Jump to content

paphofo

Honorary Members
 View Profile  See their activity

  • Posts

    51

  • Joined

  • Last visited

 Content Type 

Everything posted by paphofo

  1. paphofo
    Ok I completed the first part, but ran in to trouble with the second half when troubleshooting the windows update error code 80070643. I started with the first link, and the first option given under "resolution," "Method 1: Fix MSI software update registration corruption issue." I ran microsoft fix it 50123, and tried to run microsoft update. The update had 8 important updates. When I ran it, it went through to 8 out of 8 updates, but I received the message that "some updates were not installed" with 8 important updates left to install. In the samet article, method 2- repair .NET framework would not open to text. Under "more information," I started with method 1. I ran microsoft fixit 50202, however the microsof update ran into the same problem as before. Then I tried method 2- manually download the update and install in clean boot mode. I followed the instructions and had no success running microsoft update again. Under additional information, I used the link to "How to enable Microsoft installer logging and Verbose loggingto gather additional troubleshooting information. I used fixit 50473 and received the message that this does not apply to this system. I did not manually alter the registery and did not update Microsoft Security Essentials definitions, which were both options in the article. Next, using the second link provided by you, I clicked the .NET Framework link, and it returned me to the site of the first link. So nothing has really changed on the windows update. I can manually edit the registry if you advise me to. I just wanted to be cautious about it.
  2. paphofo
    Farbar Service Scanner Version: 06-08-2012 Ran by Greg (administrator) on 25-08-2012 at 08:58:56 Running from "C:\Users\Greg\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll". Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  3. paphofo
    I also got a BSOD when restarting windows after running regedit, reading "invalid kernel handle..."
  4. paphofo
    7/16 important updates were installed. I got the following error codes: 80070643, 8007A91, 8007007E.
  5. paphofo
    I attempted deleting temporary firefox files, and receieved a BSOD for about 1 second before my computer restarted, so I was unable to write down anything. I then ran Fixit 50202 default and received the message "Service BITS failed to start. Verify that you have sufficient priveleges to start system service." I hit try again, and the same outcome repeated. I then ran Fixit 50202 aggressive and received the same message. When I ran windows update there wer 16 important updates that I tried to install, and I received an error (code 80246008- unknown error).
  6. paphofo
    I restarted, and DSKCHK ran what seemed like twice. Since then, my computer has not had many symptoms. The only issue is that I am not able to access this website via Firefox. The malwarebytes.org address will not load, and when I attempted to respond by coming directly to this thread's URL, I was not able to type anything in the text box. I am currently responding via Internet Explorer. Otherwise, I have no symptoms from the system.
  7. paphofo
    Recently when I've been rebooting, I've been receiving a screen (I've attached a photo). I have been hitting spacebar to skip the process because the times that I have not, My computer has invariably frozen and has not booted up. I ran combofix, it wen through all of it's processes and rebooted. I received the message like always and skipped. Upon reboot, the combofix window came up again, but no processes ran and no text file was created. I remained infinitely patient, but after about a half hour, nothing had changed. Since combofix had failed for me multiple times, I closed the window. I then went through start>computer, and "searched computer" for combofix, where I located the combofix.txt file. I apologize if I did anything wrong, but combofix said that it should take ten to twenty minutes. I've attached the combofix.txt file. Other than the screen at reboot, my computer is running alright. I use firefox to come here only and have not done any web browsing, but I have not received any more popups recently. I used to get popup tabs even when just coming here. Thank you for your work thus far. Please let me know how to proceed. ComboFix.txt
  8. paphofo
    Combofix ran successfully! Below is the log, and below that is the Rkill log. ComboFix 12-08-21.02 - Greg 08/21/2012 17:18:31.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6149 [GMT -7:00] Running from: C:\Users\Greg\Desktop\ComboFix.exe Command switches used :: C:\Users\Greg\Desktop\ComboFix.exe * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\svchost.exe ((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 ))))))))))))))))))))))))))))))) 2012-08-22 00:29:45 . 2012-08-22 00:29:45 -------- d-----w- C:\Users\Public\AppData\Local\temp 2012-08-22 00:29:45 . 2012-08-22 00:29:45 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-08-21 01:35:39 . 2012-08-21 01:35:51 -------- d-----w- C:\Program Files\trend micro 2012-08-21 01:35:38 . 2012-08-21 01:35:54 -------- d-----w- C:\rsit 2012-08-21 01:20:31 . 2012-08-21 01:20:31 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-18 18:28:17 . 2012-08-18 18:28:26 -------- d-----w- C:\FRST 2012-08-16 00:21:59 . 2012-08-16 00:21:59 -------- d-----w- C:\found.000 2012-08-15 03:14:27 . 2012-08-22 00:32:29 -------- d-----w- C:\Windows\system32\wbem\repository 2012-08-14 02:25:18 . 2012-08-14 02:25:30 -------- d-----w- C:\Program Files (x86)\ERUNT 2012-08-02 01:20:21 . 2012-08-02 01:20:35 -------- d-----w- C:\Program Files\iTunes 2012-08-02 01:20:21 . 2012-08-02 01:20:35 -------- d-----w- C:\Program Files (x86)\iTunes 2012-08-02 01:20:21 . 2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iPod 2012-07-27 20:51:30 . 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 . 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) ----------------------------------------------------------------------------------------------------------------- Rkill 2.3.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/21/2012 05:08:11 PM in x64 mode. Windows Version: Windows 7 Service Pack 1 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks. * Windows Firewall Disabled [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = dword:00000000 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * BFE (BFE) is not Running. Startup Type set to: Manual * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * BITS [Missing Service] * CscService [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * PeerDistSvc [Missing Service] * UmRdpService [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] * BFE => . [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Program finished at: 08/21/2012 05:08:25 PM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
  9. paphofo
    info.txt logfile of random's system information tool 1.09 2012-08-20 18:35:54 ======Uninstall list====== 64 Bit HP CIO Components Installer-->MsiExec.exe /I{9F560BEB-021F-43AC-825F-AA60442D8DE4} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -maintain plugin Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}\setup.exe -runfromtemp -l0x0409 Amazon MP3 Downloader 1.0.15-->C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe Amazon MP3 Uploader-->msiexec /qb /x {9E051993-7665-FE91-148D-3B0855E57F70} Amazon MP3 Uploader-->MsiExec.exe /I{9E051993-7665-FE91-148D-3B0855E57F70} Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265} Apple Mobile Device Support-->MsiExec.exe /I{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B} Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66} ASUS AI Recovery-->MsiExec.exe /I{D39F0676-163E-4595-A917-E28F99BBD4D2} ASUS FancyStart-->MsiExec.exe /I{2B81872B-A054-48DA-BE3B-FA5C164C303A} ASUS FancyStart-->MsiExec.exe /I{C944B4C5-1C4D-4D95-8AC0-7CEF13914131} ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9 ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA} ASUS Secure Delete-->MsiExec.exe /I{761C6783-D3BC-48AB-8E7C-61CE918A8436} ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D} ASUS U Series ScreenSaver-->C:\Windows\ASUS U Series ScreenSaver Uninstaller.exe ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1} ASUS WebStorage-->C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe AsusVibe2.0-->C:\Program Files (x86)\Asus\AsusVibe\unins000.exe ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} Business Contact Manager for Microsoft Outlook 2010-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {29F41953-2103-4EF2-8328-AD0EA7480D80} Business Contact Manager for Microsoft Outlook 2010-->MsiExec.exe /X{29F41953-2103-4EF2-8328-AD0EA7480D80} Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544} Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3} Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B} CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{A78ECBF0-BA6F-49DC-A12E-188875F8B0A4}" "1033" "0" ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" ETDWare PS/2-X64 8.0.5.0_WHQL-->%ProgramFiles%\Elantech\ETDUn_inst.exe Fast Boot-->MsiExec.exe /I{13F4A7F3-EABC-4261-AF6B-1317777F0755} Free Mp3 Wma Converter V 2.2-->"C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe" Fresco Logic USB3.0 Host Controller-->MsiExec.exe /X{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA} Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4} Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66} Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710} Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E} Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} gPad Server 2.0 2.0.0-->C:\Program Files (x86)\gPadServer\uninstall.exe HP Customer Participation Program 8.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr40.exe -datfile hpqhsc01.dat HP Deskjet All-In-One Software 8.0-->C:\Program Files (x86)\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr40.exe -datfile hposcr12.dat HP Imaging Device Functions 8.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr40.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Solution Center 8.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr40.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3} HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} Intel PROSet Wireless-->Intel PROSet Wireless Intel PROSet Wireless-->Intel PROSet Wireless Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed-->MsiExec.exe /I{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1} Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{3C41721F-AF0F-4086-AA1C-4C7F29076228} Intel® Turbo Boost Technology Monitor-->MsiExec.exe /X{39F4C6F9-618A-4E5B-8FB2-6BD661174E32} Intel® WiDi-->MsiExec.exe /X{25680C01-6753-4FE9-A891-7857F26457C1} iTunes-->MsiExec.exe /I{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9} Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280} Microsoft IntelliPoint 8.2-->msiexec.exe /I {624C7F0A-89B2-4C49-9CAB-9D69613EC95A} Microsoft IntelliPoint 8.2-->MsiExec.exe /X{624C7F0A-89B2-4C49-9CAB-9D69613EC95A} Microsoft Lync 2010-->MsiExec.exe /X{81BE0B17-563B-45D4-B198-5721E6C665CD} Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-1000-0000000FF1CE}" "{B51389C8-2890-4633-81D8-47D2A7402274}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-1000-0000000FF1CE}" "{1779650B-2E44-4A19-8DF6-3866D645764A}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-1000-0000000FF1CE}" "{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0409-1000-0000000FF1CE}" "{FCD1C311-8B02-4DBD-BA46-1079C629577E}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1033" "0" Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-1000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-1000-0000000FF1CE} Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-1000-0000000FF1CE} Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-1000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-1000-0000000FF1CE} Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-1000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-1000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-1000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-1000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE} Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-1000-0000000FF1CE} Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-1000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-1000-0000000FF1CE} Microsoft Office Shared 32-bit MUI (English) 2010-->MsiExec.exe /X{90140000-0043-0409-1000-0000000FF1CE} Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-1000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-1000-0000000FF1CE} Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-1000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1} Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804} Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{BA4DA261-CB60-4690-B202-44998DFC6986} Microsoft SQL Server 2008-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 Microsoft SQL Server 2008-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)-->MsiExec.exe /X{79CC7D89-6A9B-4193-99D5-1A967D2C19EE} Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nuance PDF Reader-->MsiExec.exe /X{B480904D-F73F-4673-B034-8A5F492C9184} QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly SceneSwitch-->MsiExec.exe /I{5172E572-C175-4F80-A6D5-5CB45826AD61} Secure Download Manager-->MsiExec.exe /I{C28422FB-F2CD-427A-ADED-9F281745CDB2} Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{B8512624-C19C-49C0-ABFB-572ADF5F4972}" "1033" "0" Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{741FC2CB-0725-4040-AC28-FC52F8EAF279}" "1033" "0" Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{60D36F66-083C-4966-B7AC-A8DD0E5558C5}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{0F6C4F72-6084-437B-9B35-F59B09E3C1B0}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7C04E5C7-C747-43DE-B648-09B97811D93E}" "1033" "0" Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{297E6E47-5F6E-4DD8-B880-75944B5C1C7C}" "1033" "0" Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{2B4B504B-6620-4FFD-94CB-3D640AB3FCD2}" "1033" "0" Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{3E112FB8-14E5-4088-80AC-574FC376BCFE}" "1033" "0" Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1033" "0" Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1033" "0" Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C37E7477-0E37-465F-81B8-6085454CFEE2}" "1033" "0" Service Pack 1 for SQL Server 2008 (KB968369)-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances /x86 Songbird 1.10.2 (Build 2199)-->"C:\Program Files (x86)\Songbird\Songbird-Uninstall.exe" Sonic Focus-->MsiExec.exe /I{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F} Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7} syncables desktop SE-->MsiExec.exe /X{341697D8-9923-445E-B42A-529E5A99CB7A} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1033" "0" Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1033" "0" Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1033" "0" Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1033" "0" Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1033" "0" Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}" "1033" "0" Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{4EB7D2FF-CC3E-4FC1-B4DB-CE3DCCCC8559}" "1033" "0" Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-1000-0000000FF1CE}" "{DC366AAD-10AA-4FB2-9D17-5DA0A4E76477}" "1033" "0" Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-1000-0000000FF1CE}" "{CC54F5F1-51C0-4038-B3B0-42F1DCA806C4}" "1033" "0" Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1033" "0" Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-1000-0000000FF1CE}" "{D9CF6D64-9342-4C83-A9C1-F45DE139F2A7}" "1033" "0" Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1033" "0" Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1033" "0" Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1033" "0" Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1033" "0" Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-1000-0000000FF1CE}" "{8D07F876-D93A-4CF7-B801-1D41AB2BF60B}" "1033" "0" Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1033" "0" Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1033" "0" Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{B807DD44-0A98-4CAA-98E5-93DAB3B84703}" "1033" "0" Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{ABC643B5-0ADF-4511-B521-D99D9A822AD2}" "1033" "0" Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{4C975BB2-B3EE-4F66-A8E7-5C917B7C439D}" "1033" "0" Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7861C766-2AA2-4A50-AB75-A57D451CEA76}" "1033" "0" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84} Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E} Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live