Jump to content

bfrivers

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much for your help. I followed the clean-up instructions; however, the Java site said my Java was current, and I had no prior versions installed according to the control panel list. Everything else went without issue. Thanks again!
  2. I just ran about 20 searches and it didn't happen. So, it seems like I'm clean. Where did you find that add-on name? And do you know how that one is spread? Here's the log: All processes killed ========== OTL ========== Prefs.js: ubobghwbtw@ubobghwbtw.org:1.0 removed from extensions.enabledAddons C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\extensions\ubobghwbtw@ubobghwbtw.org.xpi moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\bill\Desktop\cmd.bat deleted successfully. C:\Users\bill\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: bill ->Temp folder emptied: 70713689 bytes ->Temporary Internet Files folder emptied: 164327100 bytes ->Java cache emptied: 8983662 bytes ->FireFox cache emptied: 89966356 bytes ->Flash cache emptied: 308275 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 111993 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 319.00 mb OTL by OldTimer - Version 3.2.61.4 log created on 09142012_115927 Files\Folders moved on Reboot... C:\Users\bill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Here's extras.txt: OTL Extras logfile created on: 9/14/2012 11:34:31 AM - Run 1 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\bill\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 64.31% Memory free 15.90 Gb Paging File | 12.67 Gb Available in Paging File | 79.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.00 Gb Total Space | 542.56 Gb Free Space | 79.32% Space Free | Partition Type: NTFS Drive D: | 14.34 Gb Total Space | 1.60 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Drive E: | 1.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: bill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14C7B37E-08ED-4662-BDFE-1536B43D12EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{16B3546B-5920-427E-A123-0B181D2056D0}" = rport=139 | protocol=6 | dir=out | app=system | "{1CF9E9EB-9ADF-4474-937D-052077806007}" = rport=138 | protocol=17 | dir=out | app=system | "{232A45B6-4D0A-41AC-AFED-34E070E52ED7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2DB936C5-7FF0-41B5-9F9A-B4BB5C05063B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{31DA1C32-6E16-4E43-B085-95BBAC6303EA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | "{48CC39BC-1B60-48D6-AA60-A39999AB38AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{539B4E2E-B22B-4D9B-A104-6115ADA1AAED}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{54CE95D8-B909-4801-A50B-3327F1E2B854}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5878BC40-4270-4540-831D-A09D4677F8F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{59662FCC-674A-4DDD-9284-758D683DF657}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70769B2A-DC7E-45CB-B9F4-CD50C1D7A576}" = rport=137 | protocol=17 | dir=out | app=system | "{7A1E2F1F-DC71-4DB5-BD24-D55B4D546045}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7AB4C410-4581-47B2-A47B-174BB732B202}" = rport=10243 | protocol=6 | dir=out | app=system | "{81A278EC-99A6-41C3-8964-8215A3763FF9}" = lport=137 | protocol=17 | dir=in | app=system | "{839F1DF3-6B3C-4FB5-944C-D36AB7951178}" = lport=138 | protocol=17 | dir=in | app=system | "{A618A0D7-D859-46F7-B811-795FC27697CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A658A541-2194-4066-AA20-42D365258F7A}" = lport=139 | protocol=6 | dir=in | app=system | "{B9410363-962D-40B9-A2FA-66EC2E945656}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C22DD0CF-1C0F-4EE0-BC45-14DAFC830484}" = rport=445 | protocol=6 | dir=out | app=system | "{D2FB2ABF-6010-4237-A8D2-5F4304AE686C}" = lport=10243 | protocol=6 | dir=in | app=system | "{D6823B09-BF22-48B4-B7E2-FF78E00D7FC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED4B2EC1-40E8-47E1-8723-6C2C9821CA84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE3DFC73-2EA0-4B77-8ABC-2D5AAB9700C5}" = lport=445 | protocol=6 | dir=in | app=system | "{F1F2B0EE-43CA-464F-BA93-74B9C3C34932}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{077A8FE9-58EB-496C-B4A6-78C9239F6359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0FF39452-9140-47DB-97AA-845A8D17A421}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{102C83E6-E2C3-4684-BE91-F238697F5D23}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{1AC1A8BC-5CAA-40BB-9EEE-2F2652643096}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1D0EDADB-7904-473A-9CEF-461DE021976F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{278A193E-1840-4083-9BE3-C103019DB358}" = protocol=6 | dir=out | app=system | "{32EF30D1-953F-4116-9BAB-E7754E561F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{33C8B1DB-CFC3-417D-8256-5DC5D0C72BCE}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{3A46CC13-D644-4570-AAFA-2AC8A1341943}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{4035D339-EDB8-412A-ABE1-CB41DB56AEB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5263E2E6-3212-4081-B033-E21BE107245E}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{545784B1-650A-4937-AC7C-6FB2BB44278A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{55DC83A2-E98A-423C-A799-4141EB07C59B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6E150814-5B96-4883-BE65-EAC3D9B98E70}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{721307B5-1DC0-41E4-9CC1-77FF7548E354}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8224CC7B-406B-481A-9A3B-39324F4C8936}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8AF84654-E07F-4F76-A478-DACBE08D7E05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8FE8812E-33D9-4FA3-B03E-E4D206455DA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{942DA69A-99FB-4C84-92B2-050C0C214B33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{95531478-7223-4984-A4FB-712E3E713A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9A666EBB-D017-4158-9D0C-0A7F842DB0FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B5EBB37-2869-4D9C-A799-A758338F3261}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A5B89B8E-236C-4AB0-B4E1-E9278573BA65}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{ABD54BB4-B169-4A20-99B9-089D2972D996}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AD2FE46A-A306-4F69-A9F0-B71CBD59E443}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BAB13592-8FDA-4F83-BFC3-09F1B869CB04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BDF20D19-1CD1-4E48-ACCA-F7333EF71DA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BE0F2DC6-834E-44AE-8423-48F9E658B052}