Trojan.agent in svchost.exe

Solved
By Katherine4422
Aug 17, 2012
  1. Got a little problem with my laptop here - it started working slow and randomly blue-screening me. Malwarebytes scan says it's trojan.agent in svchost.exe, and malwarebytes' attempts to "remove" it doesn't work. I'd really appreciate any help, thank you!

    Malwarebytes log
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.12.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kate :: KATE-HP [administrator]
    8/17/2012 9:32:01 AM
    mbam-log-2012-08-17 (09-39-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194251
    Time elapsed: 3 minute(s), 25 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 8348 -> No action taken.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end)

    GMER
    GMER provided no log.

    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Kate at 16:55:10 on 2012-08-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3353 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.79\npchrome_frame.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 207.69.188.186 207.69.188.187 192.168.1.1 207.69.188.186 207.69.188.187
    TCP: Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6} : DhcpNameServer = 207.69.188.186 207.69.188.187 192.168.1.1 207.69.188.186 207.69.188.187
    TCP: Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6}\34963736F64363933333 : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6}\45865602E456770295F627B656270284F64756C6 : DhcpNameServer = 50.57.99.138 50.57.100.29 65.106.1.196
    TCP: Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6}\54878696269647F6270294E6475627E65647022416379636 : DhcpNameServer = 66.78.202.254 66.78.210.254
    TCP: Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.72
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.79\npchrome_frame.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.79\npchrome_frame.dll
    BHO-X64: ChromeFrame BHO - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-3 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-17 44808]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-8 514232]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-19 2375168]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/03 08:38:12;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-17 15:09:30 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-17 15:09:29 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-17 15:09:25 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-17 15:08:56 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-17 15:08:41 -------- d-----w- C:\ProgramData\AVAST Software
    2012-08-17 15:08:41 -------- d-----w- C:\Program Files\AVAST Software
    2012-08-15 12:59:41 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 12:59:41 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 12:59:39 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 12:59:39 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 12:59:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 12:59:39 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 12:59:37 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 12:59:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 12:59:37 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 12:59:37 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 12:59:36 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-15 04:20:17 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtsp64.sys
    2012-08-15 04:20:17 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1308000.00E\symds64.sys
    2012-08-15 04:20:17 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symnets.sys
    2012-08-15 04:20:17 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtspx64.sys
    2012-08-15 04:20:17 1129120 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symefa64.sys
    2012-08-15 04:20:16 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ironx64.sys
    2012-08-15 04:20:16 167072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ccsetx64.sys
    2012-08-15 04:20:08 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1308000.00E
    2012-08-12 16:38:30 20480 ----a-w- C:\Windows\svchost.exe
    2012-08-09 16:20:44 -------- d-----w- C:\Users\Kate\AppData\Local\{3E0B6CDE-29B4-46C5-AFD1-6C7F9A54D46E}
    2012-08-09 15:38:15 -------- d-----w- C:\Users\Kate\AppData\Local\{F3785A2C-6D68-43DC-AE7B-85775AF31EB4}
    2012-08-09 14:30:56 -------- d-----w- C:\Users\Kate\AppData\Local\{40EE4E0B-6217-4770-B7EE-3B1434396E5E}
    2012-08-09 14:29:45 -------- d-----w- C:\Users\Kate\AppData\Local\{6F1324E0-AE55-445F-8883-96B7E2A1CE52}
    2012-08-09 14:29:28 -------- d-----w- C:\Users\Kate\AppData\Local\{B2DA8CB3-0F20-4D3B-B2B1-194B05E51A77}
    2012-08-04 20:43:14 -------- d-----w- C:\Users\Kate\AppData\Roaming\Malwarebytes
    2012-08-04 20:43:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-04 20:43:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-04 20:42:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-04 18:31:47 -------- d-----w- C:\ProgramData\Synaptics
    2012-08-04 16:56:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-08-04 16:56:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-30 14:52:50 111104 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\71C0.tmp.dat
    .
    ==================== Find3M ====================
    .
    2012-08-15 12:52:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 12:52:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-15 05:01:22 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
    2012-06-06 13:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-28 12:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll
    .
    ============= FINISH: 16:56:44.53 ===============
  2. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    DDS Attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/21/2012 1:29:49 PM
    System Uptime: 8/17/2012 3:29:08 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 358D
    Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 488.304 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.621 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP83: 8/17/2012 10:08:17 AM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 6.0
    Adobe Reader X (10.1.4) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    AMD System Monitor
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CyberLink PowerDVD
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Fallout: New Vegas
    Farm Frenzy
    FATE - The Traitor Soul
    Google Chrome Frame
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP SimplePass 2011
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Junk Mail filter update
    Magic Desktop
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Mobile Broadband Generic Drivers
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Nancy Drew: Message in a Haunted Mansion
    Norton AntiVirus
    Origin
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Portal 2
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Skype™ 5.1
    Slingo Supreme
    Steam
    The Elder Scrolls V: Skyrim
    The Sims Medieval
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Generations
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wneiper
    TurboTax 2011 wrapper
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    VLC media player 2.0.0
    VZAccess Manager for Novatel
    Wacom Tablet
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/17/2012 9:20:13 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    8/17/2012 11:42:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000fe, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cce405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081712-50294-01.
    8/17/2012 11:32:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    8/17/2012 11:32:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    8/17/2012 10:55:32 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/17/2012 10:52:03 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000158c02b8000b, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cd0451). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081712-56597-01.
    8/17/2012 10:45:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d0a4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081712-37346-01.
    8/16/2012 9:08:54 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/15/2012 11:36:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00000200056e8404, 0x0000f88001af403d, 0xffff077ffe50bfc2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081512-49592-01.
    8/15/2012 10:43:10 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
    8/14/2012 4:00:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
    8/13/2012 11:02:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb47ef, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081312-83850-01.
    8/12/2012 11:37:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d084aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-39421-01.
    8/12/2012 10:29:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cae7ef, 0x0000000000000000, 0x000000007ef70000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-32385-01.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    You're running two AV programs, Avast and Norton.
    You must uninstall one of them.
    If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Next....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  4. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Thanks for such a quick reply! I appreciate your help :)

    I uninstalled Avast, rebooted computer at its request, downloaded and ran TDSSKiller. It found an infected file, so I hit cure, then rebooted the computer once more.