Family Safety-->MsiExec.exe /I{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC} Windows Live Family Safety-->MsiExec.exe /I{289809B1-078A-49F3-83D0-7E51715B3915} Windows Live Family Safety-->MsiExec.exe /I{3946328A-5B3A-434C-A22B-64CF6652FBAD} Windows Live Family Safety-->MsiExec.exe /I{401C50F6-B443-43EE-8F27-A80DB19B03FD} Windows Live Family Safety-->MsiExec.exe /I{911519EB-BD75-4B3B-BD17-BA3747C9B854} Windows Live Family Safety-->MsiExec.exe /I{FE4BE0BD-1EDB-4D24-9614-847B3C472887} Windows Live Family Safety-->MsiExec.exe /X{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B} Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11} Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E} Windows Live Mail-->MsiExec.exe /I{753F0A72-59C3-41CE-A36A-F2DF2079275C} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C} Windows Live Mail-->MsiExec.exe /I{A0B91308-6666-4249-8FF6-1E11AFD75FE1} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{2C865FB0-051E-4D22-AC62-428E035AEAF0} Windows Live Mesh-->MsiExec.exe /I{588CE0C0-860B-49A8-AFCF-3C69465B345F} Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678} Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7} Windows Live Messenger-->MsiExec.exe /X{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01} Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B} Windows Live Messenger-->MsiExec.exe /X{4A275FD1-2F24-4274-8C01-813F5AD1A92D} Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660} Windows Live Messenger-->MsiExec.exe /X{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D} Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE} Windows Live Movie Maker-->MsiExec.exe /X{6CB36609-E3A6-446C-A3C1-C71E311D2B9C} Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} Windows Live Movie Maker-->MsiExec.exe /X{903EDF14-4E28-4463-AA5E-4AEE71C0263B} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071} Windows Live Photo Common-->MsiExec.exe /X{000F2A10-9CDF-47BF-9CF2-9AC87567B433} Windows Live Photo Common-->MsiExec.exe /X{29373E24-AC72-424E-8F2A-FB0F9436F21F} Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB} Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{206BD2C5-DE08-4577-A0D7-D441A79D5A3A} Windows Live Remote Client Resources-->MsiExec.exe /I{692CCE55-9EAE-4F57-A834-092882E7FE0B} Windows Live Remote Client Resources-->MsiExec.exe /I{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99} Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Windows Live Remote Client Resources-->MsiExec.exe /I{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116} Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67} Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4} Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Windows Live Remote Service Resources-->MsiExec.exe /I{A679FBE4-BA2D-4514-8834-030982C8B31A} Windows Live Remote Service Resources-->MsiExec.exe /I{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90} Windows Live Remote Service Resources-->MsiExec.exe /I{FAA3933C-6F0D-4350-B66B-9D7F7031343E} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF} Windows Live UX Platform Language Pack-->MsiExec.exe /I{368BEC2C-B7A2-4762-9213-2D8465D533CA} Windows Live UX Platform Language Pack-->MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218} Windows Live UX Platform Language Pack-->MsiExec.exe /I{D299197D-CDEA-41A6-A363-F532DE4114FD} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194} Windows Live Writer Resources-->MsiExec.exe /X{6807427D-8D68-4D30-AF5B-0B38F8F948C8} Windows Live Writer Resources-->MsiExec.exe /X{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040} Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC} Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F} Windows Live Writer-->MsiExec.exe /X{317D56AC-0DB3-48F5-929A-42032DAC9AD7} Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F} Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Windows Live Writer-->MsiExec.exe /X{E62E0550-C098-43A2-B54B-03FB1E634483} Windows Live 影像中心-->MsiExec.exe /X{EEF99142-3357-402C-B298-DEC303E12D92} Windows Live 照片库-->MsiExec.exe /X{7B982EBD-D017-4527-BF1A-FC489EC6B100} Windows Live 程式集-->MsiExec.exe /I{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB} Windows Live 软件包-->MsiExec.exe /I{03241D8D-2217-42F7-9FCB-6A68D141C14D} Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} Wireless Console 3-->MsiExec.exe /I{8150221C-8F7E-4997-AD4E-AFDEE7F4B410} 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)-->MsiExec.exe /I{F992409C-9D10-4AE2-BAEB-B5409AD3785E} 適用遠端連線的 Windows Live Mesh ActiveX 控制項-->MsiExec.exe /I{622DE1BE-9EDE-49D3-B349-29D64760342A} ======System event log====== Computer Name: Bob Event Code: 37 Message: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. Record Number: 35239 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20120416173041.335016-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Bob Event Code: 37 Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. Record Number: 35238 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20120416173041.225816-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Bob Event Code: 37 Message: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. Record Number: 35237 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20120416173041.116616-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Bob Event Code: 37 Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. Record Number: 35236 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20120416173041.007416-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Bob Event Code: 3002 Message: Record Number: 35225 Source Name: Microsoft Antimalware Time Written: 20120416172936.000000-000 Event Type: Error User: =====Application event log===== Computer Name: Frank Event Code: 10005 Message: Product: iTunes -- This iTunes installer is intended for 32-bit versions of Windows. Please download and install the 64-bit iTunes installer instead. Record Number: 1710 Source Name: MsiInstaller Time Written: 20111010021031.000000-000 Event Type: Error User: BOB\Greg Computer Name: Frank Event Code: 513 Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Trend Micro TDI Driver. System Error: The system cannot find the file specified. . Record Number: 1700 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111010014043.636087-000 Event Type: Error User: Computer Name: Frank Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-361652323-931365113-2029874430-1000: Process 600 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000 Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000 Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000 Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000 Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Record Number: 1605 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20111009234726.179167-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Frank Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 380) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 1562 Source Name: Microsoft-Windows-RPC-Events Time Written: 20111009234446.693060-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: Frank Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1559 Source Name: Microsoft-Windows-Search Time Written: 20111009234432.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: Bob Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: BOB$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Greg Account Domain: BOB Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 11044 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111201180113.758308-000 Event Type: Audit Success User: Computer Name: Bob Event Code: 5061 Message: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: BOB$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {1C658B3C-ADF5-4C1B-91CE-1560F02ABC58} Key Type: Machine key. Cryptographic Operation: Operation: Open Key. Return Code: 0x0 Record Number: 11043 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111201180040.015448-000 Event Type: Audit Success User: Computer Name: Bob Event Code: 5058 Message: Key file operation. Subject: Security ID: S-1-5-18 Account Name: BOB$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: {1C658B3C-ADF5-4C1B-91CE-1560F02ABC58} Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\024cf6b01063ff1a03efc7240ce6326a_206ef902-b43e-4037-95a8-c7489ffb6d95 Operation: Read persisted key from file. Return Code: 0x0 Record Number: 11042 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111201180040.015448-000 Event Type: Audit Success User: Computer Name: Bob Event Code: 5061 Message: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6b6fe468-9e4d-4678-afe5-e9f73a496cce Key Type: Machine key. Cryptographic Operation: Operation: Open Key. Return Code: 0x0 Record Number: 11041 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111201180025.258022-000 Event Type: Audit Success User: Computer Name: Bob Event Code: 5058 Message: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: 6b6fe468-9e4d-4678-afe5-e9f73a496cce Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bc7d0e686c80dba8ec35905bf709301_206ef902-b43e-4037-95a8-c7489ffb6d95 Operation: Read persisted key from file. Return Code: 0x0 Record Number: 11040 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111201180025.258022-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "configsetroot"=%SystemRoot%\ConfigSetRoot "asl.log"=Destination=file "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  10. paphofo
    Logfile of random's system information tool 1.09 (written by random/random) Run by Greg at 2012-08-20 18:35:38 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 155 GB (54%) free of 286 GB Total RAM: 8103 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:35:51 PM, on 8/20/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\gPadServer\gPadServer.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\Greg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.creighton.edu/students/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe O4 - Startup: Dropbox.lnk = Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE O4 - Startup: gPadServer.lnk = C:\Program Files (x86)\gPadServer\gPadServer.exe O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: FancyStart daemon.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: BFE - Unknown owner - C:\Windows\. O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14717 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService "C:\Windows\system32\FBAgent.exe" C:\Windows\system32\WLANExt.exe 29038112 \??\C:\Windows\system32\conhost.exe "809145581-162835197-8012001613602878292060880527618512567-20428385151343828222 "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe" "C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe" taskeng.exe {35B4E8F5-6C57-415C-A9A2-E6E756A7025D} C:\Windows\System32\spoolsv.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c taskeng.exe {F4C34468-09F2-40C7-9765-69A07F36D218} "taskhost.exe" "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" "C:\Program Files\P4G\BatteryLife.exe" "C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe" "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe" "C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe" "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Intel\TurboBoost\TurboBoost.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ATKOSD.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe KBFiltr.exe "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" WLIDSvcM.exe 1972 WDC.exe "C:\Windows\AsScrPro.exe" "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3 "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "C:\Program Files\Elantech\ETDCtrl.exe" "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" "C:\Program Files\Elantech\ETDCtrlHelper.exe" "C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" "C:\Program Files (x86)\gPadServer\gPadServer.exe" "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" C:\Windows\system32\wbem\unsecapp.exe -Embedding "C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe" "C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe" "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4100 series#1319325732" -Startup "C:\Program Files\iPod\bin\iPodService.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Users\Greg\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe =========Mozilla firefox========= ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default prefs.js - "browser.startup.homepage" - "www.dyingscene.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.271 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0] "Description"= "Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.271 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll npdeployJava1.dll npMeetingJoinPluginOC.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01 318960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 689040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] Lync Browser Helper - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22 211720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-03 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-04-01 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-03 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-09 167960] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-09 391704] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-09 418328] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-07-13 2264168] "AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-05-02 324096] "ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-12-13 2587944] "IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120] "BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30 10372368] "IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [] "Setwallpaper"=c:\programdata\SetWallpaper.cmd [] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 2417032] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "sbitunesagent"=C:\Program Files (x86)\Songbird\songbirditunesagent.exe [2012-01-19 266240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [2011-07-15 3058304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-01 12661352] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992] "ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472] "SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-09 984400] "FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-04-08 43008] "ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992] "ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624] "HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016] "UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008] "Communicator"=C:\Program Files (x86)\Microsoft Lync\communicator.exe [2012-06-11 12099672] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280] "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2011-06-10 2255360] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE gPadServer.lnk - C:\Program Files (x86)\gPadServer\gPadServer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-01-26 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-03-28 249344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71288519.