    [2011/03/02 23:59:36 | 001,687,516 | ---- | C] () -- C:\Users\Jim\FreeSerif.ttf
    [2011/03/02 23:59:36 | 000,714,456 | ---- | C] () -- C:\Users\Jim\FreeSans.ttf
    [2011/03/02 23:59:36 | 000,691,448 | ---- | C] () -- C:\Users\Jim\FreeSerifItalic.ttf
    [2011/03/02 23:59:36 | 000,615,292 | ---- | C] () -- C:\Users\Jim\FreeSerifBold.ttf
    [2011/03/02 23:59:36 | 000,508,412 | ---- | C] () -- C:\Users\Jim\FreeSerifBoldItalic.ttf
    [2011/03/02 23:59:36 | 000,441,432 | ---- | C] () -- C:\Users\Jim\FreeSansOblique.ttf
    [2011/03/02 23:59:36 | 000,359,272 | ---- | C] () -- C:\Users\Jim\FreeSansBold.ttf
    [2011/03/02 23:59:36 | 000,343,980 | ---- | C] () -- C:\Users\Jim\FreeMono.ttf
    [2011/03/02 23:59:36 | 000,301,188 | ---- | C] () -- C:\Users\Jim\FreeSansBoldOblique.ttf
    [2011/03/02 23:59:36 | 000,208,128 | ---- | C] () -- C:\Users\Jim\FreeMonoOblique.ttf
    [2011/03/02 23:59:36 | 000,173,608 | ---- | C] () -- C:\Users\Jim\FreeMonoBold.ttf
    [2011/03/02 23:59:36 | 000,169,936 | ---- | C] () -- C:\Users\Jim\FreeMonoBoldOblique.ttf

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/08/09 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Amazon
    [2011/10/03 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG2012
    [2012/08/15 23:01:41 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\avidemux
    [2011/08/27 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DVDFab
    [2011/07/29 22:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\eTeks
    [2012/08/14 21:23:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Foxit Software
    [2012/03/11 13:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HandBrake
    [2011/12/07 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Juniper Networks
    [2011/07/28 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Machete Lite
    [2012/06/13 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MusicBrainz
    [2012/03/16 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\My Games
    [2011/12/23 09:52:34 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\QuickStoresToolbar
    [2012/09/23 03:15:52 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SoftGrid Client
    [2011/09/30 23:44:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SpiritON TV Software
    [2011/08/03 23:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TP
    [2011/12/21 13:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WinFF
    [2011/07/27 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\XMedia Recode

    ========== Purity Check ==========


    < End of report >
     
  12. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    Current issues:

    When I boot up I get this message:

    Failed to connect to a windows service
    Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond.

    The system log is filled with errors:
    The ______ service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    • Multimedia Class Scheduler
    • User Profile Service
    • Task Scheduler
    • Secondary Logon
    • System Event Notification Service
    • Shell Hardware Detection
    • Themes
    • Windows Management Instrumentation service
    • The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    • The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    The system profile no longer points to my Win7 user profile. The desktop, documents, pictures, music, etc all appear to be using to a sort of default profile. All my data is still saved under C:\Users\Jim however. Until sometime late last night I would get this message, and be unable to save anything to the desktop:

    Location is not available
    C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

    That message has gone away, and I can save items to the desktop again. The desktop is all black and the appearance of the start bar is very plain (presumably because it's reading from a barebones desktop.ini file).

    I still have a directory in C: called 32788R22FWJFW, which was created by Combofix when I tried running it before opening up this thread. Opening up that directory in Windows Explorer it looks just as if I opened Computer in Windows Explorer. If I do a dir of the root of C: from a DOS prompt, that directory is not listed. If I change to that directory and dir, I see all the ComboFix files (211 files, 13,773,761 bytes). Combofix did not run successfully when I tried to run it, and I was not able to uninstall it.

    I'm starting to think that the way to go here is just to back up my data and run the Factory Recovery. I don't have a lot of software installed that I wouldn't be able to replace pretty easily.
  13. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    I need your decision before we go any deeper.
  14. PopeInnocentXIV

    PopeInnocentXIV Newcomer, in training Topic Starter

    Yeah, I think that's what I'm going to do. I've begun backing up my data.

    Thanks so much for all your help.
  15. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    You're very welcome [​IMG]

    Thank you for letting me know :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.