    Here's the log:
    10:02:25.0025 6188 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    10:02:25.0415 6188 ============================================================
    10:02:25.0415 6188 Current date / time: 2012/08/18 10:02:25.0415
    10:02:25.0415 6188 SystemInfo:
    10:02:25.0415 6188
    10:02:25.0415 6188 OS Version: 6.1.7601 ServicePack: 1.0
    10:02:25.0415 6188 Product type: Workstation
    10:02:25.0415 6188 ComputerName: KATE-HP
    10:02:25.0415 6188 UserName: Kate
    10:02:25.0415 6188 Windows directory: C:\Windows
    10:02:25.0415 6188 System windows directory: C:\Windows
    10:02:25.0415 6188 Running under WOW64
    10:02:25.0415 6188 Processor architecture: Intel x64
    10:02:25.0415 6188 Number of processors: 4
    10:02:25.0415 6188 Page size: 0x1000
    10:02:25.0415 6188 Boot type: Normal boot
    10:02:25.0415 6188 ============================================================
    10:02:27.0471 6188 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:02:27.0481 6188 ============================================================
    10:02:27.0481 6188 \Device\Harddisk0\DR0:
    10:02:27.0481 6188 MBR partitions:
    10:02:27.0481 6188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    10:02:27.0481 6188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A90000
    10:02:27.0481 6188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48AF4000, BlocksNum 0x1D30000
    10:02:27.0481 6188 ============================================================
    10:02:27.0501 6188 C: <-> \Device\Harddisk0\DR0\Partition2
    10:02:27.0563 6188 D: <-> \Device\Harddisk0\DR0\Partition3
    10:02:27.0563 6188 ============================================================
    10:02:27.0563 6188 Initialize success
    10:02:27.0563 6188 ============================================================
    10:02:29.0969 6832 ============================================================
    10:02:29.0970 6832 Scan started
    10:02:29.0970 6832 Mode: Manual;
    10:02:29.0970 6832 ============================================================
    10:02:32.0489 6832 ================ Scan services =============================
    10:02:32.0737 6832 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    10:02:32.0742 6832 1394ohci - ok
    10:02:32.0784 6832 [ 5c368f4b04ed2a923e6afca2d37baff5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    10:02:32.0800 6832 Accelerometer - ok
    10:02:32.0842 6832 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    10:02:32.0848 6832 ACPI - ok
    10:02:32.0878 6832 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    10:02:32.0893 6832 AcpiPmi - ok
    10:02:32.0968 6832 [ e8fe4fce23d2809bd88bcc1d0f8408ce ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    10:02:32.0971 6832 AdobeActiveFileMonitor6.0 - ok
    10:02:33.0095 6832 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    10:02:33.0097 6832 AdobeARMservice - ok
    10:02:33.0306 6832 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    10:02:33.0324 6832 AdobeFlashPlayerUpdateSvc - ok
    10:02:33.0394 6832 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    10:02:33.0402 6832 adp94xx - ok
    10:02:33.0444 6832 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    10:02:33.0466 6832 adpahci - ok
    10:02:33.0496 6832 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    10:02:33.0499 6832 adpu320 - ok
    10:02:33.0536 6832 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:02:33.0537 6832 AeLookupSvc - ok
    10:02:33.0611 6832 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    10:02:33.0612 6832 AESTFilters - ok
    10:02:33.0654 6832 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
    10:02:33.0661 6832 AFD - ok
    10:02:33.0703 6832 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:02:33.0716 6832 agp440 - ok
    10:02:33.0746 6832 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
    10:02:33.0761 6832 ALG - ok
    10:02:33.0796 6832 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:02:33.0807 6832 aliide - ok
    10:02:33.0849 6832 [ 3de8dc285540733818588cc94e7fc96e ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    10:02:33.0852 6832 AMD External Events Utility - ok
    10:02:33.0904 6832 AMD FUEL Service - ok
    10:02:33.0928 6832 [ 30bfeee0dffd5bd79d29157cf080deed ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
    10:02:33.0930 6832 amdhub30 - ok
    10:02:33.0952 6832 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
    10:02:33.0953 6832 amdide - ok
    10:02:33.0987 6832 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    10:02:33.0998 6832 amdiox64 - ok
    10:02:34.0035 6832 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    10:02:34.0051 6832 AmdK8 - ok
    10:02:34.0324 6832 [ 42d53daf85f948c39ce1351a8f5b5808 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:02:34.0560 6832 amdkmdag - ok
    10:02:34.0634 6832 [ 75182b5784015b271932088551616a96 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    10:02:34.0651 6832 amdkmdap - ok
    10:02:34.0683 6832 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    10:02:34.0685 6832 AmdPPM - ok
    10:02:34.0719 6832 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    10:02:34.0722 6832 amdsata - ok
    10:02:34.0764 6832 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    10:02:34.0776 6832 amdsbs - ok
    10:02:34.0791 6832 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    10:02:34.0793 6832 amdxata - ok
    10:02:34.0835 6832 [ 321533578132c811ec834a1b741c994c ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
    10:02:34.0845 6832 amdxhc - ok
    10:02:34.0870 6832 [ 2fbb00a7616106b95104574c6cd640c2 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    10:02:34.0871 6832 amd_sata - ok
    10:02:34.0890 6832 [ 87d0d7645cb0d53220649bd5fe15d93e ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    10:02:34.0902 6832 amd_xata - ok
    10:02:34.0943 6832 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
    10:02:34.0945 6832 AppID - ok
    10:02:34.0965 6832 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    10:02:34.0967 6832 AppIDSvc - ok
    10:02:34.0982 6832 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    10:02:34.0983 6832 Appinfo - ok
    10:02:35.0047 6832 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:02:35.0049 6832 Apple Mobile Device - ok
    10:02:35.0079 6832 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
    10:02:35.0082 6832 arc - ok
    10:02:35.0091 6832 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
    10:02:35.0111 6832 arcsas - ok
    10:02:35.0225 6832 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    10:02:35.0241 6832 aspnet_state - ok
    10:02:35.0280 6832 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:02:35.0281 6832 AsyncMac - ok
    10:02:35.0298 6832 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
    10:02:35.0300 6832 atapi - ok
    10:02:35.0375 6832 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    10:02:35.0402 6832 AtiHDAudioService - ok
    10:02:35.0462 6832 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    10:02:35.0470 6832 AudioEndpointBuilder - ok
    10:02:35.0484 6832 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    10:02:35.0490 6832 AudioSrv - ok
    10:02:35.0512 6832 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
    10:02:35.0515 6832 AxInstSV - ok
    10:02:35.0558 6832 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    10:02:35.0573 6832 b06bdrv - ok
    10:02:35.0606 6832 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:02:35.0611 6832 b57nd60a - ok
    10:02:35.0675 6832 [ 93ee7d9c35ae7e9ffda148d7805f1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    10:02:35.0679 6832 BBSvc - ok
    10:02:35.0735 6832 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    10:02:35.0753 6832 BCM43XX - ok
    10:02:35.0791 6832 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
    10:02:35.0805 6832 BDESVC - ok
    10:02:35.0834 6832 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    10:02:35.0836 6832 Beep - ok
    10:02:35.0887 6832 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
    10:02:35.0896 6832 BFE - ok
    10:02:36.0082 6832 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
    10:02:36.0095 6832 BHDrvx64 - ok
    10:02:36.0137 6832 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
    10:02:36.0151 6832 BITS - ok
    10:02:36.0174 6832 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    10:02:36.0176 6832 blbdrive - ok
    10:02:36.0226 6832 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:02:36.0231 6832 Bonjour Service - ok
    10:02:36.0269 6832 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:02:36.0279 6832 bowser - ok
    10:02:36.0307 6832 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    10:02:36.0338 6832 BrFiltLo - ok
    10:02:36.0345 6832 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    10:02:36.0350 6832 BrFiltUp - ok
    10:02:36.0384 6832 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
    10:02:36.0386 6832 Browser - ok
    10:02:36.0408 6832 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    10:02:36.0414 6832 Brserid - ok
    10:02:36.0435 6832 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    10:02:36.0437 6832 BrSerWdm - ok
    10:02:36.0452 6832 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:02:36.0454 6832 BrUsbMdm - ok
    10:02:36.0462 6832 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    10:02:36.0478 6832 BrUsbSer - ok
    10:02:36.0484 6832 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    10:02:36.0488 6832 BTHMODEM - ok
    10:02:36.0537 6832 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
    10:02:36.0553 6832 bthserv - ok
    10:02:36.0641 6832 [ 2c6ffcca37b002aab3c7c31a6d780a76 ] ccSet_NAV C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys
    10:02:36.0643 6832 ccSet_NAV - ok
    10:02:36.0669 6832 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:02:36.0672 6832 cdfs - ok
    10:02:36.0713 6832 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    10:02:36.0716 6832 cdrom - ok
    10:02:36.0750 6832 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
    10:02:36.0752 6832 CertPropSvc - ok
    10:02:36.0793 6832 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    10:02:36.0795 6832 circlass - ok
    10:02:36.0818 6832 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
    10:02:36.0824 6832 CLFS - ok
    10:02:36.0878 6832 [ 524dc3807cb1746225f9d26add19c319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
    10:02:36.0882 6832 CLKMSVC10_38F51D56 - ok
    10:02:36.0936 6832 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:02:36.0955 6832 clr_optimization_v2.0.50727_32 - ok
    10:02:36.0993 6832 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:02:36.0995 6832 clr_optimization_v2.0.50727_64 - ok
    10:02:37.0065 6832 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:02:37.0068 6832 clr_optimization_v4.0.30319_32 - ok
    10:02:37.0094 6832 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    10:02:37.0097 6832 clr_optimization_v4.0.30319_64 - ok
    10:02:37.0171 6832 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    10:02:37.0188 6832 clwvd - ok
    10:02:37.0223 6832 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    10:02:37.0225 6832 CmBatt - ok
    10:02:37.0244 6832 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:02:37.0245 6832 cmdide - ok
    10:02:37.0285 6832 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
    10:02:37.0301 6832 CNG - ok
    10:02:37.0368 6832 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    10:02:37.0382 6832 Compbatt - ok
    10:02:37.0415 6832 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    10:02:37.0416 6832 CompositeBus - ok
    10:02:37.0428 6832 COMSysApp - ok
    10:02:37.0447 6832 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    10:02:37.0459 6832 crcdisk - ok
    10:02:37.0507 6832 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:02:37.0510 6832 CryptSvc - ok
    10:02:37.0545 6832 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:02:37.0552 6832 DcomLaunch - ok
    10:02:37.0593 6832 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
    10:02:37.0605 6832 defragsvc - ok
    10:02:37.0636 6832 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:02:37.0639 6832 DfsC - ok
    10:02:37.0659 6832 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
    10:02:37.0663 6832 Dhcp - ok
    10:02:37.0691 6832 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
    10:02:37.0692 6832 discache - ok
    10:02:37.0727 6832 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
    10:02:37.0747 6832 Disk - ok
    10:02:37.0772 6832 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:02:37.0775 6832 Dnscache - ok
    10:02:37.0811 6832 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:02:37.0824 6832 dot3svc - ok
    10:02:37.0848 6832 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
    10:02:37.0851 6832 DPS - ok
    10:02:37.0890 6832 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:02:37.0891 6832 drmkaud - ok
    10:02:37.0930 6832 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:02:37.0950 6832 DXGKrnl - ok
    10:02:37.0994 6832 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
    10:02:37.0996 6832 EapHost - ok
    10:02:38.0100 6832 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
    10:02:38.0163 6832 ebdrv - ok
    10:02:38.0233 6832 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    10:02:38.0239 6832 eeCtrl - ok
    10:02:38.0261 6832 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
    10:02:38.0263 6832 EFS - ok
    10:02:38.0347 6832 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:02:38.0378 6832 ehRecvr - ok
    10:02:38.0396 6832 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
    10:02:38.0399 6832 ehSched - ok
    10:02:38.0439 6832 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    10:02:38.0447 6832 elxstor - ok
    10:02:38.0503 6832 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    10:02:38.0514 6832 EraserUtilRebootDrv - ok
    10:02:38.0520 6832 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
    10:02:38.0521 6832 ErrDev - ok
    10:02:38.0581 6832 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
    10:02:38.0586 6832 EventSystem - ok