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\71288519.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-08-20 18:35:39 ----D---- C:\Program Files\trend micro 2012-08-20 18:35:38 ----D---- C:\rsit 2012-08-20 18:20:31 ----D---- C:\TDSSKiller_Quarantine 2012-08-20 18:19:49 ----A---- C:\TDSSKiller.2.8.7.0_20.08.2012_18.19.49_log.txt 2012-08-18 11:28:17 ----D---- C:\FRST 2012-08-15 18:11:54 ----SHD---- C:\Config.Msi 2012-08-15 18:08:20 ----D---- C:\Qoobox 2012-08-15 18:08:15 ----SD---- C:\32788R22FWJFW 2012-08-15 17:21:59 ----SHD---- C:\found.000 2012-08-14 04:01:25 ----D---- C:\Windows\Minidump 2012-08-13 19:44:46 ----A---- C:\Windows\svchost.exe 2012-08-13 19:25:18 ----D---- C:\Program Files (x86)\ERUNT 2012-08-01 18:20:21 ----D---- C:\Program Files\iTunes 2012-08-01 18:20:21 ----D---- C:\Program Files\iPod 2012-08-01 18:20:21 ----D---- C:\Program Files (x86)\iTunes 2012-08-01 18:16:55 ----D---- C:\Program Files (x86)\QuickTime 2012-07-23 06:49:48 ----SHD---- C:\$RECYCLE.BIN ======List of files/folders modified in the last 1 month====== 2012-08-20 18:35:51 ----D---- C:\Windows\Prefetch 2012-08-20 18:35:39 ----RD---- C:\Program Files 2012-08-20 18:33:32 ----D---- C:\Windows\system32\config 2012-08-20 18:27:41 ----D---- C:\Windows\System32 2012-08-20 18:27:41 ----D---- C:\Windows\inf 2012-08-20 18:27:41 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-08-20 18:24:26 ----D---- C:\Users\Greg\AppData\Roaming\Dropbox 2012-08-20 18:24:10 ----HD---- C:\ASUS.DAT 2012-08-20 18:23:32 ----D---- C:\Windows\temp 2012-08-20 18:23:16 ----A---- C:\Windows\system32\acovcnt.exe 2012-08-20 18:21:51 ----A---- C:\Windows\system32\services.exe 2012-08-20 18:21:05 ----D---- C:\Windows\system32\drivers 2012-08-19 22:09:33 ----D---- C:\Windows 2012-08-18 14:40:46 ----SHD---- C:\System Volume Information 2012-08-15 18:12:30 ----SHD---- C:\Windows\Installer 2012-08-15 18:10:47 ----D---- C:\Windows\SysWOW64 2012-08-15 18:08:33 ----D---- C:\Windows\erdnt 2012-08-14 21:35:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2012-08-14 21:09:13 ----D---- C:\Windows\registration 2012-08-14 20:14:27 ----D---- C:\Windows\system32\wbem 2012-08-14 20:14:19 ----D---- C:\Windows\Tasks 2012-08-13 19:44:36 ----A---- C:\Windows\system32\AutoRunFilter.ini 2012-08-13 19:44:12 ----D---- C:\Windows\system32\Tasks 2012-08-13 19:25:18 ----RD---- C:\Program Files (x86) 2012-08-08 18:47:29 ----A---- C:\Windows\system32\ServiceFilter.ini 2012-08-08 18:45:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-08 18:45:55 ----A---- C:\Windows\ntbtlog.txt 2012-08-08 18:41:58 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2012-08-08 18:41:21 ----D---- C:\Windows\system32\catroot 2012-08-01 18:18:27 ----D---- C:\Windows\system32\DriverStore 2012-08-01 18:18:27 ----D---- C:\Windows\system32\catroot2 2012-07-30 20:21:15 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-07-22 11:54:16 ----RSD---- C:\Windows\Fonts ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 assd;assd; C:\Windows\system32\drivers\assd.sys [2010-04-28 27264] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632] R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384] R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712] R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944] R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-12-13 138024] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152] R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-26 12273408] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-02 3048040] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-20 56344] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920] R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-08-01 23960] R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392] S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-03-22 261632] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-04 1542656] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488] S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-03-24 34200] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-03 379520] R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184] R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2010-03-25 34216] R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984] R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-23 134928] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720] R2 TurboBoost;Intel® Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-01 182768] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-10 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-30 47128] S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------
  11. paphofo
    18:19:49.0935 5468 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03 18:19:50.0501 5468 ============================================================ 18:19:50.0501 5468 Current date / time: 2012/08/20 18:19:50.0501 18:19:50.0502 5468 SystemInfo: 18:19:50.0502 5468 18:19:50.0502 5468 OS Version: 6.1.7601 ServicePack: 1.0 18:19:50.0502 5468 Product type: Workstation 18:19:50.0502 5468 ComputerName: BOB 18:19:50.0502 5468 UserName: Greg 18:19:50.0502 5468 Windows directory: C:\Windows 18:19:50.0502 5468 System windows directory: C:\Windows 18:19:50.0502 5468 Running under WOW64 18:19:50.0502 5468 Processor architecture: Intel x64 18:19:50.0502 5468 Number of processors: 4 18:19:50.0502 5468 Page size: 0x1000 18:19:50.0502 5468 Boot type: Normal boot 18:19:50.0502 5468 ============================================================ 18:19:52.0528 5468 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:19:52.0546 5468 ============================================================ 18:19:52.0546 5468 \Device\Harddisk0\DR0: 18:19:52.0546 5468 MBR partitions: 18:19:52.0546 5468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800 18:19:52.0577 5468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9800, BlocksNum 0x3145C000 18:19:52.0577 5468 ============================================================ 18:19:52.0665 5468 C: <-> \Device\Harddisk0\DR0\Partition1 18:19:52.0774 5468 D: <-> \Device\Harddisk0\DR0\Partition2 18:19:52.0774 5468 ============================================================ 18:19:52.0774 5468 Initialize success 18:19:52.0774 5468 ============================================================ 18:19:55.0799 1436 ============================================================ 18:19:55.0799 1436 Scan started 18:19:55.0799 1436 Mode: Manual; 18:19:55.0799 1436 ============================================================ 18:19:59.0648 1436 ================ Scan system memory ======================== 18:19:59.0648 1436 System memory - ok 18:19:59.0648 1436 ================ Scan services ============================= 18:20:00.0328 1436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:20:00.0332 1436 1394ohci - ok 18:20:00.0369 1436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:20:00.0375 1436 ACPI - ok 18:20:00.0399 1436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:20:00.0401 1436 AcpiPmi - ok 18:20:00.0508 1436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:20:00.0511 1436 AdobeARMservice - ok 18:20:00.0641 1436 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:20:00.0645 1436 AdobeFlashPlayerUpdateSvc - ok 18:20:00.0710 1436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:20:00.0720 1436 adp94xx - ok 18:20:00.0736 1436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:20:00.0745 1436 adpahci - ok 18:20:00.0754 1436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:20:00.0758 1436 adpu320 - ok 18:20:00.0784 1436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:20:00.0786 1436 AeLookupSvc - ok 18:20:00.0824 1436 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe 18:20:00.0832 1436 AFBAgent - ok 18:20:00.0879 1436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:20:00.0888 1436 AFD - ok 18:20:00.0914 1436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:20:00.0916 1436 agp440 - ok 18:20:00.0946 1436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:20:00.0949 1436 ALG - ok 18:20:00.0970 1436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:20:00.0971 1436 aliide - ok 18:20:00.0978 1436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:20:00.0979 1436 amdide - ok 18:20:01.0002 1436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:20:01.0005 1436 AmdK8 - ok 18:20:01.0013 1436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:20:01.0015 1436 AmdPPM - ok 18:20:01.0046 1436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:20:01.0049 1436 amdsata - ok 18:20:01.0062 1436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:20:01.0066 1436 amdsbs - ok 18:20:01.0079 1436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:20:01.0080 1436 amdxata - ok 18:20:01.0116 1436 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 18:20:01.0122 1436 AMPPAL - ok 18:20:01.0132 1436 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 18:20:01.0135 1436 AMPPALP - ok 18:20:01.0305 1436 [ 4977534658CDBCD8F376BA276A115F66 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 18:20:01.0322 1436 AMPPALR3 - ok 18:20:01.0353 1436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:20:01.0355 1436 AppID - ok 18:20:01.0382 1436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:20:01.0388 1436 AppIDSvc - ok 18:20:01.0402 1436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:20:01.0404 1436 Appinfo - ok 18:20:01.0484 1436 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:20:01.0487 1436 Apple Mobile Device - ok 18:20:01.0530 1436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:20:01.0533 1436 arc - ok 18:20:01.0543 1436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:20:01.0546 1436 arcsas - ok 18:20:01.0604 1436 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 18:20:01.0606 1436 ASLDRService - ok 18:20:01.0638 1436 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 18:20:01.0639 1436 ASMMAP64 - ok 18:20:01.0711 1436 [ A7E7AE771A2FCDBD5F28910A38D9A82C ] assd C:\Windows\system32\drivers\assd.sys 18:20:01.0712 1436 assd - ok 18:20:01.0738 1436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:20:01.0740 1436 AsyncMac - ok 18:20:01.0767 1436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:20:01.0767 1436 atapi - ok 18:20:01.0809 1436 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:20:01.0851 1436 athr - ok 18:20:01.0874 1436 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 18:20:01.0879 1436 ATKGFNEXSrv - ok 18:20:01.0929 1436 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 18:20:01.0929 1436 ATKWMIACPIIO - ok 18:20:01.0977 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:20:01.0989 1436 AudioEndpointBuilder - ok 18:20:02.0004 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:20:02.0011 1436 AudioSrv - ok 18:20:02.0056 1436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:20:02.0060 1436 AxInstSV - ok 18:20:02.0109 1436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:20:02.0118 1436 b06bdrv - ok 18:20:02.0156 1436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:20:02.0162 1436 b57nd60a - ok 18:20:02.0217 1436 [ 3C404C55DE548B09F3BA9F136C1B7100 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 18:20:02.0225 1436 BcmSqlStartupSvc - ok 18:20:02.0268 1436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:20:02.0271 1436 BDESVC - ok 18:20:02.0303 1436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:20:02.0305 1436 Beep - ok 18:20:02.0334 1436 BFE - ok 18:20:02.0357 1436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:20:02.0359 1436 blbdrive - ok 18:20:02.0622 1436 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 18:20:02.0631 1436 Bluetooth Device Monitor - ok 18:20:02.0823 1436 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 18:20:02.0835 1436 Bluetooth Media Service - ok 18:20:02.0917 1436 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 18:20:02.0928 1436 Bluetooth OBEX Service - ok 18:20:02.0978 1436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:20:02.0986 1436 Bonjour Service - ok 18:20:03.0018 1436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:20:03.0021 1436 bowser - ok 18:20:03.0057 1436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:20:03.0059 1436 BrFiltLo - ok 18:20:03.0065 1436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:20:03.0066 1436 BrFiltUp - ok 18:20:03.0103 1436 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 18:20:03.0107 1436 BridgeMP - ok 18:20:03.0141 1436 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 18:20:03.0145 1436 Browser - ok 18:20:03.0165 1436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:20:03.0171 1436 Brserid - ok 18:20:03.0183 1436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:20:03.0185 1436 BrSerWdm - ok 18:20:03.0191 1436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:20:03.0192 1436 BrUsbMdm - ok 18:20:03.0200 1436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:20:03.0201 1436 BrUsbSer - ok 18:20:03.0242 1436 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:20:03.0243 1436 BthEnum - ok 18:20:03.0256 1436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:20:03.0258 1436 BTHMODEM - ok 18:20:03.0280 1436 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:20:03.0284 1436 BthPan - ok 18:20:03.0306 1436 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:20:03.0316 1436 BTHPORT - ok 18:20:03.0359 1436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:20:03.0362 1436 bthserv - ok 18:20:03.0381 1436 [ 377AD2480462A72371BA7322352D19EC ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 18:20:03.0385 1436 BTHSSecurityMgr - ok 18:20:03.0401 1436 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:20:03.0404 1436 BTHUSB - ok 18:20:03.0442 1436 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 18:20:03.0444 1436 btmaux - ok 18:20:03.0476 1436 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 18:20:03.0481 1436 btmhsf - ok 18:20:03.0510 1436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:20:03.0512 1436 cdfs - ok 18:20:03.0570 1436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:20:03.0573 1436 cdrom - ok 18:20:03.0612 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:20:03.0615 1436 CertPropSvc - ok 18:20:03.0647 1436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:20:03.0650 1436 circlass - ok 18:20:03.0699 1436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:20:03.0721 1436 CLFS - ok 18:20:03.0830 1436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:20:03.0832 1436 clr_optimization_v2.0.50727_32 - ok 18:20:03.0883 1436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:20:03.0888 1436 clr_optimization_v2.0.50727_64 - ok 18:20:03.0978 1436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:20:04.0016 1436 clr_optimization_v4.0.30319_32 - ok 18:20:04.0037 1436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:20:04.0041 1436 clr_optimization_v4.0.30319_64 - ok 18:20:04.0074 1436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:20:04.0075 1436 CmBatt - ok 18:20:04.0091 1436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:20:04.0093 1436 cmdide - ok 18:20:04.0120 1436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:20:04.0128 1436 CNG - ok 18:20:04.0157 1436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:20:04.0158 1436 Compbatt - ok 18:20:04.0178 1436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:20:04.0180 1436 CompositeBus - ok 18:20:04.0191 1436 COMSysApp - ok 18:20:04.0210 1436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:20:04.0211 1436 crcdisk - ok 18:20:04.0235 1436 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:20:04.0240 1436 CryptSvc - ok 18:20:04.0278 1436 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 18:20:04.0279 1436 dc3d - ok 18:20:04.0308 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:20:04.0320 1436 DcomLaunch - ok 18:20:04.0355 1436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:20:04.0361 1436 defragsvc - ok 18:20:04.0380 1436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:20:04.0383 