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C024037B-EFF1-4901-8120-E9C56B21DBED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C1DC52E6-9EDB-4C8B-B4A1-4F1A0396ADF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{C1E40A21-2210-4B71-8532-537B55A71026}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{C310F7EB-EE09-41F4-B3BA-CD5F1F7ADBC3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C3546A36-5B3A-4214-8A7F-BAED6087C182}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C6FE28B5-A31B-4A07-B40B-34704D2506FF}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{C9ABAC37-74DB-40C0-9FEC-2D3BF94E0CD5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CCFD96A6-30E7-4F12-B2B0-ECFF2C695F89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E08CD860-7D93-4277-B8A1-2AB9BB9FABE7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{E1795B20-2854-40A9-A0E8-685CAC531873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F0C32DF4-3908-4C88-85BA-48E352372EE5}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe | "{FA1709E1-F429-49BD-BDD9-3A7632D13248}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FC38A29F-6BD6-4D35-BF60-3CB07D0ABD91}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "TCP Query User{2BDC1283-ADA3-4884-9EA5-F14BED26CC80}C:\program files (x86)\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv\freeciv-server.exe | "TCP Query User{4832EC99-1F2C-458B-990E-4AAFDDDAE605}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{683D676B-9581-48BC-A408-2749DADCA8C2}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe | "TCP Query User{6A1772FF-1495-4F07-9BBB-B30FFFFD33EE}C:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe | "TCP Query User{979D2CBE-806E-4AB8-A1ED-73E60328A5B0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{A7DFC896-87A1-43D4-AE96-7E84D9B56AAA}C:\program files (x86)\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv\freeciv-server.exe | "TCP Query User{BAFC8AAB-473D-451E-89A3-6105D61C98E8}C:\users\bill\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bill\appdata\roaming\spotify\spotify.exe | "TCP Query User{CD1DB5B6-88DA-4DCD-801E-B61DE451A839}C:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe | "TCP Query User{FDBFCEFB-7D4D-40C5-A42F-D2456DB65962}C:\users\bill\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\bill\appdata\local\aptana studio 3\aptanastudio3.exe | "UDP Query User{3306F276-A849-429E-9F83-69FD13A9A6FD}C:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe | "UDP Query User{394E2316-935A-4BD6-8BBC-AEA109950893}C:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.2.7-gtk2\freeciv-server.exe | "UDP Query User{59EF3CEF-AA03-48EE-A72A-F0433B8A24DD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{7FDC6EA6-D531-4095-A749-8D6089847132}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe | "UDP Query User{ACD72E9E-7F96-492E-8F98-A9E4D53A0016}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{B4C0A832-37F5-4B1A-BC5B-A8BD69959D8A}C:\users\bill\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\bill\appdata\local\aptana studio 3\aptanastudio3.exe | "UDP Query User{BB0A738B-E99E-47AF-9273-2B2AAC1F00DC}C:\program files (x86)\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv\freeciv-server.exe | "UDP Query User{C285EE9E-8F14-4651-86D3-25A3AF4B0D55}C:\users\bill\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bill\appdata\roaming\spotify\spotify.exe | "UDP Query User{C41715CC-D9D1-49BD-BC7A-DC40C799F406}C:\program files (x86)\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv\freeciv-server.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK "{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center "{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312 "{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312 "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player "{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French "{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding "{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update "{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java 6 Update 35 "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312 "{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common "{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek "{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display "{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy "{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ADC1384-4E79-44D5-BB9A-F1DB4038C79E}" = TurboTax 2011 wmaiper "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312 "{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8596F7E7-3684-4BCE-9EAE-2E567570B63F}" = LeapFrog Leapster2 Plugin "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian "{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish "{8FF7AA7C-CEA8-447A-8624-3E4F12FB3BCD}" = 950000 ClickArt "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2F0A59-B202-4D2A-9343-A7E5ACE852B7}" = JSWPFCom "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AEDA8713-5521-4600-9AC2-81674A9EDC4F}" = Blio "{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish "{B2EB23D7-8AA5-457F-82B8-4F60321A9CC7}" = JSWPFGradeK "{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia My Piano "{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian "{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English "{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update "{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009 "{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312 "{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F9D1B35B-60DD-44F9-8FAF-29CD7CBD4BF3}" = LeapFrog Connect "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Aptana Studio 3" = Aptana Studio 3 "Bloomberg Excel Tools" = Bloomberg Excel Tools "Bloomberg Keyboard v11.1" = Bloomberg Keyboard v11.1 "Bloomberg PFM Upload Tool for Microsoft Excel" = Bloomberg PFM Upload Tool for Microsoft Excel "Bloomberg Professional Service" = Bloomberg Professional Service "Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader "EasyBits Magic Desktop" = Magic Desktop "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.3 "Freeciv-2.3.1-gtk2" = Freeciv 2.3.1 (GTK+ client) "Git_is1" = Git version 1.7.7-preview20111012 "GPL Ghostscript 9.05" = GPL Ghostscript "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{8FF7AA7C-CEA8-447A-8624-3E4F12FB3BCD}" = 950000 ClickArt "JumpStart 3D Ages 4-6" = JumpStart 3D Ages 4-6 "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) "Logo Design Shop 3.5.2" = Logo Design Shop "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel PROSet Wireless "Reading Blaster Ages 4-6" = Reading Blaster Ages 4-6 "TurboTax 2011" = TurboTax 2011 "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "UnityWebPlayer" = Unity Web Player "UPCShell" = LeapFrog Connect "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087415" = Wheel of Fortune 2 "WT087536" = Diner Dash 2 Restaurant Rescue "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089457" = Slingo Supreme "WT089458" = Plants vs. Zombies - Game of the Year "WT089470" = FATE - The Traitor Soul "WT089484" = Namco All-Stars PAC-MAN "WT089496" = Mystery P.I. - Stolen in San Francisco "WT089498" = Bejeweled 3 "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Juniper_Setup_Client" = Juniper Networks Setup Client "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/21/2012 11:00:04 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2/21/2012 11:00:04 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3026 Error - 2/21/2012 11:00:04 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3026 Error - 2/21/2012 11:00:05 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2/21/2012 11:00:05 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4025 Error - 2/21/2012 11:00:05 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4025 Error - 2/21/2012 11:00:06 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2/21/2012 11:00:06 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5023 Error - 2/21/2012 11:00:06 AM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5023 Error - 2/21/2012 1:22:42 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ Hewlett-Packard Events ] Error - 2/6/2012 8:22:00 AM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 2/6/2012 12:12:41 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 3/6/2012 12:25:25 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 3/6/2012 12:27:47 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 3/13/2012 1:15:56 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 6/5/2012 12:41:35 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 6/6/2012 6:04:37 PM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 6/6/2012 6:21:18 PM | Computer Name = laptop | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() Error - 7/3/2012 11:19:19 AM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = Error - 8/6/2012 11:43:38 AM | Computer Name = laptop | Source = HPSF.exe | ID = 4000 Description = [ HP Connection Manager Events ] Error - 9/11/2012 7:07:13 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/11 19:07:13.386|00000F54|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/11/2012 7:07:23 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/11 19:07:23.710|00000F54|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/11/2012 7:18:26 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/11 19:18:26.512|000015A4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 4:07:42 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 16:07:42.742|0000122C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 4:07:46 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 16:07:46.149|0000122C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 4:22:28 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 16:22:28.109|00001A88|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 4:59:24 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 16:59:24.345|00001B14|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 7:21:38 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 19:21:38.588|00001354|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/12/2012 8:31:56 PM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/12 20:31:56.979|00001A94|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 9/13/2012 9:26:09 AM | Computer Name = laptop | Source = hpCMSrv | ID = 5 Description = 2012/09/13 09:26:09.664|000018C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 9/11/2012 12:28:09 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/11 12:28:09.805|00003EE0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/11/2012 7:12:34 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/11 19:12:34.888|0000035C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/11/2012 9:02:23 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/11 21:02:23.823|00001BB4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/12/2012 4:12:57 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/12 16:12:57.579|00001934|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/12/2012 4:26:13 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/12 16:26:13.791|00001980|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/12/2012 5:04:21 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/12 17:04:21.154|000019B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/12/2012 7:25:04 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/12 19:25:04.989|000019A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/12/2012 8:46:19 PM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/12 20:46:19.532|0000183C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/13/2012 9:41:14 AM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/13 09:41:14.192|00001A58|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 9/14/2012 10:22:14 AM | Computer Name = laptop | Source = CaslWmi | ID = 5 Description = 2012/09/14 10:22:14.889|000017B8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 9/13/2012 9:40:19 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/13/2012 9:40:22 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/14/2012 10:19:53 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/14/2012 10:20:54 AM | Computer Name = laptop | Source = DCOM | ID = 10016 Description = Error - 9/14/2012 10:21:18 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 9/14/2012 10:21:19 AM | Computer Name = laptop | Source = DCOM | ID = 10005 Description = Error - 9/14/2012 10:21:19 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/14/2012 10:21:21 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/14/2012 10:34:07 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 Error - 9/14/2012 10:34:24 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000 Description = The Machine Debug Manager service failed to start due to the following error: %%2 < End of report >