    10:02:38.0612 6832 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
    10:02:38.0615 6832 exfat - ok
    10:02:38.0635 6832 ezSharedSvc - ok
    10:02:38.0665 6832 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:02:38.0686 6832 fastfat - ok
    10:02:38.0744 6832 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
    10:02:38.0755 6832 Fax - ok
    10:02:38.0782 6832 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
    10:02:38.0784 6832 fdc - ok
    10:02:38.0806 6832 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
    10:02:38.0808 6832 fdPHost - ok
    10:02:38.0828 6832 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    10:02:38.0830 6832 FDResPub - ok
    10:02:38.0859 6832 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:02:38.0872 6832 FileInfo - ok
    10:02:38.0889 6832 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:02:38.0890 6832 Filetrace - ok
    10:02:38.0938 6832 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    10:02:38.0954 6832 FLEXnet Licensing Service - ok
    10:02:38.0996 6832 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    10:02:38.0997 6832 flpydisk - ok
    10:02:39.0020 6832 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:02:39.0025 6832 FltMgr - ok
    10:02:39.0068 6832 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
    10:02:39.0083 6832 FontCache - ok
    10:02:39.0169 6832 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:02:39.0170 6832 FontCache3.0.0.0 - ok
    10:02:39.0241 6832 [ 2074a85a6b8f84a5a9c60b915b465faf ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    10:02:39.0244 6832 FPLService - ok
    10:02:39.0267 6832 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    10:02:39.0276 6832 FsDepends - ok
    10:02:39.0301 6832 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:02:39.0317 6832 Fs_Rec - ok
    10:02:39.0366 6832 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    10:02:39.0369 6832 fvevol - ok
    10:02:39.0418 6832 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    10:02:39.0420 6832 gagp30kx - ok
    10:02:39.0484 6832 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    10:02:39.0503 6832 GamesAppService - ok
    10:02:39.0541 6832 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:02:39.0552 6832 GEARAspiWDM - ok
    10:02:39.0658 6832 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
    10:02:39.0666 6832 gpsvc - ok
    10:02:39.0725 6832 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:02:39.0728 6832 gupdate - ok
    10:02:39.0734 6832 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:02:39.0736 6832 gupdatem - ok
    10:02:39.0760 6832 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    10:02:39.0762 6832 hcw85cir - ok
    10:02:39.0796 6832 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    10:02:39.0819 6832 HdAudAddService - ok
    10:02:39.0853 6832 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:02:39.0855 6832 HDAudBus - ok
    10:02:39.0863 6832 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    10:02:39.0865 6832 HidBatt - ok
    10:02:39.0882 6832 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    10:02:39.0885 6832 HidBth - ok
    10:02:39.0901 6832 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    10:02:39.0917 6832 HidIr - ok
    10:02:39.0947 6832 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
    10:02:39.0949 6832 hidserv - ok
    10:02:40.0001 6832 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    10:02:40.0013 6832 HidUsb - ok
    10:02:40.0058 6832 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:02:40.0060 6832 hkmsvc - ok
    10:02:40.0081 6832 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    10:02:40.0085 6832 HomeGroupListener - ok
    10:02:40.0119 6832 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    10:02:40.0123 6832 HomeGroupProvider - ok
    10:02:40.0186 6832 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    10:02:40.0187 6832 HP Support Assistant Service - ok
    10:02:40.0253 6832 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    10:02:40.0260 6832 HPAuto - ok
    10:02:40.0276 6832 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    10:02:40.0279 6832 HPClientSvc - ok
    10:02:40.0349 6832 [ c5d2f308e1c12a5c328ef549696dbc05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    10:02:40.0361 6832 hpCMSrv - ok
    10:02:40.0420 6832 [ b19ff523b533a3f198b9239e1749c940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    10:02:40.0424 6832 HPDrvMntSvc.exe - ok
    10:02:40.0443 6832 [ 4e0bec0f78096ffd6d3314b497fc49d3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    10:02:40.0457 6832 hpdskflt - ok
    10:02:40.0528 6832 [ 01091b900e15878b4434f9c726c4541d ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    10:02:40.0538 6832 hpqwmiex - ok
    10:02:40.0567 6832 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    10:02:40.0570 6832 HpSAMD - ok
    10:02:40.0593 6832 [ fc7c13b5a9e9be23b7ae72bbc7fdb278 ] hpsrv C:\Windows\system32\Hpservice.exe
    10:02:40.0595 6832 hpsrv - ok
    10:02:40.0663 6832 [ 491ce9b6321fb74e4b37af2c47f98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP
  5. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    (continued log)
    Quick Launch\HPWMISVC.exe
    10:02:40.0665 6832 HPWMISVC - ok
    10:02:40.0700 6832 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:02:40.0711 6832 HTTP - ok
    10:02:40.0725 6832 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    10:02:40.0726 6832 hwpolicy - ok
    10:02:40.0753 6832 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    10:02:40.0756 6832 i8042prt - ok
    10:02:40.0799 6832 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    10:02:40.0806 6832 iaStorV - ok
    10:02:40.0914 6832 [ 3a0ff117b4adc5abe4d968e26a337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    10:02:40.0942 6832 IconMan_R - ok
    10:02:40.0981 6832 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:02:41.0006 6832 idsvc - ok
    10:02:41.0107 6832 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120815.002\IDSvia64.sys
    10:02:41.0113 6832 IDSVia64 - ok
    10:02:41.0176 6832 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    10:02:41.0178 6832 iirsp - ok
    10:02:41.0225 6832 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
    10:02:41.0236 6832 IKEEXT - ok
    10:02:41.0261 6832 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
    10:02:41.0263 6832 intelide - ok
    10:02:41.0288 6832 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    10:02:41.0290 6832 intelppm - ok
    10:02:41.0370 6832 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    10:02:41.0371 6832 IntuitUpdateServiceV4 - ok
    10:02:41.0407 6832 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:02:41.0410 6832 IPBusEnum - ok
    10:02:41.0431 6832 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:02:41.0441 6832 IpFilterDriver - ok
    10:02:41.0467 6832 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:02:41.0475 6832 iphlpsvc - ok
    10:02:41.0493 6832 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    10:02:41.0511 6832 IPMIDRV - ok
    10:02:41.0539 6832 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    10:02:41.0541 6832 IPNAT - ok
    10:02:41.0604 6832 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:02:41.0611 6832 iPod Service - ok
    10:02:41.0639 6832 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:02:41.0651 6832 IRENUM - ok
    10:02:41.0682 6832 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:02:41.0698 6832 isapnp - ok
    10:02:41.0724 6832 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    10:02:41.0729 6832 iScsiPrt - ok
    10:02:41.0751 6832 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    10:02:41.0753 6832 kbdclass - ok
    10:02:41.0788 6832 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    10:02:41.0790 6832 kbdhid - ok
    10:02:41.0805 6832 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
    10:02:41.0807 6832 KeyIso - ok
    10:02:41.0844 6832 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:02:41.0859 6832 KSecDD - ok
    10:02:41.0885 6832 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    10:02:41.0888 6832 KSecPkg - ok
    10:02:41.0920 6832 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    10:02:41.0934 6832 ksthunk - ok
    10:02:41.0973 6832 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:02:41.0980 6832 KtmRm - ok
    10:02:42.0008 6832 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    10:02:42.0012 6832 LanmanServer - ok
    10:02:42.0035 6832 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:02:42.0038 6832 LanmanWorkstation - ok
    10:02:42.0076 6832 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:02:42.0078 6832 lltdio - ok
    10:02:42.0109 6832 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:02:42.0129 6832 lltdsvc - ok
    10:02:42.0149 6832 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:02:42.0151 6832 lmhosts - ok
    10:02:42.0178 6832 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    10:02:42.0181 6832 LSI_FC - ok
    10:02:42.0193 6832 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    10:02:42.0203 6832 LSI_SAS - ok
    10:02:42.0209 6832 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    10:02:42.0212 6832 LSI_SAS2 - ok
    10:02:42.0236 6832 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    10:02:42.0252 6832 LSI_SCSI - ok
    10:02:42.0282 6832 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
    10:02:42.0285 6832 luafv - ok
    10:02:42.0327 6832 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:02:42.0330 6832 Mcx2Svc - ok
    10:02:42.0356 6832 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
    10:02:42.0358 6832 megasas - ok
    10:02:42.0377 6832 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    10:02:42.0412 6832 MegaSR - ok
    10:02:42.0478 6832 Microsoft SharePoint Workspace Audit Service - ok
    10:02:42.0506 6832 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
    10:02:42.0507 6832 MMCSS - ok
    10:02:42.0527 6832 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
    10:02:42.0529 6832 Modem - ok
    10:02:42.0556 6832 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:02:42.0557 6832 monitor - ok
    10:02:42.0572 6832 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    10:02:42.0573 6832 mouclass - ok
    10:02:42.0601 6832 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:02:42.0603 6832 mouhid - ok
    10:02:42.0617 6832 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    10:02:42.0618 6832 mountmgr - ok
    10:02:42.0642 6832 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:02:42.0646 6832 mpio - ok
    10:02:42.0663 6832 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:02:42.0665 6832 mpsdrv - ok
    10:02:42.0699 6832 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:02:42.0709 6832 MpsSvc - ok
    10:02:42.0717 6832 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:02:42.0720 6832 MRxDAV - ok
    10:02:42.0745 6832 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:02:42.0756 6832 mrxsmb - ok
    10:02:42.0782 6832 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:02:42.0787 6832 mrxsmb10 - ok
    10:02:42.0805 6832 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:02:42.0808 6832 mrxsmb20 - ok
    10:02:42.0833 6832 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    10:02:42.0835 6832 msahci - ok
    10:02:42.0859 6832 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:02:42.0880 6832 msdsm - ok
    10:02:42.0917 6832 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
    10:02:42.0921 6832 MSDTC - ok
    10:02:42.0939 6832 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:02:42.0941 6832 Msfs - ok
    10:02:42.0952 6832 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    10:02:42.0954 6832 mshidkmdf - ok
    10:02:42.0965 6832 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:02:42.0976 6832 msisadrv - ok
    10:02:43.0018 6832 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:02:43.0024 6832 MSiSCSI - ok
    10:02:43.0030 6832 msiserver - ok
    10:02:43.0067 6832 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:02:43.0083 6832 MSKSSRV - ok
    10:02:43.0113 6832 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:02:43.0118 6832 MSPCLOCK - ok
    10:02:43.0130 6832 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:02:43.0163 6832 MSPQM - ok
    10:02:43.0205 6832 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:02:43.0212 6832 MsRPC - ok
    10:02:43.0234 6832 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    10:02:43.0235 6832 mssmbios - ok
    10:02:43.0260 6832 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:02:43.0262 6832 MSTEE - ok
    10:02:43.0288 6832 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    10:02:43.0290 6832 MTConfig - ok
    10:02:43.0320 6832 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
    10:02:43.0331 6832 Mup - ok
    10:02:43.0375 6832 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
    10:02:43.0383 6832 napagent - ok
    10:02:43.0444 6832 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:02:43.0464 6832 NativeWifiP - ok
    10:02:44.0018 6832 [ f2840dbfe9322f35557219ae82cc4597 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
    10:02:44.0019 6832 NAV - ok
    10:02:44.0183 6832 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120817.003\ENG64.SYS
    10:02:44.0185 6832 NAVENG - ok
    10:02:44.0346 6832 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120817.003\EX64.SYS
    10:02:44.0365 6832 NAVEX15 - ok
    10:02:44.0474 6832 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:02:44.0515 6832 NDIS - ok
    10:02:44.0893 6832 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    10:02:44.0895 6832 NdisCap - ok
    10:02:44.0958 6832 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:02:44.0978 6832 NdisTapi - ok
    10:02:45.0000 6832 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:02:45.0003 6832 Ndisuio - ok
    10:02:45.0043 6832 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:02:45.0052 6832 NdisWan - ok
    10:02:45.0071 6832 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:02:45.0075 6832 NDProxy - ok
    10:02:45.0095 6832 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:02:45.0099 6832 NetBIOS - ok