1436 DfsC - ok 18:20:04.0418 1436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:20:04.0426 1436 Dhcp - ok 18:20:04.0453 1436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:20:04.0455 1436 discache - ok 18:20:04.0480 1436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:20:04.0482 1436 Disk - ok 18:20:04.0528 1436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:20:04.0533 1436 Dnscache - ok 18:20:04.0592 1436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:20:04.0613 1436 dot3svc - ok 18:20:04.0735 1436 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 18:20:04.0745 1436 Dot4 - ok 18:20:04.0906 1436 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 18:20:04.0908 1436 Dot4Print - ok 18:20:05.0003 1436 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 18:20:05.0058 1436 dot4usb - ok 18:20:05.0137 1436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:20:05.0142 1436 DPS - ok 18:20:05.0161 1436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:20:05.0163 1436 drmkaud - ok 18:20:05.0204 1436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:20:05.0213 1436 DXGKrnl - ok 18:20:05.0239 1436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:20:05.0242 1436 EapHost - ok 18:20:05.0399 1436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:20:05.0467 1436 ebdrv - ok 18:20:05.0520 1436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:20:05.0525 1436 EFS - ok 18:20:05.0712 1436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:20:05.0745 1436 ehRecvr - ok 18:20:05.0762 1436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:20:05.0765 1436 ehSched - ok 18:20:05.0833 1436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:20:05.0843 1436 elxstor - ok 18:20:05.0849 1436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:20:05.0850 1436 ErrDev - ok 18:20:05.0888 1436 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys 18:20:05.0890 1436 ETD - ok 18:20:05.0943 1436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:20:05.0951 1436 EventSystem - ok 18:20:06.0064 1436 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 18:20:06.0100 1436 EvtEng - ok 18:20:06.0125 1436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:20:06.0131 1436 exfat - ok 18:20:06.0159 1436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:20:06.0164 1436 fastfat - ok 18:20:06.0204 1436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:20:06.0217 1436 Fax - ok 18:20:06.0237 1436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:20:06.0239 1436 fdc - ok 18:20:06.0261 1436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:20:06.0264 1436 fdPHost - ok 18:20:06.0284 1436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:20:06.0287 1436 FDResPub - ok 18:20:06.0307 1436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:20:06.0310 1436 FileInfo - ok 18:20:06.0321 1436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:20:06.0323 1436 Filetrace - ok 18:20:06.0338 1436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:20:06.0340 1436 flpydisk - ok 18:20:06.0359 1436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:20:06.0365 1436 FltMgr - ok 18:20:06.0399 1436 [ 7DE8A770487FC4B5E3A168AD97E1D370 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys 18:20:06.0405 1436 FLxHCIc - ok 18:20:06.0421 1436 [ 2D54A3319FC955029E4B371CDC088FF4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys 18:20:06.0424 1436 FLxHCIh - ok 18:20:06.0472 1436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:20:06.0506 1436 FontCache - ok 18:20:06.0570 1436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:20:06.0571 1436 FontCache3.0.0.0 - ok 18:20:06.0591 1436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:20:06.0594 1436 FsDepends - ok 18:20:06.0627 1436 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 18:20:06.0636 1436 fssfltr - ok 18:20:06.0838 1436 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 18:20:06.0884 1436 fsssvc - ok 18:20:06.0912 1436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:20:06.0912 1436 Fs_Rec - ok 18:20:06.0948 1436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:20:06.0952 1436 fvevol - ok 18:20:06.0980 1436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:20:06.0982 1436 gagp30kx - ok 18:20:07.0030 1436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:20:07.0030 1436 GEARAspiWDM - ok 18:20:07.0092 1436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:20:07.0108 1436 gpsvc - ok 18:20:07.0215 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:20:07.0220 1436 gupdate - ok 18:20:07.0270 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:20:07.0271 1436 gupdatem - ok 18:20:07.0311 1436 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:20:07.0318 1436 gusvc - ok 18:20:07.0356 1436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:20:07.0363 1436 hcw85cir - ok 18:20:07.0412 1436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:20:07.0418 1436 HdAudAddService - ok 18:20:07.0435 1436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:20:07.0438 1436 HDAudBus - ok 18:20:07.0444 1436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:20:07.0445 1436 HidBatt - ok 18:20:07.0453 1436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:20:07.0455 1436 HidBth - ok 18:20:07.0469 1436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:20:07.0472 1436 HidIr - ok 18:20:07.0489 1436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 18:20:07.0492 1436 hidserv - ok 18:20:07.0518 1436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:20:07.0520 1436 HidUsb - ok 18:20:07.0553 1436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:20:07.0556 1436 hkmsvc - ok 18:20:07.0578 1436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:20:07.0585 1436 HomeGroupListener - ok 18:20:07.0607 1436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:20:07.0614 1436 HomeGroupProvider - ok 18:20:07.0704 1436 [ CC8A7D8A8DC9F357B57796583CF8B85F ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 18:20:07.0709 1436 hpqcxs08 - ok 18:20:07.0730 1436 [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 18:20:07.0733 1436 hpqddsvc - ok 18:20:07.0758 1436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:20:07.0760 1436 HpSAMD - ok 18:20:07.0798 1436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:20:07.0811 1436 HTTP - ok 18:20:07.0827 1436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:20:07.0828 1436 hwpolicy - ok 18:20:07.0859 1436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:20:07.0861 1436 i8042prt - ok 18:20:07.0908 1436 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:20:07.0912 1436 iaStor - ok 18:20:07.0953 1436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:20:07.0961 1436 iaStorV - ok 18:20:07.0985 1436 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys 18:20:07.0988 1436 iBtFltCoex - ok 18:20:08.0181 1436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:20:08.0196 1436 idsvc - ok 18:20:09.0384 1436 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:20:09.0743 1436 igfx - ok 18:20:09.0780 1436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:20:09.0788 1436 iirsp - ok 18:20:09.0909 1436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:20:09.0925 1436 IKEEXT - ok 18:20:09.0971 1436 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 18:20:09.0973 1436 intaud_WaveExtensible - ok 18:20:10.0121 1436 [ 5205DE9BD47F633E06EF3EF3DE11EF99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:20:10.0149 1436 IntcAzAudAddService - ok 18:20:10.0196 1436 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 18:20:10.0203 1436 IntcDAud - ok 18:20:10.0219 1436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:20:10.0221 1436 intelide - ok 18:20:10.0260 1436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:20:10.0261 1436 intelppm - ok 18:20:10.0302 1436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:20:10.0310 1436 IPBusEnum - ok 18:20:10.0331 1436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:20:10.0334 1436 IpFilterDriver - ok 18:20:10.0342 1436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:20:10.0344 1436 IPMIDRV - ok 18:20:10.0378 1436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:20:10.0382 1436 IPNAT - ok 18:20:10.0439 1436 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:20:10.0455 1436 iPod Service - ok 18:20:10.0486 1436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:20:10.0488 1436 IRENUM - ok 18:20:10.0511 1436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:20:10.0513 1436 isapnp - ok 18:20:10.0529 1436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:20:10.0535 1436 iScsiPrt - ok 18:20:10.0573 1436 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys 18:20:10.0574 1436 iwdbus - ok 18:20:10.0592 1436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:20:10.0593 1436 kbdclass - ok 18:20:10.0613 1436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:20:10.0615 1436 kbdhid - ok 18:20:10.0632 1436 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 18:20:10.0633 1436 kbfiltr - ok 18:20:10.0646 1436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:20:10.0648 1436 KeyIso - ok 18:20:10.0679 1436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:20:10.0681 1436 KSecDD - ok 18:20:10.0701 1436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:20:10.0705 1436 KSecPkg - ok 18:20:10.0723 1436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:20:10.0726 1436 ksthunk - ok 18:20:10.0784 1436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:20:10.0792 1436 KtmRm - ok 18:20:10.0826 1436 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 18:20:10.0828 1436 L1C - ok 18:20:10.0862 1436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 18:20:10.0869 1436 LanmanServer - ok 18:20:10.0886 1436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:20:10.0892 1436 LanmanWorkstation - ok 18:20:10.0920 1436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:20:10.0923 1436 lltdio - ok 18:20:10.0958 1436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:20:10.0972 1436 lltdsvc - ok 18:20:10.0989 1436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:20:10.0993 1436 lmhosts - ok 18:20:11.0034 1436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:20:11.0037 1436 LSI_FC - ok 18:20:11.0047 1436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:20:11.0050 1436 LSI_SAS - ok 18:20:11.0059 1436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:20:11.0061 1436 LSI_SAS2 - ok 18:20:11.0072 1436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:20:11.0076 1436 LSI_SCSI - ok 18:20:11.0093 1436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:20:11.0096 1436 luafv - ok 18:20:11.0120 1436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:20:11.0124 1436 Mcx2Svc - ok 18:20:11.0142 1436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:20:11.0144 1436 megasas - ok 18:20:11.0160 1436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:20:11.0167 1436 MegaSR - ok 18:20:11.0201 1436 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:20:11.0202 1436 MEIx64 - ok 18:20:11.0531 1436 Microsoft SharePoint Workspace Audit Service - ok 18:20:11.0615 1436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:20:11.0620 1436 MMCSS - ok 18:20:11.0642 1436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:20:11.0652 1436 Modem - ok 18:20:11.0673 1436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:20:11.0676 1436 monitor - ok 18:20:11.0695 1436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:20:11.0696 1436 mouclass - ok 18:20:11.0710 1436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:20:11.0719 1436 mouhid - ok 18:20:11.0741 1436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:20:11.0743 1436 mountmgr - ok 18:20:11.0800 1436 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:20:11.0809 1436 MozillaMaintenance - ok 18:20:11.0827 1436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:20:11.0831 1436 mpio - ok 18:20:11.0848 1436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:20:11.0851 1436 mpsdrv - ok 18:20:11.0861 1436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:20:11.0864 1436 MRxDAV - ok 18:20:11.0897 1436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:20:11.0901 1436 mrxsmb - ok 18:20:11.0919 1436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:20:11.0926 1436 mrxsmb10 - ok 18:20:11.0944 1436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:20:11.0948 1436 mrxsmb20 - ok 18:20:11.0967 1436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:20:11.0968 1436 msahci - ok 18:20:12.0014 1436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:20:12.0022 1436 msdsm - ok 18:20:12.0055 1436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:20:12.0061 1436 MSDTC - ok 18:20:12.0091 1436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:20:12.0093 1436 Msfs - ok 18:20:12.0111 1436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:20:12.0113 1436 mshidkmdf - ok 18:20:12.0123 1436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:20:12.0124 1436 msisadrv - ok 18:20:12.0155 1436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:20:12.0159 1436 MSiSCSI - ok 18:20:12.0165 1436 msiserver - ok 18:20:12.0185 1436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:20:12.0187 1436 MSKSSRV - ok 18:20:12.0205 1436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:20:12.0209 1436 MSPCLOCK - ok 18:20:12.0227 1436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:20:12.0230 1436 MSPQM - ok 18:20:12.0256 1436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:20:12.0264 1436 MsRPC - ok 18:20:12.0286 1436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:20:12.0287 1436 mssmbios - ok 18:20:12.0345 1436 MSSQL$MSSMLBIZ - ok 18:20:12.0474 1436 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 18:20:12.0478 1436 MSSQLServerADHelper100 - ok 18:20:12.0512 1436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:20:12.0513 1436 MSTEE - ok 18:20:12.0521 1436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:20:12.0523 1436 MTConfig - ok 18:20:12.0551 1436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:20:12.0552 1436 Mup - ok 18:20:12.0588 1436 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 18:20:12.0597 1436 MyWiFiDHCPDNS - ok 18:20:12.0629 1436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:20:12.0640 1436 napagent - ok 18:20:12.0677 1436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:20:12.0684 1436 NativeWifiP - ok 18:20:12.0769 1436 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:20:12.0784 1436 NDIS - ok 18:20:12.0950 1436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:20:12.0961 1436 NdisCap - ok 18:20:12.0985 1436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:20:12.0992 1436 NdisTapi - ok 18:20:13.0013 1436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:20:13.0015 1436 Ndisuio - ok 18:20:13.0032 1436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:20:13.0037 1436 NdisWan - ok 18:20:13.0056 1436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:20:13.0059 1436 NDProxy - ok 18:20:13.0104 1436 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 18:20:13.0107 1436 Net Driver HPZ12 - ok 18:20:13.0124 1436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:20:13.0126 1436 NetBIOS - ok 18:20:13.0151 1436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:20:13.0157 1436 NetBT - ok 18:20:13.0170 1436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:20:13.0172 1436 Netlogon - ok 18:20:13.0211 1436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:20:13.0219 1436 Netman - ok 18:20:13.0249 1436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:20:13.0260 1436 netprofm - ok 18:20:13.0287 1436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:20:13.0289 1436 NetTcpPortSharing - ok 18:20:14.0135 1436 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 18:20:14.0316 1436 NETwNs64 - ok 18:20:14.0354 1436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:20:14.0357 1436 nfrd960 - ok 18:20:14.0409 1436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:20:14.0416 1436 NlaSvc - ok 18:20:14.0439 