    10:02:45.0169 6832 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    10:02:45.0173 6832 NetBT - ok
    10:02:45.0207 6832 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
    10:02:45.0210 6832 Netlogon - ok
    10:02:45.0395 6832 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
    10:02:45.0410 6832 Netman - ok
    10:02:45.0520 6832 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:02:45.0566 6832 NetMsmqActivator - ok
    10:02:45.0575 6832 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:02:45.0577 6832 NetPipeActivator - ok
    10:02:45.0688 6832 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
    10:02:45.0733 6832 netprofm - ok
    10:02:45.0966 6832 [ a98071e3e1e5e503462cc9e0ded91a36 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    10:02:46.0021 6832 netr28x - ok
    10:02:46.0076 6832 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:02:46.0078 6832 NetTcpActivator - ok
    10:02:46.0285 6832 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:02:46.0286 6832 NetTcpPortSharing - ok
    10:02:46.0330 6832 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    10:02:46.0586 6832 nfrd960 - ok
    10:02:46.0705 6832 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:02:46.0711 6832 NlaSvc - ok
    10:02:46.0747 6832 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:02:46.0750 6832 Npfs - ok
    10:02:46.0770 6832 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
    10:02:46.0772 6832 nsi - ok
    10:02:46.0802 6832 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:02:46.0803 6832 nsiproxy - ok
    10:02:46.0885 6832 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:02:46.0924 6832 Ntfs - ok
    10:02:47.0001 6832 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
    10:02:47.0003 6832 Null - ok
    10:02:47.0203 6832 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    10:02:47.0430 6832 NVENETFD - ok
    10:02:47.0478 6832 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:02:47.0721 6832 nvraid - ok
    10:02:47.0864 6832 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:02:47.0867 6832 nvstor - ok
    10:02:47.0917 6832 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:02:47.0921 6832 nv_agp - ok
    10:02:47.0989 6832 [ 952ab3bdef38a7391aa05bc8c6028f15 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
    10:02:47.0993 6832 NWADI - ok
    10:02:48.0055 6832 [ de3abd010d9734cd4ad4e0ba81f50b63 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
    10:02:48.0057 6832 NWUSBCDFIL64 - ok
    10:02:48.0113 6832 [ 6ae72c04633788c3c3b71b5beb17183c ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
    10:02:48.0118 6832 NWUSBModem - ok
    10:02:48.0160 6832 [ 6ae72c04633788c3c3b71b5beb17183c ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
    10:02:48.0181 6832 NWUSBPort - ok
    10:02:48.0208 6832 [ 6ae72c04633788c3c3b71b5beb17183c ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
    10:02:48.0213 6832 NWUSBPort2 - ok
    10:02:48.0256 6832 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    10:02:48.0259 6832 ohci1394 - ok
    10:02:48.0322 6832 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:02:48.0342 6832 ose - ok
    10:02:48.0590 6832 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    10:02:48.0727 6832 osppsvc - ok
    10:02:48.0802 6832 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    10:02:48.0810 6832 p2pimsvc - ok
    10:02:48.0848 6832 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
    10:02:48.0856 6832 p2psvc - ok
    10:02:48.0896 6832 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
    10:02:48.0898 6832 Parport - ok
    10:02:48.0928 6832 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:02:48.0940 6832 partmgr - ok
    10:02:48.0963 6832 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:02:48.0967 6832 PcaSvc - ok
    10:02:48.0990 6832 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
    10:02:48.0993 6832 pci - ok
    10:02:49.0019 6832 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
    10:02:49.0031 6832 pciide - ok
    10:02:49.0066 6832 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    10:02:49.0081 6832 pcmcia - ok
    10:02:49.0299 6832 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
    10:02:49.0301 6832 pcw - ok
    10:02:49.0344 6832 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:02:49.0353 6832 PEAUTH - ok
    10:02:49.0498 6832 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
    10:02:49.0501 6832 PerfHost - ok
    10:02:49.0583 6832 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
    10:02:49.0603 6832 pla - ok
    10:02:49.0644 6832 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:02:49.0651 6832 PlugPlay - ok
    10:02:49.0678 6832 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    10:02:49.0681 6832 PNRPAutoReg - ok
    10:02:49.0707 6832 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    10:02:49.0712 6832 PNRPsvc - ok
    10:02:49.0803 6832 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:02:49.0810 6832 PolicyAgent - ok
    10:02:49.0890 6832 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
    10:02:49.0894 6832 Power - ok
    10:02:50.0088 6832 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:02:50.0344 6832 PptpMiniport - ok
    10:02:50.0616 6832 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
    10:02:50.0647 6832 Processor - ok
    10:02:50.0741 6832 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
    10:02:50.0746 6832 ProfSvc - ok
    10:02:50.0774 6832 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:02:50.0775 6832 ProtectedStorage - ok
    10:02:50.0862 6832 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    10:02:50.0874 6832 Psched - ok
    10:02:50.0949 6832 [ a6bf0a9b5a30d743623ca0d3be35df05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    10:02:50.0979 6832 PxHlpa64 - ok
    10:02:51.0117 6832 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    10:02:51.0198 6832 ql2300 - ok
    10:02:51.0302 6832 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    10:02:51.0312 6832 ql40xx - ok
    10:02:51.0351 6832 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
    10:02:51.0366 6832 QWAVE - ok
    10:02:51.0438 6832 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:02:51.0441 6832 QWAVEdrv - ok
    10:02:51.0482 6832 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:02:51.0517 6832 RasAcd - ok
    10:02:51.0603 6832 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:02:51.0609 6832 RasAgileVpn - ok
    10:02:51.0652 6832 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
    10:02:51.0678 6832 RasAuto - ok
    10:02:51.0700 6832 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:02:51.0704 6832 Rasl2tp - ok
    10:02:51.0743 6832 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
    10:02:51.0759 6832 RasMan - ok
    10:02:51.0883 6832 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:02:51.0911 6832 RasPppoe - ok
    10:02:51.0945 6832 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:02:52.0172 6832 RasSstp - ok
    10:02:52.0226 6832 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:02:52.0320 6832 rdbss - ok
    10:02:52.0342 6832 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    10:02:52.0344 6832 rdpbus - ok
    10:02:52.0380 6832 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:02:52.0381 6832 RDPCDD - ok
    10:02:52.0452 6832 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:02:52.0453 6832 RDPENCDD - ok
    10:02:52.0463 6832 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    10:02:52.0464 6832 RDPREFMP - ok
    10:02:52.0543 6832 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:02:52.0580 6832 RDPWD - ok
    10:02:52.0671 6832 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    10:02:52.0701 6832 rdyboost - ok
    10:02:52.0759 6832 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:02:52.0762 6832 RemoteAccess - ok
    10:02:52.0820 6832 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:02:52.0849 6832 RemoteRegistry - ok
    10:02:52.0984 6832 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    10:02:52.0988 6832 RoxioNow Service - ok
    10:02:53.0082 6832 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    10:02:53.0085 6832 RpcEptMapper - ok
    10:02:53.0218 6832 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
    10:02:53.0257 6832 RpcLocator - ok
    10:02:53.0386 6832 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
    10:02:53.0402 6832 RpcSs - ok
    10:02:53.0528 6832 [ 9d21618e7a3b2c75cf1a2ecbbe723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
    10:02:53.0532 6832 RSPCIESTOR - ok
    10:02:53.0642 6832 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:02:53.0653 6832 rspndr - ok
    10:02:53.0750 6832 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    10:02:53.0769 6832 RTL8167 - ok
    10:02:53.0796 6832 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
    10:02:53.0798 6832 SamSs - ok
    10:02:53.0834 6832 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:02:53.0839 6832 sbp2port - ok
    10:02:53.0893 6832 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:02:53.0935 6832 SCardSvr - ok
    10:02:53.0972 6832 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    10:02:54.0002 6832 scfilter - ok
    10:02:54.0081 6832 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
    10:02:54.0102 6832 Schedule - ok
    10:02:54.0152 6832 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:02:54.0154 6832 SCPolicySvc - ok
    10:02:54.0232 6832 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    10:02:54.0260 6832 sdbus - ok
    10:02:54.0305 6832 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:02:54.0310 6832 SDRSVC - ok
    10:02:54.0393 6832 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    10:02:54.0396 6832 SeaPort - ok
    10:02:54.0440 6832 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:02:54.0442 6832 secdrv - ok
    10:02:54.0470 6832 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
    10:02:54.0473 6832 seclogon - ok
    10:02:54.0489 6832 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
    10:02:54.0491 6832 SENS - ok
    10:02:54.0521 6832 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    10:02:54.0524 6832 SensrSvc - ok
    10:02:54.0547 6832 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
    10:02:54.0549 6832 Serenum - ok
    10:02:54.0612 6832 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
    10:02:54.0615 6832 Serial - ok
    10:02:54.0635 6832 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    10:02:54.0636 6832 sermouse - ok
    10:02:54.0798 6832 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:02:54.0802 6832 SessionEnv - ok
    10:02:54.0824 6832 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:02:54.0834 6832 sffdisk - ok
    10:02:54.0839 6832 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:02:54.0841 6832 sffp_mmc - ok
    10:02:54.0848 6832 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:02:54.0864 6832 sffp_sd - ok
    10:02:54.0870 6832 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    10:02:54.0872 6832 sfloppy - ok
    10:02:54.0914 6832 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:02:54.0948 6832 SharedAccess - ok
    10:02:54.0993 6832 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:02:54.0998 6832 ShellHWDetection - ok
    10:02:55.0037 6832 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    10:02:55.0040 6832 SiSRaid2 - ok
    10:02:55.0064 6832 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    10:02:55.0066 6832 SiSRaid4 - ok
    10:02:55.0121 6832 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:02:55.0153 6832 Smb - ok
    10:02:55.0196 6832 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:02:55.0214 6832 SNMPTRAP - ok
    10:02:55.0238 6832 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
    10:02:55.0239 6832 spldr - ok
    10:02:55.0274 6832 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
    10:02:55.0281 6832 Spooler - ok
    10:02:55.0370 6832 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
    10:02:55.0416 6832 sppsvc - ok
    10:02:55.0445 6832 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    10:02:55.0449 6832 sppuinotify - ok
    10:02:55.0532 6832 [ 891793e00432fa055cf040605c260e49 ] SRTSP C:\Windows\System32\Drivers\NAVx64\1308000.00E\SRTSP64.SYS
    10:02:55.0552 6832 SRTSP - ok
    10:02:55.0565 6832 [ 1cb7bb3b0561fb5ecfe37f7731e8bf3e ] SRTSPX C:\Windows\system32\drivers\NAVx64\1308000.00E\SRTSPX64.SYS
    10:02:55.0567 6832 SRTSPX - ok
    10:02:55.0605 6832 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:02:55.0612 6832 srv - ok
    10:02:55.0651 6832 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:02:55.0670 6832 srv2 - ok
    10:02:55.0713 6832 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    10:02:55.0730 6832 SrvHsfHDA - ok
    10:02:55.0775 6832 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    10:02:55.0794 6832 SrvHsfV92 - ok
    10:02:55.0826 6832 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    10:02:55.0837 6832 SrvHsfWinac - ok
    10:02:55.0868 6832 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:02:55.0879 6832 srvnet - ok
    10:02:55.0914 6832 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:02:55.0919 6832 SSDPSRV - ok
    10:02:55.0934 6832 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:02:55.0937 6832 SstpSvc - ok
    10:02:56.0014 6832 [ 20e27aa5bcc01c2149830c05fe22f675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    10:02:56.0018 6832 STacSV - ok
    10:02:56.0044 6832 Steam Client Service - ok
    10:02:56.0069 6832 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
    10:02:56.0085 6832 stexstor - ok
    10:02:56.0149 6832 [ beb37ce4e7456f5efa52d783d1e06d8c ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    10:02:56.0169 6832 STHDA - ok
    10:02:56.0225 6832 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
    10:02:56.0236 6832 stisvc - ok
    10:02:56.0273 6832 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
    10:02:56.0282 6832 swenum - ok
    10:02:56.0322 6832 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
    10:02:56.0345 6832 swprv - ok
    10:02:56.0392 6832 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS
    10:02:56.0407 6832 SymDS - ok