1436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:20:14.0441 1436 Npfs - ok 18:20:14.0465 1436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:20:14.0474 1436 nsi - ok 18:20:14.0485 1436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:20:14.0495 1436 nsiproxy - ok 18:20:14.0591 1436 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:20:14.0636 1436 Ntfs - ok 18:20:14.0678 1436 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 18:20:14.0679 1436 NuidFltr - ok 18:20:14.0704 1436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:20:14.0706 1436 Null - ok 18:20:15.0093 1436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:20:15.0096 1436 nvraid - ok 18:20:15.0147 1436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:20:15.0150 1436 nvstor - ok 18:20:15.0179 1436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:20:15.0197 1436 nv_agp - ok 18:20:15.0218 1436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:20:15.0221 1436 ohci1394 - ok 18:20:15.0283 1436 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:20:15.0293 1436 ose64 - ok 18:20:15.0888 1436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:20:15.0999 1436 osppsvc - ok 18:20:16.0048 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:20:16.0055 1436 p2pimsvc - ok 18:20:16.0085 1436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:20:16.0095 1436 p2psvc - ok 18:20:16.0132 1436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:20:16.0135 1436 Parport - ok 18:20:16.0170 1436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:20:16.0172 1436 partmgr - ok 18:20:16.0206 1436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:20:16.0236 1436 PcaSvc - ok 18:20:16.0254 1436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:20:16.0258 1436 pci - ok 18:20:16.0277 1436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:20:16.0278 1436 pciide - ok 18:20:16.0320 1436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:20:16.0324 1436 pcmcia - ok 18:20:16.0336 1436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:20:16.0337 1436 pcw - ok 18:20:16.0370 1436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:20:16.0381 1436 PEAUTH - ok 18:20:17.0001 1436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:20:17.0003 1436 PerfHost - ok 18:20:17.0225 1436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:20:17.0259 1436 pla - ok 18:20:17.0291 1436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:20:17.0302 1436 PlugPlay - ok 18:20:17.0321 1436 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 18:20:17.0324 1436 Pml Driver HPZ12 - ok 18:20:17.0335 1436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:20:17.0339 1436 PNRPAutoReg - ok 18:20:17.0365 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:20:17.0370 1436 PNRPsvc - ok 18:20:17.0402 1436 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 18:20:17.0404 1436 Point64 - ok 18:20:17.0492 1436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:20:17.0502 1436 PolicyAgent - ok 18:20:17.0537 1436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:20:17.0543 1436 Power - ok 18:20:17.0570 1436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:20:17.0574 1436 PptpMiniport - ok 18:20:17.0595 1436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:20:17.0598 1436 Processor - ok 18:20:17.0630 1436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:20:17.0637 1436 ProfSvc - ok 18:20:17.0660 1436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:20:17.0662 1436 ProtectedStorage - ok 18:20:17.0684 1436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:20:17.0689 1436 Psched - ok 18:20:17.0758 1436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:20:17.0784 1436 ql2300 - ok 18:20:17.0806 1436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:20:17.0809 1436 ql40xx - ok 18:20:17.0842 1436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:20:17.0849 1436 QWAVE - ok 18:20:17.0863 1436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:20:17.0865 1436 QWAVEdrv - ok 18:20:17.0872 1436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:20:17.0873 1436 RasAcd - ok 18:20:17.0889 1436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:20:17.0892 1436 RasAgileVpn - ok 18:20:17.0907 1436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:20:17.0912 1436 RasAuto - ok 18:20:17.0924 1436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:20:17.0927 1436 Rasl2tp - ok 18:20:17.0945 1436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:20:17.0954 1436 RasMan - ok 18:20:17.0966 1436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:20:17.0969 1436 RasPppoe - ok 18:20:17.0981 1436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:20:17.0984 1436 RasSstp - ok 18:20:18.0010 1436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:20:18.0017 1436 rdbss - ok 18:20:18.0040 1436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:20:18.0042 1436 rdpbus - ok 18:20:18.0059 1436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:20:18.0061 1436 RDPCDD - ok 18:20:18.0073 1436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:20:18.0075 1436 RDPENCDD - ok 18:20:18.0091 1436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:20:18.0093 1436 RDPREFMP - ok 18:20:18.0123 1436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:20:18.0128 1436 RDPWD - ok 18:20:18.0159 1436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:20:18.0163 1436 rdyboost - ok 18:20:18.0352 1436 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 18:20:18.0375 1436 RegSrvc - ok 18:20:18.0428 1436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:20:18.0432 1436 RemoteAccess - ok 18:20:18.0476 1436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:20:18.0482 1436 RemoteRegistry - ok 18:20:18.0513 1436 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:20:18.0517 1436 RFCOMM - ok 18:20:18.0535 1436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:20:18.0540 1436 RpcEptMapper - ok 18:20:18.0557 1436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:20:18.0560 1436 RpcLocator - ok 18:20:18.0591 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 18:20:18.0598 1436 RpcSs - ok 18:20:18.0626 1436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:20:18.0628 1436 rspndr - ok 18:20:18.0647 1436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:20:18.0649 1436 SamSs - ok 18:20:18.0690 1436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:20:18.0693 1436 sbp2port - ok 18:20:18.0723 1436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:20:18.0730 1436 SCardSvr - ok 18:20:18.0744 1436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:20:18.0750 1436 scfilter - ok 18:20:18.0848 1436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:20:18.0869 1436 Schedule - ok 18:20:18.0902 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:20:18.0904 1436 SCPolicySvc - ok 18:20:18.0925 1436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:20:18.0931 1436 SDRSVC - ok 18:20:18.0954 1436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:20:18.0956 1436 secdrv - ok 18:20:18.0977 1436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:20:18.0982 1436 seclogon - ok 18:20:19.0001 1436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 18:20:19.0007 1436 SENS - ok 18:20:19.0027 1436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:20:19.0032 1436 SensrSvc - ok 18:20:19.0057 1436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:20:19.0059 1436 Serenum - ok 18:20:19.0081 1436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:20:19.0084 1436 Serial - ok 18:20:19.0096 1436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:20:19.0098 1436 sermouse - ok 18:20:19.0122 1436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:20:19.0127 1436 SessionEnv - ok 18:20:19.0148 1436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:20:19.0150 1436 sffdisk - ok 18:20:19.0165 1436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:20:19.0167 1436 sffp_mmc - ok 18:20:19.0174 1436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:20:19.0175 1436 sffp_sd - ok 18:20:19.0182 1436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:20:19.0183 1436 sfloppy - ok 18:20:19.0229 1436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:20:19.0239 1436 ShellHWDetection - ok 18:20:19.0260 1436 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 18:20:19.0263 1436 SiSGbeLH - ok 18:20:19.0270 1436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:20:19.0273 1436 SiSRaid2 - ok 18:20:19.0285 1436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:20:19.0288 1436 SiSRaid4 - ok 18:20:19.0296 1436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:20:19.0298 1436 Smb - ok 18:20:19.0338 1436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:20:19.0342 1436 SNMPTRAP - ok 18:20:19.0373 1436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:20:19.0375 1436 spldr - ok 18:20:19.0460 1436 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 18:20:19.0508 1436 Spooler - ok 18:20:19.0612 1436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:20:19.0856 1436 sppsvc - ok 18:20:19.0874 1436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:20:19.0878 1436 sppuinotify - ok 18:20:19.0903 1436 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE 18:20:19.0924 1436 SQLAgent$MSSMLBIZ - ok 18:20:20.0009 1436 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 18:20:20.0020 1436 SQLBrowser - ok 18:20:20.0140 1436 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 18:20:20.0146 1436 SQLWriter - ok 18:20:20.0184 1436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:20:20.0193 1436 srv - ok 18:20:20.0298 1436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:20:20.0310 1436 srv2 - ok 18:20:20.0328 1436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:20:20.0333 1436 srvnet - ok 18:20:20.0370 1436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:20:20.0376 1436 SSDPSRV - ok 18:20:20.0388 1436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:20:20.0393 1436 SstpSvc - ok 18:20:20.0426 1436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:20:20.0429 1436 stexstor - ok 18:20:20.0475 1436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:20:20.0488 1436 stisvc - ok 18:20:20.0506 1436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:20:20.0507 1436 swenum - ok 18:20:20.0553 1436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:20:20.0565 1436 swprv - ok 18:20:20.0616 1436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:20:20.0661 1436 SysMain - ok 18:20:20.0684 1436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:20:20.0689 1436 TabletInputService - ok 18:20:20.0714 1436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:20:20.0725 1436 TapiSrv - ok 18:20:20.0747 1436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:20:20.0750 1436 TBS - ok 18:20:21.0403 1436 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:20:21.0470 1436 Tcpip - ok 18:20:21.0556 1436 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:20:21.0575 1436 TCPIP6 - ok 18:20:21.0637 1436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:20:21.0639 1436 tcpipreg - ok 18:20:21.0666 1436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:20:21.0670 1436 TDPIPE - ok 18:20:21.0700 1436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:20:21.0702 1436 TDTCP - ok 18:20:21.0733 1436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:20:21.0735 1436 tdx - ok 18:20:21.0750 1436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:20:21.0751 1436 TermDD - ok 18:20:21.0805 1436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:20:21.0819 1436 TermService - ok 18:20:21.0837 1436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:20:21.0841 1436 Themes - ok 18:20:21.0857 1436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:20:21.0859 1436 THREADORDER - ok 18:20:21.0880 1436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:20:21.0885 1436 TrkWks - ok 18:20:21.0930 1436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:20:21.0934 1436 TrustedInstaller - ok 18:20:21.0957 1436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:20:21.0960 1436 tssecsrv - ok 18:20:21.0991 1436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:20:21.0993 1436 TsUsbFlt - ok 18:20:22.0008 1436 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:20:22.0009 1436 TsUsbGD - ok 18:20:22.0036 1436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:20:22.0040 1436 tunnel - ok 18:20:22.0067 1436 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 18:20:22.0068 1436 TurboB - ok 18:20:22.0104 1436 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 18:20:22.0107 1436 TurboBoost - ok 18:20:22.0126 1436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:20:22.0130 1436 uagp35 - ok 18:20:22.0153 1436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:20:22.0160 1436 udfs - ok 18:20:22.0190 1436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:20:22.0196 1436 UI0Detect - ok 18:20:22.0212 1436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:20:22.0215 1436 uliagpkx - ok 18:20:22.0247 1436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:20:22.0250 1436 umbus - ok 18:20:22.0256 1436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:20:22.0258 1436 UmPass - ok 18:20:22.0282 1436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:20:22.0291 1436 upnphost - ok 18:20:22.0334 1436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:20:22.0336 1436 USBAAPL64 - ok 18:20:22.0368 1436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:20:22.0371 1436 usbccgp - ok 18:20:22.0415 1436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:20:22.0418 1436 usbcir - ok 18:20:22.0445 1436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:20:22.0449 1436 usbehci - ok 18:20:22.0485 1436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:20:22.0492 1436 usbhub - ok 18:20:22.0512 1436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:20:22.0515 1436 usbohci - ok 18:20:22.0533 1436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:20:22.0536 1436 usbprint - ok 18:20:22.0574 1436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:20:22.0576 1436 usbscan - ok 18:20:22.0596 1436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:20:22.0599 1436 USBSTOR - ok 18:20:22.0615 1436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:20:22.0618 1436 usbuhci - ok 18:20:22.0657 1436 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:20:22.0662 1436 usbvideo - ok 18:20:22.0680 1436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:20:22.0685 1436 UxSms - ok 18:20:22.0698 1436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:20:22.0700 1436 VaultSvc - ok 18:20:22.0725 1436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:20:22.0726 1436 vdrvroot - ok 18:20:23.0265 1436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:20:23.0278 1436 vds - ok 18:20:23.0300 1436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:20:23.0303 1436 vga - ok 18:20:23.0315 1436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:20:23.0318 1436 VgaSave - ok 18:20:23.0338 1436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:20:23.0343 1436 vhdmp - ok 18:20:23.0358 1436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:20:23.0359 1436 viaide - ok 18:20:23.0382 1436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:20:23.0384 1436 volmgr - ok 18:20:23.0410 1436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:20:23.0418 1436 volmgrx - ok 18:20:23.0436 1436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:20:23.0441 1436 volsnap - ok 18:20:23.0470 1436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:20:23.0474 1436 vsmraid - ok 18:20:23.0535 1436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:20:23.0597 1436 VSS - ok 18:20:23.0608 1436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:20:23.0619 1436 vwifibus - ok 18:20:23.0654 1436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:20:23.0657 1436 vwififlt - ok 18:20:23.0687 1436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:20:23.0688 1436 vwifimp - ok 18:20:23.0707 1436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:20:23.0718 1436 W32Time - ok 18:20:23.0733 1436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:20:23.0735 1436 WacomPen - ok 18:20:23.0760 1436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:20:23.0763 1436 WANARP - ok 18:20:23.0770 1436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:20:23.0772 1436 Wanarpv6 - ok 18:20:23.0890 1436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:20:23.0933 1436 WatAdminSvc - ok 18:20:24.0003 1436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:20:24.0048 1436 wbengine - ok 18:20:24.0066 1436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:20:24.0073 1436 WbioSrvc - ok 18:20:24.0090 1436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:20:24.0100 1436 wcncsvc - ok 18:20:24.0112 1436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:20:24.0116 1436 WcsPlugInService - ok 18:20:24.0131 1436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:20:24.0133 1436 Wd - ok 18:20:24.0166 1436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:20:24.0178 1436 Wdf01000 - ok 18:20:24.0197 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:20:24.0202 1436 WdiServiceHost - ok 18:20:24.0207 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:20:24.0210 1436 WdiSystemHost - ok 18:20:24.0248 1436 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys 18:20:24.0250 1436 wdkmd - ok 18:20:24.0308 1436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:20:24.0315 1436 WebClient - ok 18:20:24.0352 1436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:20:24.0359 1436 Wecsvc - ok 18:20:24.0380 1436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:20:24.0385 1436 wercplsupport - ok 18:20:24.0403 1436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:20:24.0409 1436 WerSvc - ok 18:20:24.0448 1436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:20:24.0465 1436 WfpLwf - ok 18:20:24.0493 1436 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 18:20:24.0498 1436 WimFltr - ok 18:20:24.0512 1436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:20:24.0515 1436 WIMMount - ok 18:20:24.0523 1436 WinHttpAutoProxySvc - ok 18:20:24.0707 1436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:20:24.0729 1436 Winmgmt - ok 18:20:25.0169 1436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:20:25.0265 1436 WinRM - ok 18:20:25.0329 1436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:20:25.0331 1436 WinUsb - ok 18:20:25.0367 1436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:20:25.0432 1436 Wlansvc - ok 18:20:25.0502 1436 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:20:25.0506 1436 wlcrasvc - ok 18:20:25.0893 1436 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:20:25.0955 1436 wlidsvc - ok 18:20:25.0972 1436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 18:20:25.0973 1436 WmiAcpi - ok 18:20:26.0016 1436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:20:26.0027 1436 wmiApSrv - ok 18:20:26.0057 1436 WMPNetworkSvc - ok 18:20:26.0088 1436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:20:26.0093 1436 WPCSvc - ok 18:20:26.0110 1436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:20:26.0116 1436 WPDBusEnum - ok 18:20:26.0140 1436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:20:26.0142 1436 ws2ifsl - ok 18:20:26.0148 1436 WSearch - ok 18:20:26.0170 1436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:20:26.0173 1436 WudfPf - ok 18:20:26.0201 1436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:20:26.0206 1436 WUDFRd - ok 18:20:26.0219 1436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:20:26.0224 1436 wudfsvc - ok 18:20:26.0240 1436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:20:26.0247 1436 WwanSvc - ok 18:20:26.0279 1436 ================ Scan global =============================== 18:20:26.0305 1436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:20:26.0334 1436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 18:20:26.0347 1436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 18:20:26.0371 1436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:20:26.0405 1436 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe 18:20:26.0416 1436 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected 18:20:26.0416 1436 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0) 18:20:26.0417 1436 ================ Scan MBR ================================== 18:20:26.0435 1436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:20:26.0436 1436 Suspicious mbr (Forged): \Device\Harddisk0\DR0 18:20:26.0515 1436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 18:20:26.0515 1436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 18:20:26.0515 1436 ================ Scan VBR ================================== 18:20:26.0520 1436 [ 05D95A8ACE6F146854CBC9F1C007FF9D ] \Device\Harddisk0\DR0\Partition1 18:20:26.0525 1436 \Device\Harddisk0\DR0\Partition1 - ok 18:20:26.0660 1436 [ B1BB516956C3DDBBCCEFBC0F0E5299EC ] \Device\Harddisk0\DR0\Partition2 18:20:26.0672 1436 \Device\Harddisk0\DR0\Partition2 - ok 18:20:26.0673 1436 ============================================================ 18:20:26.0673 1436 Scan finished 18:20:26.0673 1436 ============================================================ 18:20:26.0690 3592 Detected object count: 2 18:20:26.0690 3592 Actual detected object count: 2 18:20:31.0638 3592 C:\Windows\system32\services.exe - copied to quarantine 18:20:31.0989 3592 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine 18:20:31.0990 3592 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine 18:20:32.0281 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ - copied to quarantine 18:20:32.0284 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ - copied to quarantine 18:20:32.0286 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ - copied to quarantine 18:20:32.0287 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ - copied to quarantine 18:20:32.0288 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ - copied to quarantine 18:20:32.0290 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ - copied to quarantine 18:20:32.0292 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ - copied to quarantine 18:21:00.0531 3592 Backup copy found, using it.. 18:21:00.0623 3592 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot 18:21:00.0623 3592 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot 18:21:00.0654 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ - will be deleted on reboot 18:21:00.0654 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ - will be deleted on reboot 18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ - will be deleted on reboot 18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ - will be deleted on reboot 18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ - will be deleted on reboot 18:21:00.0656 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ - will be deleted on reboot 18:21:00.0656 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ - will be deleted on reboot 18:21:00.0664 3592 C:\Windows\system32\services.exe - will be cured on reboot 18:21:00.0664 3592 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure 18:21:05.0033 3592 \Device\Harddisk0\DR0\# - copied to quarantine 18:21:05.0036 3592 \Device\Harddisk0\DR0 - copied to quarantine 18:21:05.0153 3592 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 18:21:05.0158 3592 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 18:21:05.0171 3592 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:21:05.0178 3592 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:21:05.0201 3592 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 18:21:05.0213 3592 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 18:21:05.0215 3592 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 18:21:05.0216 3592 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 18:21:05.0218 3592 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 18:21:05.0221 3592 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 18:21:05.0224 3592 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 18:21:05.0226 3592 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 18:21:05.0228 3592 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 18:21:05.0230 3592 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 18:21:05.0350 3592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 18:21:05.0356 3592 \Device\Harddisk0\DR0 - ok 18:21:05.0361 3592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 18:21:17.0294 2956 Deinitialize success
  12. paphofo
    I'm sorry, but again while running combofix, I got a BSOD the stop code I received this time was 0x000000F7(....) I can repeat the process to get the rest of the stop code if you need. While combofix was running a window came up with a blue and a red progress bars.The screen went blank and the BSOD came up four about 5 seconds before the computer restarted.
  13. paphofo
    Scan result of Farbar Recovery Scan Tool Version: 18-08-2012 Ran by SYSTEM at 18-08-2012 10:28:26 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-09] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-09] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-09] (Intel Corporation) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2264168 2011-07-13] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-03-30] (Intel Corporation) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] () HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x] HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-18] () HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [43008 2011-04-08] (Windows ® Win 7 DDK provider) HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Greg\...\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe [266240 2012-01-19] () Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Greg\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Greg\Start Menu\Programs\Startup\gPadServer.lnk ShortcutTarget: gPadServer.lnk -> C:\Program Files (x86)\gPadServer\gPadServer.exe () ==================== Services (Whitelisted) ====== 2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) 2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) 2 BcmSqlStartupSvc; "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [34216 2010-03-25] (Microsoft Corporation) 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [923984 2011-03-30] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1321296 2011-03-30] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-03-30] (Intel Corporation) 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-02-23] (Intel® Corporation) 2 fromlrzjla; C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc [192000 2012-08-05] () 3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-30] (Microsoft Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] () 4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-30] (Microsoft Corporation) ========================== Drivers (Whitelisted) ============= 2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS) 0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation) 1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS) 3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic) 3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2012-01-19] (GEAR Software Inc.) 3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-03-22] (Intel Corporation) 3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( ) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] () 3 BFE; . [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-18 10:28 - 2012-08-18 10:28 - 00000000 ____D C:\FRST 2012-08-16 19:42 - 2012-08-16 19:42 - 00262144 ____A C:\Windows\Minidump\081612-25178-01.dmp 2012-08-16 19:33 - 2012-08-16 19:33 - 00262144 ____A C:\Windows\Minidump\081612-26473-01.dmp 2012-08-16 19:30 - 2012-08-16 19:30 - 00262144 ____A C:\Windows\Minidump\081612-35412-01.dmp 2012-08-16 19:26 - 2012-08-16 19:28 - 00004580 ____A C:\Users\Greg\Desktop\Rkill.txt 2012-08-16 19:25 - 2012-08-16 19:25 - 01543584 ____A (Bleeping Computer, LLC) C:\Users\Greg\Desktop\rkill.com 2012-08-15 17:09 - 2012-08-15 17:09 - 00262144 ____A C:\Windows\Minidump\081512-21340-01.dmp 2012-08-15 17:08 - 2012-08-16 19:42 - 00000000 ___SD C:\32788R22FWJFW 2012-08-15 17:08 - 2012-08-16 19:39 - 00000000 ____D C:\Qoobox 2012-08-15 17:07 - 2012-08-15 17:08 - 00001453 ____A C:\Users\Greg\Desktop\ComboFix.exe - Shortcut.lnk 2012-08-15 17:06 - 2012-08-16 19:39 - 04731953 ____R (Swearware) C:\Users\Greg\Downloads\ComboFix.exe 2012-08-15 16:24 - 2012-08-15 16:24 - 00003480 ____N C:\bootsqm.dat 2012-08-15 16:21 - 2012-08-15 16:21 - 00000000 __SHD C:\found.000 2012-08-14 19:14 - 2012-08-18 09:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-14 19:14 - 2012-08-14 19:14 - 00002116 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-14 03:01 - 2012-08-16 19:42 - 674228864 ____A C:\Windows\MEMORY.DMP 2012-08-14 03:01 - 2012-08-16 19:42 - 00000000 ____D C:\Windows\Minidump 2012-08-14 03:01 - 2012-08-14 03:01 - 00262144 ____A C:\Windows\Minidump\081412-23056-01.dmp 2012-08-13 18:44 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-08-13 18:25 - 2012-08-13 18:25 - 00000930 ____A C:\Users\Greg\Desktop\NTREGOPT.lnk 2012-08-13 18:25 - 2012-08-13 18:25 - 00000911 ____A C:\Users\Greg\Desktop\ERUNT.lnk 2012-08-13 18:25 - 2012-08-13 18:25 - 00000000 ____D C:\Program Files (x86)\ERUNT 2012-08-13 18:24 - 2012-08-13 18:24 - 00791393 ____A (Lars Hederer ) C:\Users\Greg\Downloads\erunt-setup.exe 2012-08-09 18:48 - 2012-08-09 18:48 - 00027454 ____A C:\Users\Greg\Desktop\DDS.txt 2012-08-09 18:48 - 2012-08-09 18:48 - 00011453 ____A C:\Users\Greg\Desktop\Attach.txt 2012-08-09 18:44 - 2012-08-09 18:44 - 00607260 ____R (Swearware) C:\Users\Greg\Desktop\dds.scr 2012-08-01 17:20 - 2012-08-01 17:20 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files\iTunes 2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files\iPod 2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-08-01 17:16 - 2012-08-01 17:17 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-07-19 15:44 - 2012-07-19 15:44 - 00000673 ____A C:\Users\Greg\Greg - Shortcut.lnk 2012-07-19 13:36 - 2012-08-15 17:08 - 00000000 ____D C:\Windows\erdnt ============ 3 Months Modified Files ======================== 2012-08-18 09:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-18 09:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-18 09:16 - 2012-08-14 19:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-18 09:15 - 2009-07-13 20:51 - 00156373 ____A C:\Windows\setupact.log 2012-08-17 23:32 - 2011-07-15 17:45 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2012-08-17 23:32 - 2009-07-13 21:13 - 00837322 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-16 19:42 - 2012-08-16 19:42 - 00262144 ____A C:\Windows\Minidump\081612-25178-01.dmp 2012-08-16 19:42 - 2012-08-14 03:01 - 674228864 ____A C:\Windows\MEMORY.DMP 2012-08-16 19:39 - 2012-08-15 17:06 - 04731953 ____R (Swearware) C:\Users\Greg\Downloads\ComboFix.exe 2012-08-16 19:33 - 2012-08-16 19:33 - 00262144 ____A C:\Windows\Minidump\081612-26473-01.dmp 2012-08-16 19:30 - 2012-08-16 19:30 - 00262144 ____A C:\Windows\Minidump\081612-35412-01.dmp 2012-08-16 19:28 - 2012-08-16 19:26 - 00004580 ____A C:\Users\Greg\Desktop\Rkill.txt 2012-08-16 19:25 - 2012-08-16 19:25 - 01543584 ____A (Bleeping Computer, LLC) C:\Users\Greg\Desktop\rkill.com 2012-08-15 17:09 - 2012-08-15 17:09 - 00262144 ____A C:\Windows\Minidump\081512-21340-01.dmp 2012-08-15 17:08 - 2012-08-15 17:07 - 00001453 ____A C:\Users\Greg\Desktop\ComboFix.exe - Shortcut.lnk 2012-08-15 16:24 - 2012-08-15 16:24 - 00003480 ____N C:\bootsqm.dat 2012-08-14 20:35 - 2012-04-12 13:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 20:35 - 2011-10-10 16:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-14 19:14 - 2012-08-14 19:14 - 00002116 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-14 03:01 - 2012-08-14 03:01 - 00262144 ____A C:\Windows\Minidump\081412-23056-01.dmp 2012-08-13 18:44 - 2011-07-15 17:43 - 00002246 ____A C:\Windows\System32\AutoRunFilter.ini 2012-08-13 18:43 - 2011-04-01 20:17 - 00347586 ____A