    10:02:56.0511 6832 [ 5cb7f2fd7e30a0f52f93574bfc3a8041 ] SymEFA C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS
    10:02:56.0525 6832 SymEFA - ok
    10:02:56.0558 6832 [ 894579207e39c465737e850a252ce4f2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    10:02:56.0568 6832 SymEvent - ok
    10:02:56.0598 6832 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS
    10:02:56.0600 6832 SymIRON - ok
    10:02:56.0629 6832 [ 3911bd0e68c010e5438a87706abbe9ab ] SymNetS C:\Windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS
    10:02:56.0634 6832 SymNetS - ok
    10:02:56.0689 6832 [ ac3cc98b1bdb6540021d3ffb105ac2b9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    10:02:56.0708 6832 SynTP - ok
    10:02:56.0784 6832 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
    10:02:56.0807 6832 SysMain - ok
    10:02:56.0827 6832 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:02:56.0830 6832 TabletInputService - ok
    10:02:56.0901 6832 [ a0a43a50c3c31a2e719df3a25f9905eb ] TabletServiceWacom C:\Windows\system32\Wacom_Tablet.exe
    10:02:56.0919 6832 TabletServiceWacom - ok
    10:02:56.0948 6832 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:02:56.0953 6832 TapiSrv - ok
    10:02:56.0968 6832 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
    10:02:56.0971 6832 TBS - ok
    10:02:57.0045 6832 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:02:57.0069 6832 Tcpip - ok
    10:02:57.0109 6832 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:02:57.0126 6832 TCPIP6 - ok
    10:02:57.0176 6832 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:02:57.0199 6832 tcpipreg - ok
    10:02:57.0225 6832 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:02:57.0235 6832 TDPIPE - ok
    10:02:57.0301 6832 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:02:57.0352 6832 TDTCP - ok
    10:02:57.0378 6832 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:02:57.0380 6832 tdx - ok
    10:02:57.0395 6832 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    10:02:57.0410 6832 TermDD - ok
    10:02:57.0543 6832 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
    10:02:57.0555 6832 TermService - ok
    10:02:57.0595 6832 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
    10:02:57.0598 6832 Themes - ok
    10:02:57.0618 6832 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
    10:02:57.0620 6832 THREADORDER - ok
    10:02:57.0647 6832 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
    10:02:57.0651 6832 TrkWks - ok
    10:02:57.0690 6832 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:02:57.0692 6832 TrustedInstaller - ok
    10:02:57.0721 6832 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:02:57.0723 6832 tssecsrv - ok
    10:02:57.0755 6832 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    10:02:57.0770 6832 TsUsbFlt - ok
    10:02:57.0787 6832 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    10:02:57.0789 6832 TsUsbGD - ok
    10:02:57.0829 6832 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:02:57.0840 6832 tunnel - ok
    10:02:57.0862 6832 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    10:02:57.0864 6832 uagp35 - ok
    10:02:57.0886 6832 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:02:57.0900 6832 udfs - ok
    10:02:57.0936 6832 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:02:57.0962 6832 UI0Detect - ok
    10:02:58.0023 6832 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:02:58.0083 6832 uliagpkx - ok
    10:02:58.0206 6832 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:02:58.0208 6832 umbus - ok
    10:02:58.0214 6832 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
    10:02:58.0280 6832 UmPass - ok
    10:02:58.0432 6832 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
    10:02:58.0474 6832 upnphost - ok
    10:02:58.0575 6832 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    10:02:58.0584 6832 usbccgp - ok
    10:02:58.0711 6832 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:02:58.0760 6832 usbcir - ok
    10:02:58.0869 6832 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    10:02:58.0920 6832 usbehci - ok
    10:02:58.0974 6832 [ 573d192e268f0c5b486b7e96f661e538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    10:02:59.0000 6832 usbfilter - ok
    10:02:59.0171 6832 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    10:02:59.0211 6832 usbhub - ok
    10:02:59.0308 6832 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    10:02:59.0396 6832 usbohci - ok
    10:02:59.0477 6832 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys
    10:02:59.0490 6832 usbprint - ok
    10:02:59.0517 6832 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:02:59.0531 6832 USBSTOR - ok
    10:02:59.0638 6832 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    10:02:59.0652 6832 usbuhci - ok
    10:02:59.0761 6832 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    10:02:59.0772 6832 usbvideo - ok
    10:02:59.0844 6832 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
    10:02:59.0846 6832 UxSms - ok
    10:02:59.0863 6832 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
    10:02:59.0864 6832 VaultSvc - ok
    10:02:59.0887 6832 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    10:02:59.0888 6832 vdrvroot - ok
    10:03:00.0018 6832 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
    10:03:00.0173 6832 vds - ok
    10:03:00.0230 6832 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:03:00.0249 6832 vga - ok
    10:03:00.0274 6832 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:03:00.0276 6832 VgaSave - ok
    10:03:00.0328 6832 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    10:03:00.0339 6832 vhdmp - ok
    10:03:00.0368 6832 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
    10:03:00.0413 6832 viaide - ok
    10:03:00.0454 6832 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:03:00.0462 6832 volmgr - ok
    10:03:00.0538 6832 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:03:00.0547 6832 volmgrx - ok
    10:03:00.0566 6832 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:03:00.0601 6832 volsnap - ok
    10:03:00.0663 6832 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    10:03:00.0669 6832 vsmraid - ok
    10:03:00.0819 6832 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
    10:03:00.0878 6832 VSS - ok
    10:03:00.0933 6832 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    10:03:00.0935 6832 vwifibus - ok
    10:03:00.0965 6832 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    10:03:00.0984 6832 vwififlt - ok
    10:03:01.0032 6832 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
    10:03:01.0039 6832 W32Time - ok
    10:03:01.0090 6832 [ e04d43c7d1641e95d35cae6086c7e350 ] wacommousefilter C:\Windows\system32
    \DRIVERS\wacommousefilter.sys
    10:03:01.0483 6832 wacommousefilter - ok
    10:03:01.0516 6832 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    10:03:01.0519 6832 WacomPen - ok
    10:03:01.0562 6832 [ 9d45e06348c6703fba2064ac149aabda ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    10:03:01.0577 6832 wacomvhid - ok
    10:03:01.0624 6832 [ 8b4255329edfba3ecfbd0714476fad38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
    10:03:01.0626 6832 WacomVKHid - ok
    10:03:01.0666 6832 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    10:03:01.0669 6832 WANARP - ok
    10:03:01.0675 6832 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:03:01.0676 6832 Wanarpv6 - ok
    10:03:01.0763 6832 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    10:03:01.0794 6832 WatAdminSvc - ok
    10:03:01.0858 6832 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
    10:03:01.0896 6832 wbengine - ok
    10:03:01.0930 6832 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    10:03:01.0935 6832 WbioSrvc - ok
    10:03:01.0960 6832 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:03:01.0968 6832 wcncsvc - ok
    10:03:01.0999 6832 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:03:02.0003 6832 WcsPlugInService - ok
    10:03:02.0031 6832 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
    10:03:02.0033 6832 Wd - ok
    10:03:02.0062 6832 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:03:02.0071 6832 Wdf01000 - ok
    10:03:02.0085 6832 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:03:02.0088 6832 WdiServiceHost - ok
    10:03:02.0093 6832 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:03:02.0096 6832 WdiSystemHost - ok
    10:03:02.0125 6832 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
    10:03:02.0130 6832 WebClient - ok
    10:03:02.0152 6832 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:03:02.0157 6832 Wecsvc - ok
    10:03:02.0185 6832 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:03:02.0188 6832 wercplsupport - ok
    10:03:02.0216 6832 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
    10:03:02.0219 6832 WerSvc - ok
    10:03:02.0242 6832 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    10:03:02.0244 6832 WfpLwf - ok
    10:03:02.0262 6832 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    10:03:02.0264 6832 WIMMount - ok
    10:03:02.0279 6832 WinDefend - ok
    10:03:02.0289 6832 WinHttpAutoProxySvc - ok
    10:03:02.0345 6832 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:03:02.0348 6832 Winmgmt - ok
    10:03:02.0417 6832 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
    10:03:02.0461 6832 WinRM - ok
    10:03:02.0503 6832 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
    10:03:02.0521 6832 WinUsb - ok
    10:03:02.0569 6832 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:03:02.0581 6832 Wlansvc - ok
    10:03:02.0630 6832 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    10:03:02.0633 6832 wlcrasvc - ok
    10:03:02.0741 6832 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:03:02.0766 6832 wlidsvc - ok
    10:03:02.0793 6832 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    10:03:02.0794 6832 WmiAcpi - ok
    10:03:02.0827 6832 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:03:02.0840 6832 wmiApSrv - ok
    10:03:02.0879 6832 WMPNetworkSvc - ok
    10:03:02.0912 6832 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:03:02.0916 6832 WPCSvc - ok
    10:03:02.0933 6832 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:03:02.0936 6832 WPDBusEnum - ok
    10:03:02.0960 6832 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:03:02.0971 6832 ws2ifsl - ok
    10:03:02.0993 6832 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
    10:03:02.0997 6832 wscsvc - ok
    10:03:03.0003 6832 WSearch - ok
    10:03:03.0078 6832 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
    10:03:03.0111 6832 wuauserv - ok
    10:03:03.0125 6832 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    10:03:03.0145 6832 WudfPf - ok
    10:03:03.0180 6832 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:03:03.0184 6832 WUDFRd - ok
    10:03:03.0212 6832 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:03:03.0215 6832 wudfsvc - ok
    10:03:03.0239 6832 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
    10:03:03.0254 6832 WwanSvc - ok
    10:03:03.0279 6832 ================ Scan global ===============================
    10:03:03.0306 6832 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
    10:03:03.0364 6832 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    10:03:03.0392 6832 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    10:03:03.0439 6832 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
    10:03:03.0491 6832 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
    10:03:03.0497 6832 [Global] - ok
    10:03:03.0497 6832 ================ Scan MBR ==================================
    10:03:03.0512 6832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    10:03:03.0513 6832 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    10:03:03.0577 6832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    10:03:03.0577 6832 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    10:03:03.0578 6832 ================ Scan VBR ==================================
    10:03:03.0582 6832 Boot (0x1200) (81202590126600e012234506c3fb98a4) \Device\Harddisk0\DR0\Partition1
    10:03:03.0583 6832 \Device\Harddisk0\DR0\Partition1 - ok
    10:03:03.0602 6832 Boot (0x1200) (b5485116150032bfe456e629b1b382eb) \Device\Harddisk0\DR0\Partition2
    10:03:03.0605 6832 \Device\Harddisk0\DR0\Partition2 - ok
    10:03:03.0642 6832 Boot (0x1200) (791724be6392947200bfbb3d558bb944) \Device\Harddisk0\DR0\Partition3
    10:03:03.0643 6832 \Device\Harddisk0\DR0\Partition3 - ok
    10:03:03.0644 6832 ============================================================
    10:03:03.0644 6832 Scan finished
    10:03:03.0644 6832 ============================================================
    10:03:03.0658 4032 Detected object count: 1
    10:03:03.0658 4032 Actual detected object count: 1
    10:06:51.0493 4032 \Device\Harddisk0\DR0\# - copied to quarantine
    10:06:51.0495 4032 \Device\Harddisk0\DR0 - copied to quarantine
    10:06:51.0534 4032 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    10:06:51.0539 4032 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    10:06:51.0546 4032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    10:06:51.0553 4032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    10:06:51.0565 4032 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    10:06:51.0575 4032 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    10:06:51.0578 4032 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    10:06:51.0580 4032 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    10:06:51.0582 4032 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    10:06:51.0588 4032 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    10:06:51.0591 4032 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    10:06:51.0594 4032 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    10:06:51.0597 4032 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    10:06:51.0600 4032 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    10:06:51.0636 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    10:06:51.0650 4032 \Device\Harddisk0\DR0 - ok
    10:06:54.0841 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    10:10:13.0588 6932 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Good :)

    Update MBAM re-run quick scan and post new log.

    Next....

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Alrighty!

    New MBAM log:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.12.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kate :: KATE-HP [administrator]
    8/18/2012 9:28:56 PM
    mbam-log-2012-08-18 (21-32-44).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194021
    Time elapsed: 3 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end)
    rKill log:
    Rkill 2.2.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/18/2012 09:34:12 PM in x64 mode.
    Windows Version: Windows 7
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks.
    * No issues found.
    Checking Windows Service Integrity:
    * AppMgmt [Missing Service]
    * CscService [Missing Service]
    * PeerDistSvc [Missing Service]
    * UmRdpService [Missing Service]
    Searching for Missing Digital Signatures:
    * No issues found.
    Program finished at: 08/18/2012 09:34:30 PM
    Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)
  8. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Running the aswMBR scan caused the computer to blue screen twice in normal mode, and freeze in safe mode, but here's the log!
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-18 22:00:31
    -----------------------------
    22:00:31.454 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:00:31.454 Number of processors: 4 586 0x100
    22:00:31.454 ComputerName: KATE-HP UserName: Kate
    22:00:32.640 Initialze error C0000061 - driver not loaded
    22:00:44.387 AVAST engine defs: 12081801
    22:00:50.658 Service scanning
    22:01:20.579 Modules scanning
    22:01:20.579 Disk 0 trace - called modules:
    22:01:20.579
    22:01:21.811 AVAST engine scan C:\Windows
    22:01:24.307 AVAST engine scan C:\Windows\system32
    22:07:57.147 AVAST engine scan C:\Windows\system32\drivers
    22:08:07.974 AVAST engine scan C:\Users\Kate
    22:09:31.387 The log file has been saved successfully to "C:\Users\Kate\Desktop\aswMBR.txt"
  9. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Your MBAM log says "No action taken".
    Re-run it, fix all issues and post new log.
  10. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Oops, sorry about that!

    New MBAM log:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.21.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kate :: KATE-HP [administrator]
    8/20/2012 8:24:39 PM
    mbam-log-2012-08-20 (20-24-39).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194219
    Time elapsed: 2 minute(s), 18 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
  11. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  12. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Alright here's the Combofix log:

    ComboFix 12-08-25.04 - Kate 08/26/2012 11:39:28.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3936 [GMT -5:00]
    Running from: c:\users\Kate\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-26 16:55 . 2012-08-26 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-18 15:06 . 2012-08-18 15:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-17 15:09 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-17 15:08 . 2012-08-18 14:49 -------- d-----w- c:\programdata\AVAST Software
    2012-08-17 15:08 . 2012-08-17 15:08 -------- d-----w- c:\program files\AVAST Software
    2012-08-15 12:59 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 12:59 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 12:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 12:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 12:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 12:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 12:59 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 12:59 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 12:59 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 12:59 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 12:59 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 12:59 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-15 04:20 . 2012-08-16 01:26 -------- d-----w- c:\windows\system32\drivers\NAVx64\1308000.00E
    2012-08-04 20:43 . 2012-08-04 20:43 -------- d-----w- c:\users\Kate\AppData\Roaming\Malwarebytes
    2012-08-04 20:43 . 2012-08-04 20:43 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-04 20:43 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-04 20:42 . 2012-08-04 20:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-04 18:31 . 2012-08-04 18:31 -------- d-----w- c:\programdata\Synaptics
    2012-08-04 16:56 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-08-04 16:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\windows\Sun
    2012-07-30 14:52 . 2012-07-30 14:52 111104 ----a-w- c:\programdata\Microsoft\Windows\DRM\71C0.tmp.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 13:48 . 2012-03-25 21:45 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-15 12:52 . 2012-04-28 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 12:52 . 2012-04-28 02:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-15 05:01 . 2012-04-14 22:37 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
    2012-06-09 05:43 . 2012-07-11 19:59 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 13:49 . 2012-06-06 13:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-11 19:59 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 19:59 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 20:00 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 19:59 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 19:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 20:00 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 20:06 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 20:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 20:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 20:06 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 20:06 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 20:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 20:06 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 20:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 20:06 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 19:59 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 19:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 19:59 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 19:59 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 19:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 19:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 19:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 19:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 19:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-08-18 3414680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-04-03 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/03 08:38;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2008-07-07 25600]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 213120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-22 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-03-21 52856]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
    S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 512672]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-04-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-15 204288]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1908520]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-15 10206208]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-07-19 1492992]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 12:52]
    .
    2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 14:29]
    .
    2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 14:29]
    .
    2012-08-23 c:\windows\Tasks\HPCeeScheduleForKATE-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-08-21 c:\windows\Tasks\HPCeeScheduleForKate.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-03 1128448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 207.69.188.186 207.69.188.187 192.168.1.1 207.69.188.186 207.69.188.187
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-07926646.sys
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,38,12,82,71,d1,
    a0,ac,a3,a0,0f,d9,e4,d6,18,c2,ac,da,e7
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,
    71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
    81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
    e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:e8,cf,5b,9f,56,72,cd,01
    .
    [HKEY_USERS\S-1-5-21-3477258794-1351377144-918994446-1001\Software\SecuROM\License information*]
    "datasecu"=hex:ee,5a,cb,fa,32,52,24,13,33,42,6e,02,e7,bd,6e,d4,f2,23,a1,17,4f,
    79,e2,27,fc,88,7e,cf,35,81,d7,f5,a7,63,e8,44,2d,46,b3,cf,89,00,d7,69,4e,f1,\
    "rkeysecu"=hex:1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92,33,8f,6f,e6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-26 12:26:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-26 17:25
    .
    Pre-Run: 522,950,709,248 bytes free
    Post-Run: 522,780,405,760 bytes free
    .
    - - End Of File - - 3886B78AC990FC1DA912B6726F9C2B4A
  13. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Looks good :)

    Any current issues?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Reopened.
  15. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Thanks! My computer has been working great - I really appreciate your help. When I try to download OTL from either location, once it completes the download, it says that there's no author/it's unsafe and deletes it automatically.
  16. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Disable your AV program momentarily.
  17. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Derp, I should've known that! Haha.
    OTL.txt
    OTL logfile created on: 9/8/2012 9:43:54 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Kate\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 63.54% Memory free
    10.96 Gb Paging File | 8.55 Gb Available in Paging File | 78.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.28 Gb Total Space | 489.58 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
    Drive D: | 14.59 Gb Total Space | 1.62 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
    Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