C:\Windows\PFRO.log 2012-08-13 18:25 - 2012-08-13 18:25 - 00000930 ____A C:\Users\Greg\Desktop\NTREGOPT.lnk 2012-08-13 18:25 - 2012-08-13 18:25 - 00000911 ____A C:\Users\Greg\Desktop\ERUNT.lnk 2012-08-13 18:24 - 2012-08-13 18:24 - 00791393 ____A (Lars Hederer ) C:\Users\Greg\Downloads\erunt-setup.exe 2012-08-09 18:48 - 2012-08-09 18:48 - 00027454 ____A C:\Users\Greg\Desktop\DDS.txt 2012-08-09 18:48 - 2012-08-09 18:48 - 00011453 ____A C:\Users\Greg\Desktop\Attach.txt 2012-08-09 18:44 - 2012-08-09 18:44 - 00607260 ____R (Swearware) C:\Users\Greg\Desktop\dds.scr 2012-08-08 17:48 - 2011-10-09 17:38 - 00001945 ____A C:\Windows\epplauncher.mif 2012-08-08 17:47 - 2011-07-15 17:43 - 00001479 ____A C:\Windows\System32\ServiceFilter.ini 2012-08-08 17:38 - 2011-07-15 17:24 - 01634287 ____A C:\Windows\WindowsUpdate.log 2012-08-01 17:20 - 2012-08-01 17:20 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-07-23 05:49 - 2011-10-09 15:45 - 00110016 ____A C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-23 05:49 - 2009-07-13 20:45 - 00418712 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-19 15:44 - 2012-07-19 15:44 - 00000673 ____A C:\Users\Greg\Greg - Shortcut.lnk 2012-07-19 13:46 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-14 15:49 - 2012-02-16 09:55 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-10 22:39 - 2011-10-11 09:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 12:46 - 2011-10-09 17:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-27 22:48 - 2012-06-27 22:48 - 00003059 ____A C:\Users\Greg\Desktop\M3.lnk 2012-06-18 10:03 - 2012-01-11 11:18 - 00001017 ____A C:\Users\Greg\Desktop\Dropbox.lnk 2012-06-11 19:08 - 2012-07-10 22:42 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 20:34 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 20:34 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-10 20:34 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 20:34 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 20:33 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 20:34 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 20:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 20:33 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-26 15:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-26 15:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-26 15:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-26 15:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-26 15:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:19 - 2012-06-26 15:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-26 15:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-26 15:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-26 15:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-10 22:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-10 22:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-10 22:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-10 22:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-10 22:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-10 22:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-10 22:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-10 22:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-10 22:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-10 22:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-10 22:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-10 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-10 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-10 22:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-10 22:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-10 22:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-10 22:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-10 22:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-10 22:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-10 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-10 22:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-10 22:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-10 22:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-10 22:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-10 22:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-10 22:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-10 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-10 22:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-10 20:33 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 20:33 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 20:33 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 20:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 20:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 20:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 20:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 20:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 20:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ZeroAccess: C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\201d3dde C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ ZeroAccess: C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94} C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Type 00 partition infection: C:\Windows\svchost.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8102.76 MB Available physical RAM: 7342.96 MB Total Pagefile: 8100.91 MB Available Pagefile: 7337.87 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ======================= Partitions ========================= 1 Drive c: (Piddle) (Fixed) (Total:279.45 GB) (Free:152.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.08 GB) NTFS 4 Drive f: (FLASH CU) (Removable) (Total:0.25 GB) (Free:0.24 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 1024 KB Disk 1 Online 252 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 25 GB 1024 KB Partition 2 Primary 279 GB 25 GB Partition 0 Extended 394 GB 304 GB Partition 3 Logical 394 GB 304 GB ================================================================================== Disk: 0 Partition 1 Type : 1C Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C Piddle NTFS Partition 279 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 394 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 252 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FLASH CU FAT Removable 252 MB Healthy ================================================================================== Last Boot: 2012-08-08 16:51 ======================= End Of Log ==========================
  14. paphofo
    a) What antivirus/antimalware programs would you recommend scanning the files with before transfer. b-f) I ran rkill, and below is the .txt document. However, when I ran combofix again, I received a popup that said combofix needed an update. No matter what I clicked, I received another BSOD :-( I tried frantically to write down the stop code. What I got was 0x0000001E (0xFFFF....C....). I hope that can help some. I did not try iexplore.exe or any other rkill links because it ran successfully. Please let me know what I can do. Rkill 2.2.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/16/2012 08:26:17 PM in x64 mode. Windows Version: Windows 7 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 2064) [uP-HEUR] * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3296) [WD-HEUR] * C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 4928) [uP-HEUR] * C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 5476) [uP-HEUR] 4 proccesses terminated! Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*! * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*! Performing miscellaneous checks. * C:\Windows\assembly\GAC_32\Desktop.ini [ZA File] * C:\Windows\assembly\GAC_64\Desktop.ini [ZA File] Checking Windows Service Integrity: * BITS [Missing Service] * CscService [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * PeerDistSvc [Missing Service] * UmRdpService [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] Searching for Missing Digital Signatures: * C:\Windows\System32\services.exe [NoSig] +-> C:\Windows\erdnt\cache64\Services.exe : 328,704 : 07/13/2009 06:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl] +-> C:\Windows\system64\services.exe : 328,704 : 07/13/2009 06:39 PM : 014a9cb92514e27c0107614df764bc06 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 06:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl] Program finished at: 08/16/2012 08:28:03 PM Execution time: 0 hours(s), 1 minute(s), and 46 seconds(s)
  15. paphofo
    It was multiple months ago. If I were to plug my external hard drive in and transfer only files like documents, music, pictures, and videos, would I be at risk of infecting my external hard drive and reinfecting my computer after reformatting? I tried running combofix, but about 30 second in to the process, my computer displayed a blue screen saying that an error had occurred. My computer then restarted with no combofix.txt document on reboot. Would you like me to try running it again, or is there an alternative?
  16. paphofo
    Let's try and clean it for now. Is there anyway it would be possible to backup files changed since my last backup before reformatting, or is that not an option?
  17. paphofo
    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Greg :: BOB [administrator] 8/13/2012 7:35:52 PM mbam-log-2012-08-13 (19-35-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198040 Time elapsed: 3 minute(s), 10 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5584 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  18. paphofo
    I recently had an infection with a trojan and used this forum to clean my computer. But now it seems I'm reinfected. I'm hoping you can help me out. Thank you in advance for your help. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Greg at 19:46:39 on 2012-08-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6073 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Users\Greg\AppData\Local\Temp\pckda.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\gPadServer\gPadServer.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Greg\AppData\Local\Temp\pckda.exe C:\Users\Greg\AppData\Local\Temp\pckda.exe C:\Users\Greg\AppData\Local\Temp\pckda.exe C:\Users\Greg\AppData\Local\Temp\pckda.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.creighton.edu/students/ mStart Page = hxxp://asus.msn.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GPADSE~1.LNK - C:\Program Files (x86)\gPadServer\gPadServer.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\0586F656E69687 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\2516D626C65627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\26C6575602C696E656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\342716E67756C6C6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\46F6E64747F6573686D69727F657475627C616272797 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO-X64: Lync add-on BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default\ FF - prefs.js: browser.startup.homepage - www.dyingscene.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll . ============= SERVICES / DRIVERS =============== . R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-3-22 1136128] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-2-23 134928] R2 fromlrzjla;vxrgzyjlhb;C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc --> C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc [?] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?] R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-09 01:45:54 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iTunes 2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iPod 2012-08-02 01:20:21 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-23 13:49:48 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-11 06:42:27 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 04:34:06 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 04:34:06 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 04:34:06 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 04:34:06 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 04:34:06 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 04:34:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll . ==================== Find3M ==================== . 2012-08-09 08:10:20 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-08-04 01:31:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-04 01:31:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 19:47:58.03 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/9/2011 4:44:52 PM System Uptime: 8/9/2012 6:18:11 PM (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | U46E Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU 1 | 989/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 145.768 GiB free. D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP118: 7/9/2012 10:46:32 PM - Scheduled Checkpoint RP119: 7/10/2012 11:37:19 PM - Windows Update RP120: 7/18/2012 12:22:01 PM - Scheduled Checkpoint RP121: 7/19/2012 11:43:13 AM - OTL Restore Point - 7/19/2012 11:43:13 AM RP122: 7/28/2012 8:31:00 PM - Scheduled Checkpoint RP123: 8/5/2012 11:35:10 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AIO_Scan Alcor Micro USB Card Reader Amazon MP3 Downloader 1.0.15 Amazon MP3 Uploader Apple Application Support Apple Software Update ASUS AI Recovery ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS U Series ScreenSaver ASUS Virtual Camera ASUS WebStorage AsusVibe2.0 ATK Package BufferChm Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas Copy CustomerResearchQFolder CyberLink LabelPrint CyberLink Power2Go D3DX10 Destinations DeviceManagementQFolder DJ_AIO_ProductContext DJ_AIO_Software DJ_AIO_Software_min Dropbox eSupportQFolder F4100 F4100_Help Free Mp3 Wma Converter V 2.2 Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper gPad Server 2.0 2.0.0 HP Photosmart Essential HP Update HPProductAssistant HPSSupply Intel PROSet Wireless Intel® Control Center Intel® Processor Graphics Intel® WiDi Java Auto Updater Java 6 Update 31 Junk Mail filter update Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Mesh Runtime Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nuance PDF Reader QuickTime Realtek High Definition Audio Driver Scan SceneSwitch Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Service Pack 1 for SQL Server 2008 (KB968369) SolutionCenter Songbird 1.10.2 (Build 2199) Sonic Focus Sql Server Customer Experience Improvement Program Status syncables desktop SE Toolbox TrayApp Unity Web Player UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WebReg Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinFlash Wireless Console 3 . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 7:07:58 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/9/2012 7:07:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/8/2012 6:46:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/8/2012 6:46:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/8/2012 6:46:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/8/2012 6:43:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 6:42:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/8/2012 6:42:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/8/2012 6:42:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/8/2012 6:42:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/5/2012 11:00:46 PM, Error: Service Control Manager [7030] - The vxrgzyjlhb service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/5/2012 1:13:47 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. 8/5/2012 1:13:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} . ==== End Of File ===========================
  19. paphofo
    Ok. I got all that done. Anything else? If I were to reformat to make sure there's not chance of any infection left, would there be anyway to safely get files from this computer that I haven't backed up since the last time I used my external hard drive?
  20. paphofo
    Clear and sunny. No evidence of the redirect virus from browsing. Anything else I need to do?