    Computer Name: KATE-HP | User Name: Kate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/08 21:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.exe
    PRC - [2012/09/05 07:08:59 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    PRC - [2012/09/05 07:06:38 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/08/04 10:12:19 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe
    PRC - [2012/04/03 08:33:27 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    PRC - [2011/03/30 14:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/05 07:06:36 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/09/05 07:06:25 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/09/05 07:06:25 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/09/05 07:06:25 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/09/05 07:06:25 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/03 08:26:15 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2012/04/03 08:26:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/04/02 01:06:22 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
    SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/09/07 13:40:02 | 001,908,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV - [2012/09/05 07:09:01 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/05 07:06:38 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
    SRV - [2012/03/21 16:03:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
    SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/24 21:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
    SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys -- (ccSet_NAV)
    DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/04/03 08:26:15 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/03/23 09:16:19 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/21 16:01:29 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/07/25 21:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/07/19 10:19:16 | 001,492,992 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/03/24 19:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/03/17 23:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
    DRV:64bit: - [2011/03/17 23:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 17:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/03/04 17:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/12/16 02:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 11:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/07/07 12:23:56 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
    DRV:64bit: - [2008/06/02 16:28:52 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
    DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2007/02/16 13:30:12 | 000,014,640 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2007/02/15 19:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV - [2012/09/08 18:24:15 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120908.009\ex64.sys -- (NAVEX15)
    DRV - [2012/09/08 18:24:15 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120908.009\eng64.sys -- (NAVENG)
    DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120907.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/08/09 01:08:40 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/08/09 01:08:40 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{F0C07441-FD14-4F34-9C4C-A673AFE4ADE0}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\..\SearchScopes\{F0C07441-FD14-4F34-9C4C-A673AFE4ADE0}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\..\SearchScopes\{F0C07441-FD14-4F34-9C4C-A673AFE4ADE0}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/03/22 08:34:28 | 000,000,000 | ---D | M]

    [2012/05/25 18:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kate\AppData\Roaming\Mozilla\Extensions

    O1 HOSTS File: ([2012/08/26 11:59:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3477258794-1351377144-918994446-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    O4 - HKU\S-1-5-21-3477258794-1351377144-918994446-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3477258794-1351377144-918994446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.186 207.69.188.187 192.168.1.1 207.69.188.186 207.69.188.187
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D0A4439-3525-4391-A92A-9549C69F05C6}: DhcpNameServer = 207.69.188.186 207.69.188.187 192.168.1.1 207.69.188.186 207.69.188.187
    O18:64bit: - Protocol\Handler\gcf - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/08 21:43:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.exe
    [2012/08/31 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\{F152EF22-9D46-438A-944C-AD0235B0B37C}
    [2012/08/26 18:43:56 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\{3EA3F98A-D980-4F1A-BEDB-CFCB870B3630}
    [2012/08/26 12:31:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/26 12:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/26 01:10:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/26 01:10:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/26 01:10:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/26 01:09:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/26 01:09:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/22 17:01:02 | 000,000,000 | ---D | C] -- C:\Users\Kate\AppData\Local\{8FD84EDF-9771-47BF-AF25-CF8D71A600C7}
    [2012/08/18 10:06:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/17 10:09:25 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/08/17 10:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/08/17 10:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/08 21:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/08 21:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kate\Desktop\OTL.exe
    [2012/09/08 21:40:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/08 20:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/08 18:28:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/08 18:13:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/06 14:27:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/06 14:27:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/06 14:23:54 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/06 14:23:54 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/06 14:23:54 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/06 14:19:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKATE-HP$.job
    [2012/09/06 14:19:10 | 117,624,831 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/05 07:05:43 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKate.job
    [2012/08/26 11:59:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/18 21:34:35 | 000,003,576 | ---- | M] () -- C:\{D065B8F2-E3E4-4902-8D58-6AEA30E1F1C6}
    [2012/08/17 10:09:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/08/16 23:05:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/08/16 09:00:06 | 001,425,732 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
    [2012/08/16 08:52:04 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/15 23:49:32 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/08/15 20:27:28 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2012/08/15 14:10:59 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
    [2012/08/10 00:49:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\isolate.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/26 01:10:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/26 01:10:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/26 01:10:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/26 01:10:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/26 01:10:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/18 21:34:35 | 000,003,576 | ---- | C] () -- C:\{D065B8F2-E3E4-4902-8D58-6AEA30E1F1C6}
    [2012/08/17 10:09:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/08/16 08:52:04 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/04/13 16:22:04 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/04/03 08:25:08 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2012/03/21 16:01:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/06/19 01:50:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/06/19 01:43:13 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/19 01:30:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/05/08 14:35:06 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
    [2011/03/21 21:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== LOP Check ==========

    [2012/06/14 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\.minecraft
    [2012/06/23 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Blio
    [2012/03/21 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\IDT
    [2012/08/18 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Origin
    [2012/06/23 22:26:41 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Smith Micro
    [2012/05/18 23:00:40 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Stardock
    [2012/03/21 14:02:00 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Synaptics
    [2012/05/08 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\WebApp
    [2012/04/25 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Windows Live Writer
    [2012/06/17 15:20:34 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
  18. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Extras.txt
    OTL Extras logfile created on: 9/8/2012 9:43:56 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Kate\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 63.54% Memory free
    10.96 Gb Paging File | 8.55 Gb Available in Paging File | 78.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.28 Gb Total Space | 489.58 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
    Drive D: | 14.59 Gb Total Space | 1.62 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
    Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