  21. paphofo
    ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4443744c93cf4a4386276e0e07e17038 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-19 11:38:22 # local_time=2012-07-19 04:38:22 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 85 23408005 94281510 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=194382 # found=6 # cleaned=6 # scan_time=3042 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07192012_114107\C_Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07192012_114107\C_Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07192012_114107\C_Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ Win64/Sirefef.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251
  22. paphofo
    ComboFix 12-07-19.02 - Greg 07/19/2012 14:37:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6563 [GMT -7:00] Running from: c:\users\Greg\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Greg\Documents\~WRL2685.tmp c:\windows\AsPatch10430001.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\msvcr71.dll . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 21:44 . 2012-07-19 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-19 18:41 . 2012-07-19 18:41 -------- d-----w- C:\_OTL 2012-07-11 06:42 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 04:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 04:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 04:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 04:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 04:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 04:34 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-04 20:11 . 2012-07-04 20:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-04 17:41 . 2012-02-10 23:55 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E322A86-88A5-4E01-9726-B8FD956693E0}\gapaengine.dll 2012-07-04 17:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30C90751-5796-423F-A6CC-37CBAD448531}\mpengine.dll 2012-07-03 05:01 . 2012-07-03 05:01 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-03 05:01 . 2012-07-03 05:01 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-03 02:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-26 23:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-26 23:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-26 23:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-26 23:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-26 23:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-26 23:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-26 23:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-26 23:45 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-26 23:45 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-19 21:46 . 2011-07-16 01:45 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-07-12 05:35 . 2012-04-12 21:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 05:35 . 2011-10-11 00:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 06:39 . 2011-10-11 17:09 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 20:46 . 2011-10-10 01:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-04 11:06 . 2012-06-13 16:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 16:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 16:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 16:47 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 16:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 16:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 16:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 16:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 16:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 16:46 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 16:46 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 16:46 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 16:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 16:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sbitunesagent"="c:\program files (x86)\Songbird\songbirditunesagent.exe" [2012-01-19 266240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-12 12099672] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] gPadServer.lnk - c:\program files (x86)\gPadServer\gPadServer.exe [2011-10-9 167424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 549040] FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-4-3 12862] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-03-22 261632] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 assd;assd; [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-24 134928] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:35] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.creighton.edu/students/ mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default\ FF - prefs.js: browser.startup.homepage - www.dyingscene.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-StopDefragment - Install\StopDefragment.exe SafeBoot-MsMpSvc Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd AddRemove-Usmleworld QBank - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\Splendid\ACMON.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2012-07-19 15:00:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-19 22:00 . Pre-Run: 156,479,119,360 bytes free Post-Run: 156,316,098,560 bytes free . - - End Of File - - 9C0C24E550C225F7CECDEBF8EDEEE013
  23. paphofo
    All processes killed ========== OTL ========== C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ moved successfully. C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ moved successfully. C:\Users\Greg\AppData\Local\1e05p63n5b5r673671ae414r54i6d62r66xfx moved successfully. C:\ProgramData\1e05p63n5b5r673671ae414r54i6d62r66xfx moved successfully. ========== FILES ========== C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U folder moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} scheduled to be moved on reboot. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Greg\Downloads\cmd.bat deleted successfully. C:\Users\Greg\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Greg ->Temp folder emptied: 831888716 bytes ->Temporary Internet Files folder emptied: 119036756 bytes ->Java cache emptied: 10514788 bytes ->FireFox cache emptied: 454678750 bytes ->Flash cache emptied: 16361877 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 478767936 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50668 bytes RecycleBin emptied: 2552 bytes Total Files Cleaned = 1,823.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.0 log created on 07192012_114107 Files\Folders moved on Reboot... C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U folder moved successfully. C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} folder moved successfully. C:\Users\Greg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_001_ moved successfully. C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_002_ moved successfully. C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_003_ moved successfully. C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\urlclassifier3.sqlite moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} not found! File C:\Users\Greg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_001_ not found! File C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_002_ not found! File C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_003_ not found! File C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\Cache\_CACHE_MAP_ not found! File C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\w8lfpb9n.default\urlclassifier3.sqlite not found! Registry entries deleted on Reboot...
  24. paphofo
    I have read the articles and would like to continue for now while I follow up on reformatting. Here is the stuff you requested: OTL Extras logfile created on: 7/18/2012 9:24:08 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Greg\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.91 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 76.02% Memory free 15.82 Gb Paging File | 13.89 Gb Available in Paging File | 87.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279.45 Gb Total Space | 143.94 Gb Free Space | 51.51% Space Free | Partition Type: NTFS Drive D: | 394.18 Gb Total Space | 394.08 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: BOB | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-361652323-931365113-2029874430-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0 "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{29F41953-2103-4EF2-8328-AD0EA7480D80}" = Business Contact Manager for Microsoft Outlook 2010 "{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete "{79CC7D89-6A9B-4193-99D5-1A967D2C19EE}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010 "{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}" = Fresco Logic USB3.0 Host Controller "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010 "Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader "{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "7853-6542-9336-3204" = gPad Server 2.0 2.0.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15 "ASUS U Series ScreenSaver" = ASUS U Series ScreenSaver "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "com.amazon.music.uploader" = Amazon MP3 Uploader "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "Google Chrome" = Google Chrome "InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "ProInst" = Intel PROSet Wireless "Songbird-release-2199" = Songbird 1.10.2 (Build 2199) "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-361652323-931365113-2029874430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "UnityWebPlayer" = Unity Web Player "Usmleworld QBank" = Usmleworld QBank ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/14/2012 1:02:16 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6989 Error - 6/14/2012 1:02:16 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6989 Error - 6/14/2012 1:02:17 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/14/2012 1:02:17 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7988 Error - 6/14/2012 1:02:17 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7988 Error - 6/14/2012 1:02:18 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/14/2012 1:02:18 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8986 Error - 6/14/2012 1:02:18 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8986 Error - 6/14/2012 1:02:19 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/14/2012 1:02:19 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10016 Error - 6/14/2012 1:02:19 PM | Computer Name = Bob | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10016 [ System Events ] Error - 7/6/2012 10:52:53 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/6/2012 10:52:53 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 7/7/2012 4:48:47 AM | Computer Name = Bob | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 7/7/2012 4:48:47 AM | Computer Name = Bob | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/7/2012 12:53:56 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/7/2012 12:53:56 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 7/7/2012 1:07:12 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 7/7/2012 1:07:12 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/7/2012 6:24:09 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/7/2012 6:24:09 PM | Computer Name = Bob | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 < End of report > -------------------------------------------------- OTL logfile created on: 7/18/2012 9:24:08 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Greg\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.91 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 76.02% Memory free 15.82 Gb Paging File | 13.89 Gb Available in Paging File | 87.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279.45 Gb Total Space | 143.94 Gb Free Space | 51.51% Space Free | Partition Type: NTFS Drive D: | 394.18 Gb Total Space | 394.08 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: BOB | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/18 21:23:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Downloads\OTL.exe PRC - [2012/07/02 22:01:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/07/15 18:46:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011/06/10 08:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011/05/30 11:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2011/05/17 16:33:58 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\gPadServer\gPadServer.exe PRC - [2011/03/30 14:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/03/30 14:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/03/30 14:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/03/30 14:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2011/01/25 11:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010/11/15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009/11/02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012/07/02 22:01:03 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/06/24 20:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 20:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/06/10 08:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011/05/30 11:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011/05/17 16:33:58 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\gPadServer\gPadServer.exe MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/11/20 05:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/20 05:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/11/02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007/01/02 19:38:02 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2007/01/02 19:38:02 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 16:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/05/02 14:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/05/02 14:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 14:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2011/03/22 01:10:26 | 001,136,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/03/03 16:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2011/02/23 20:20:56 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel® SRV:64bit: - [2010/03/25 06:58:22 | 000,034,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2012/07/11 22:35:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/02 22:01:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/30 14:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/03/30 14:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/03/30 14:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 18:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/01 13:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/08/01 13:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011/05/18 06:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/05/01 14:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2011/04/08 15:46:08 | 000,177,152 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2011/04/08 15:46:08 | 000,056,320 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2011/03/24 06:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/03/22 18:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel® Centrino® DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel® Centrino® DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/08 14:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/03/08 14:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/01/26 17:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/12/13 06:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/05 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/08/24 02:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/04/28 09:59:32 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd) DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/10/04 18:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/20 02:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 11:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/01/19 04:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010/07/26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-361652323-931365113-2029874430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-361652323-931365113-2029874430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.creighton.edu/students/ IE - HKU\S-1-5-21-361652323-931365113-2029874430-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.dyingscene.com/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/02 22:01:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/10 23:42:03 | 000,000,000 | ---D | M] [2012/02/01 22:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions [2012/02/01 22:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com [2012/05/02 13:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default\extensions [2012/04/25 16:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/02 22:01:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/03 17:33:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012/07/02 22:01:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/02 22:01:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [stopDefragment] Install\StopDefragment.exe File not found O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-361652323-931365113-2029874430-1000..\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gPadServer.lnk = C:\Program Files (x86)\gPadServer\gPadServer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-361652323-931365113-2029874430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{37e7b4ad-ce21-11e1-9659-bc7737dbc3f5}\Shell - "" = AutoRun O33 - MountPoints2\{37e7b4ad-ce21-11e1-9659-bc7737dbc3f5}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/04 13:11:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [1 C:\Users\Greg\Documents\*.tmp files -> C:\Users\Greg\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/18 21:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/18 20:40:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/18 20:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/18 16:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/18 12:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 12:45:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/18 12:39:30 | 000,840,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/18 12:39:30 | 000,706,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/18 12:39:30 | 000,136,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/18 12:32:12 | 2077,298,687 | -HS- | M] () -- C:\hiberfil.sys [2012/07/18 12:21:44 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/07/14 16:49:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/11 21:10:57 | 000,416,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/04 22:56:04 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/27 23:48:32 | 000,003,059 | ---- | M] () -- C:\Users\Greg\Desktop\M3.lnk [1 C:\Users\Greg\Documents\*.tmp files -> C:\Users\Greg\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/04 13:05:45 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ [2012/07/04 13:05:45 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@ [2012/07/04 13:05:43 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ [2012/07/04 13:05:41 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ [2012/07/04 13:05:28 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ [2012/07/04 13:05:28 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ [2012/06/27 23:48:32 | 000,003,059 | ---- | C] () -- C:\Users\Greg\Desktop\M3.lnk [2012/03/24 12:26:04 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/01/11 11:39:30 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ [2012/01/11 11:39:30 | 000,002,048 | -HS- | C] () -- C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ [2012/01/06 10:52:40 | 000,186,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/06 22:14:41 | 000,014,256 | -HS- | C] () -- C:\Users\Greg\AppData\Local\1e05p63n5b5r673671ae414r54i6d62r66xfx [2011/12/06 22:14:41 | 000,014,256 | -HS- | C] () -- C:\ProgramData\1e05p63n5b5r673671ae414r54i6d62r66xfx [2011/10/22 16:07:04 | 000,131,014 | ---- | C] () -- C:\Windows\hpoins12.dat [2011/10/18 14:22:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/10/09 18:38:25 | 000,855,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/15 18:37:59 | 000,154,240 | ---- | C] () -- C:\Windows\AsPatch10430001.exe [2011/05/26 01:26:18 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/05/26 01:26:16 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/05/26 01:26:14 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012/01/03 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Amazon [2011/10/09 19:09:19 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ASUS WebStorage [2012/01/29 17:40:16 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.amazon.music.uploader [2012/07/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Dropbox [2011/10/12 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\e-academy Inc [2012/03/24 12:26:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\FreeAudioPack [2011/12/12 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Image Zone Express [2011/10/09 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Nuance [2011/11/28 17:27:34 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Printer Info Cache [2012/04/15 11:37:33 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Songbird2 [2012/01/06 15:11:42 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TeamViewer [2011/10/09 18:08:52 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Zeon [2009/07/13 22:08:49 | 000,026,234 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point < End of report >
  25. paphofo
    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.18.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Greg :: BOB [administrator] 7/18/2012 12:27:01 PM mbam-log-2012-07-18 (12-27-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192092 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) -------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-18 12:36:33 ----------------------------- 12:36:33.537 OS Version: Windows x64 6.1.7601 Service Pack 1 12:36:33.537 Number of processors: 4 586 0x2A07 12:36:33.537 ComputerName: BOB UserName: 12:36:40.143 Initialize success 12:37:04.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:37:04.343 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3 12:37:04.359 Disk 0 MBR read successfully 12:37:04.374 Disk 0 MBR scan 12:37:04.374 Disk 0 Windows 7 default MBR code 12:37:04.390 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 12:37:04.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 12:37:04.406 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576 12:37:04.484 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624 12:37:04.546 Disk 0 scanning C:\Windows\system32\drivers 12:37:13.821 Service scanning 12:37:36.392 Modules scanning 12:37:36.402 Disk 0 trace - called modules: 12:37:36.442 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 12:37:36.452 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e05060] 12:37:36.462 3 CLASSPNP.SYS[fffff88001b6043f] -> nt!IofCallDriver -> [0xfffffa80077c3800] 12:37:36.482 5 ACPI.sys[fffff88000f227a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077fd050] 12:37:36.492 Scan finished successfully 12:37:57.451 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\MBR.dat" 12:37:57.461 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR.txt"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.