    Computer Name: KATE-HP | User Name: Kate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{115ABA4F-2C70-44C4-8218-82F140BA2B1D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2B89CE94-EDCA-45CA-89F3-FE1DF8E7858D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{38D8EA49-73DC-4DD3-A38A-D02F5EBE0B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4AF04108-C535-4AEE-BEB4-83D303951629}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5B6B5C94-9FD0-4315-B0EB-74D7038BFAD0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6DA41672-64AC-479C-9A89-897B645C5AA2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6E34211C-B178-4DEF-A09D-C49DD5783613}" = rport=445 | protocol=6 | dir=out | app=system |
    "{73CADEB9-4BDC-4470-AFD2-A18860A02ABA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
    "{7976FE84-2688-4064-BFA2-81220A08F0EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{79C45ED7-3AAE-4DEE-931F-0F87D2D11BF0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7ED27DEB-4FFC-4757-B05C-E7C7416EED3E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8392DBD4-F1DF-4E3D-A7FF-FAA72DF1F433}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{87E522E9-71C3-4D23-86E4-8321112ACFEA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8D217363-CCD6-4863-AEE8-2D015EEB9F41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{982AB19D-1D01-452C-BCD1-97E0C2C46EB3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{985175E6-A026-438B-B778-D4D451BE459D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9D27B3ED-AB56-41E2-8D0B-D10415FD7AFD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{A2899368-8553-41E0-837D-9BE721CBE3E3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A87A1A74-1EE5-4A41-907E-E130D446B44A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AB3789FE-E70D-46E1-A010-FB10FF20147F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{AFA286FF-31B6-450A-9A62-94F03F89EAB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B092ADDC-994C-4EC2-B066-4D38D3BF0516}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C9AAAF55-D9B8-4F70-8C16-E5554E429BAB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{CA6437C9-4753-4187-830A-8C16B29FE433}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E0846A0A-4744-49E1-B3C3-59BF2293D50B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{E9E2DADA-8005-484F-AE29-85E8F8A2C2A1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F4382E6D-2BB2-46E7-81E0-0DCAD09E0107}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04274BD5-5B8C-498D-A6EE-A4CD51525BF4}" = protocol=6 | dir=out | app=system |
    "{0D774822-8CF5-411F-A3D8-83A295CF88F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{0F504EF4-6121-4FA5-B177-1CD8B292E924}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{13AA9051-E22C-4EE3-A49D-F1FFA50654BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{1790E191-52F6-43EE-A75E-719DB5D5C6DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{18EFABBF-C982-4488-A4F3-F7BB07626F70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1A412D6D-8813-4D9C-9D11-01CAC1EF4BF4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{20BDC8E9-0FBD-4E2C-9382-B8908862B386}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{27A05AD9-D1C9-497D-8CC3-CD2A72972814}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{28019E07-E127-44E5-8499-F42872FA7CD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{28374832-264C-446F-BA0B-3674451BB0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{2ADC6FBA-A101-4D41-85E3-6798A01BB6FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{344334A4-F029-4ADB-A1E0-B105380A2C91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{38C69AA8-BCBA-48B7-89FA-7C51E0500C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{3D345BB7-E713-4D00-A0D8-72507956A68C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{4A5EF358-A557-4579-A63D-EF224E40833F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{4A8DF13F-C212-4F1C-93A4-36A7E16A76A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{565797F8-6C30-40E5-A85F-A4F9AC5307B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{5CFAC560-FCF4-411B-91CF-2143B3810B0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{5DF827C8-2DB1-4EF5-AD5B-6C1EEFFEF404}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6005ED06-B3F5-4004-B698-C9DB9DF1DE99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{605014CC-6E4C-4A88-92B0-198230D37C50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{608627BE-6E83-49DC-814D-611A65D5185B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{62799C0F-99AD-48A8-A2FB-5754D8237463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62C24B00-8899-4743-BFFB-40C523641F80}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{69B18A3E-4BC7-4E7C-A6C8-B1415F88C709}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{6A086F31-0845-4D59-9C70-32F272A42CA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6D7A819F-75D3-4F18-AED0-B5B267D7E06D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{82298C4E-5BDD-487F-9632-0E0AA8E2F177}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{85741420-BDF5-4228-8756-8E918A139E5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{86E29B86-C084-42C0-9BA5-438F869C571B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8795764E-D3C4-4C1D-BDD2-3D0038C1E260}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9C344266-E5B1-4BB6-B1A2-4E2297326C30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A1C8C4A6-CBBD-410B-B283-522A04C2E677}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A659C913-5957-4B68-ADA4-BD31935416A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{A80FDAF0-0D39-4224-B2AC-AEBE80329FF3}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
    "{A8C02C1A-5F2F-4CDE-89D0-3CA704240F82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A950C298-7773-4496-82A1-90EF82884B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AD1D3E24-B332-4CAF-B1D6-38AC8609A0DC}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{B8B79CA5-E662-4F53-B7FF-66C38E7AFC1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{BD14A633-F297-42F1-B323-D774F22574F0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{C1FE8AEF-E162-46D7-BC35-BDC38A9CC380}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{CE90F2C4-F4F2-4352-8253-15FA5B2C11C8}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{DCA110F0-3778-42BA-BFA4-BC8F129155CD}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
    "{E050A7BF-D9F8-48DF-A9F1-951B8A757A38}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{E2761349-1AED-4F5D-A9FE-24F8338BDB77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3DCD05C-850D-4141-B917-26E90A46D024}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E4C046EA-1120-4553-BE74-0C8D644512D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{E81ABFF8-B8E3-45B9-BB5B-8869F55E8D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{EC0D2A58-3DA8-43E9-925B-B80030F47CED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F44D46F4-81A1-4082-8883-ADA97026540F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FB8AC52C-E5BC-40F9-B871-9CB3B6DDF15A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{FB90024E-A1E6-498E-84C0-EF5D1C83F817}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{26AF7BC7-DB35-B7C5-3169-29BC62835C48}" = AMD Fuel
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{71F13BA8-96D0-F281-6473-196A5842C6CF}" = ccc-utility64
    "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{942836D4-5395-652B-F1E8-A7C5B039910C}" = ATI Catalyst Install Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CB1A2FE6-2BDF-DECC-C91B-4E5FFD59C5D6}" = WMV9/VC-1 Video Playback
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics TouchPad Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D1B9D71-7EB6-70DA-DB23-E14F59A14E1D}" = AMD VISION Engine Control Center
    "{0DC33570-D9E6-9189-7143-612F34DC317B}" = CCC Help Danish
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{0F69006A-CD2F-4C12-A786-C659C8F98423}" = Catalyst Control Center - Branding
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{15822027-43D3-C69F-40EF-2AF83AA781AA}" = CCC Help English
    "{1990DE06-9769-46E7-8B9E-1631165F2859}" = TurboTax 2011 wneiper
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1D04A14D-6C97-19C1-CA9D-FDDE5EAE1026}" = CCC Help Chinese Standard
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
    "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B37E43D-10AB-9D24-7234-31929A3A7D11}" = CCC Help German
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33530062-0419-71CE-3BD3-13D7D5E4C7DE}" = CCC Help French
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{388A15E4-7507-CD40-4DBA-F78B4BBEB56E}" = CCC Help Japanese
    "{448B78CF-4A52-191D-1436-54D039B382DB}" = CCC Help Spanish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
    "{521FA973-C4C9-249D-5CF6-0A6F7B18F7DC}" = CCC Help Greek
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5ED3BAF3-DA06-038D-F21E-AB35404626D4}" = CCC Help Dutch
    "{60C44315-A107-D3F6-B868-52AC0481ED6B}" = CCC Help Finnish
    "{6522241B-09FE-B16D-0E23-9485424507EB}" = CCC Help Korean
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
    "{6A061262-C2B2-78E2-9BF8-32D3BDD68C43}" = Catalyst Control Center InstallProxy
    "{6B075E9F-4D23-0883-F66C-C698E949CD90}" = Catalyst Control Center Graphics Previews Common
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78B55A60-5E51-11D4-A766-00C00C02EDEF}" = Nancy Drew: Message in a Haunted Mansion
    "{794A3AB9-DB12-1115-33B2-29C5DDD1DCD4}" = CCC Help Chinese Traditional
    "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
    "{7BA20EF6-AE4E-4408-B083-7AE999E92D73}" = VZAccess Manager for Novatel
    "{803E2C5C-E39B-BEBA-4046-6C0CF7695DA4}" = CCC Help Hungarian
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9325A80A-C2B4-141E-952E-30589770A79B}" = CCC Help Turkish
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7393DB5-6CAB-70A7-4A5E-C96AF518858A}" = Catalyst Control Center Localization All
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C1C43BC8-2460-4E01-9628-332E04523BDC}" = HP Documentation
    "{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor
    "{C3579810-5AC8-545D-089D-6735792490B5}" = CCC Help Thai
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C915103C-F9E5-8989-233C-367DCFB07652}" = CCC Help Italian
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE8EF688-BD0E-29E2-3472-E23CC6AB0C98}" = CCC Help Polish
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D811186E-06BC-F7D3-E10B-4C7450F88611}" = CCC Help Swedish
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
    "{E45832B8-C3E6-C26B-A038-4599DCAC1F17}" = CCC Help Norwegian
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F023440E-6D03-1AB2-1414-27A62074556C}" = CCC Help Portuguese
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
    "{F7A9EFFB-F905-FA4D-A431-06B1E0A5EE5A}" = CCC Help Czech
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FD8966E8-8227-9180-51D2-F1C75D3222B8}" = CCC Help Russian
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "EasyBits Magic Desktop" = Magic Desktop
    "Google Chrome Frame" = Google Chrome Frame
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Nancy Drew: Message in a Haunted Mansion" = Nancy Drew: Message in a Haunted Mansion
    "NAV" = Norton AntiVirus
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 620" = Portal 2
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "TurboTax 2011" = TurboTax 2011
    "VLC media player" = VLC media player 2.0.0
    "Wacom Tablet Driver" = Wacom Tablet
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087415" = Wheel of Fortune 2
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3477258794-1351377144-918994446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    Error - 7/10/2012 3:06:52 PM | Computer Name = Kate-HP | Source = ATIeRecord | ID = 16398
    Description = ATI EEU failed to post message to CCC

    [ Hewlett-Packard Events ]
    Error - 5/7/2012 10:13:36 PM | Computer Name = Kate-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/0b5ccf9b_75ef_4655_b4d1_06ccb31cc340/q7arkuoarjnuetyjjrrxmudm_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 5610 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

    Error - 5/16/2012 1:20:47 AM | Computer Name = Kate-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/16/2012 1:30:28 AM | Computer Name = Kate-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/16/2012 10:17:56 PM | Computer Name = Kate-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2147024864 at System.IO.__Error.WinIOError(Int32 errorCode,
    String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String
    destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
    sourcePath) Message: The process cannot access the file 'C:\ProgramData\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSAActionItems.xml' because it is being
    used by another process. StackTrace: at System.IO.__Error.WinIOError(Int32 errorCode,
    String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String
    destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
    sourcePath) Source: mscorlib Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM:
    5610 Ram Utilization: TargetSite: Void WinIOError(Int32, System.String)

    [ HP Connection Manager Events ]
    Error - 8/18/2012 11:10:19 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/18 10:10:19.302|000001D8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 8/20/2012 11:53:38 PM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/20 22:53:38.042|00001384|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 8/20/2012 11:53:41 PM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/20 22:53:41.877|00001384|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 8/27/2012 8:04:04 PM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/27 19:04:04.129|00001064|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 8/27/2012 8:04:05 PM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/27 19:04:05.002|00001064|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 8/28/2012 12:38:25 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/08/27 23:38:25.054|00000ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 9/5/2012 1:37:44 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/09/05 00:37:44.571|000018C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 9/5/2012 1:37:56 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/09/05 00:37:56.661|000018C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 9/6/2012 12:26:21 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/09/05 23:26:21.088|00001B84|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 9/6/2012 12:26:22 AM | Computer Name = Kate-HP | Source = hpCMSrv | ID = 5
    Description = 2012/09/05 23:26:22.897|00001B84|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    [ HP Software Framework Events ]
    Error - 8/26/2012 12:21:59 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/26 11:21:59.526|000014DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/26/2012 1:33:36 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/26 12:33:36.508|000006CC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/27/2012 4:19:22 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/27 15:19:22.631|000019A4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/27/2012 9:31:26 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/27 20:31:26.215|00000C90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/27/2012 11:56:54 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/27 22:56:54.308|00001970|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/27/2012 11:58:33 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/27 22:58:33.632|00001D00|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 8/28/2012 3:37:40 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/08/28 14:37:40.632|0000156C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/3/2012 11:58:42 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/03 22:58:42.920|00001CA8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/5/2012 8:08:33 AM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/05 07:08:33.523|00001904|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/6/2012 3:23:00 PM | Computer Name = Kate-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/06 14:23:00.908|00000454|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ System Events ]
    Error - 8/26/2012 12:57:22 PM | Computer Name = Kate-HP | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 8/26/2012 12:59:30 PM | Computer Name = Kate-HP | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%31

    Error - 8/26/2012 8:57:01 PM | Computer Name = Kate-HP | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 8/27/2012 6:34:40 PM | Computer Name = Kate-HP | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 8/28/2012 11:58:10 PM | Computer Name = Kate-HP | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 9/1/2012 9:33:07 AM | Computer Name = Kate-HP | Source = Service Control Manager | ID = 7034
    Description = The Google Update Service (gupdate) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/1/2012 9:33:37 AM | Computer Name = Kate-HP | Source = DCOM | ID = 10010
    Description =

    Error - 9/4/2012 7:44:54 PM | Computer Name = Kate-HP | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 9/5/2012 8:07:40 AM | Computer Name = Kate-HP | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 9/5/2012 8:07:40 AM | Computer Name = Kate-HP | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053


    < End of report >
  19. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Security Check:
    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.0
    Java(TM) 6 Update 31
    Java(TM) 7 Update 4
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Norton AntiVirus Engine 19.8.0.14 ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS:
    Farbar Service Scanner Version: 06-08-2012
    Ran by Kate (administrator) on 11-09-2012 at 14:58:43
    Running from "C:\Users\Kate\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  21. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Adw Cleaner:
    # AdwCleaner v2.001 - Logfile created 09/11/2012 at 15:02:51
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Kate - KATE-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Kate\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****
    Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKU\S-1-5-21-3477258794-1351377144-918994446-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [4226 octets] - [11/09/2012 15:02:51]
    ########## EOF - C:\AdwCleaner[R1].txt - [4286 octets] ##########
  22. Broni

    Broni Malware Annihilator Posts: 45,217   +243

  23. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    It's coming! I had to run off to a lecture before it finished. Thank you for your help again :)
  24. Katherine4422

    Katherine4422 Newcomer, in training Topic Starter Posts: 18

    Alright, Eset provided no log.
  25. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ====================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    =============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.