  4. Here's OTL.txt: OTL logfile created on: 9/14/2012 11:34:31 AM - Run 1 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\bill\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 64.31% Memory free 15.90 Gb Paging File | 12.67 Gb Available in Paging File | 79.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.00 Gb Total Space | 542.56 Gb Free Space | 79.32% Space Free | Partition Type: NTFS Drive D: | 14.34 Gb Total Space | 1.60 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Drive E: | 1.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: bill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/14 11:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe PRC - [2012/09/14 10:42:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe PRC - [2012/07/31 14:40:31 | 001,193,176 | ---- | M] () -- C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2011/11/30 12:09:20 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011/11/16 17:34:06 | 000,093,696 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlaui.exe PRC - [2011/11/16 16:41:58 | 000,028,672 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlartd.exe PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/03/08 15:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/27 15:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2010/11/20 23:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2012/07/31 14:40:31 | 001,193,176 | ---- | M] () -- C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/06/15 17:15:43 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll MOD - [2012/06/15 07:22:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/15 07:22:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/15 07:22:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/10 08:02:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll MOD - [2012/05/09 18:34:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 18:33:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/09 18:33:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/09 18:33:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/09 18:33:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/09 18:33:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/16 17:58:22 | 000,050,992 | ---- | M] () -- c:\blp\API\dde\bbloader.dll MOD - [2011/11/16 17:38:50 | 000,385,024 | ---- | M] () -- c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll MOD - [2011/11/16 17:06:26 | 000,196,608 | ---- | M] () -- c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/06/06 18:10:17 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/11/30 12:13:19 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/11/30 12:13:18 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/14 10:34:18 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 21:00:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2011/11/30 12:11:15 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/06 18:10:33 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2012/06/06 18:10:17 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/06/06 18:10:17 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/30 12:13:20 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/11/30 12:11:15 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/11/30 12:09:21 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/11/30 12:09:21 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/02/18 20:07:58 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.votervault3.com/votervault30/login/login.aspx IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: ubobghwbtw@ubobghwbtw.org:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 21:00:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:00:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 21:00:03 | 000,000,000 | ---D | M] [2011/08/15 09:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Extensions [2012/09/10 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\extensions [1832/11/29 00:22:58 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\extensions\ubobghwbtw@ubobghwbtw.org.xpi [2012/09/07 21:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/07 21:00:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/09/07 21:00:02 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/09/07 21:00:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/30 21:56:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/08/30 21:56:51 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/09/12 20:34:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe () O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [googletalk] C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [spotify Web Helper] C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF3B9A67-C7F3-4F1B-9FAB-460358D68338}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/14 11:30:01 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe [2012/09/14 10:42:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe [2012/09/14 07:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/13 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\bill\Desktop\RK_Quarantine [2012/09/13 13:29:53 | 000,000,000 | ---D | C] -- C:\FRST [2012/09/13 12:23:59 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{B5963D57-3F2D-41B8-8499-41718C119142} [2012/09/13 11:32:30 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\shea [2012/09/13 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\My Scans [2012/09/12 20:39:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/12 20:34:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/09/12 17:19:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/12 17:19:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/12 17:19:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/12 17:17:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/12 17:17:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/12 17:15:13 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\bill\Desktop\ComboFix.exe [2012/09/12 16:19:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/09/11 20:55:22 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\tdsskiller [2012/09/11 19:22:49 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Roaming\Anvisoft [2012/09/11 19:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012/09/11 19:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft [2012/09/11 19:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2012/09/11 17:03:12 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Roaming\Malwarebytes [2012/09/11 17:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/11 17:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/11 17:02:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/11 17:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/07 21:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/09/06 20:59:46 | 000,000,000 | ---D | C] -- C:\Users\bill\Desktop\Osprey [2012/09/04 07:36:50 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{2E7EAB09-3933-4792-8B5F-55968A5F9636} [2012/08/31 16:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/08/26 16:14:36 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{FB81D580-3141-4668-A041-DB87F5B3166D} [2012/08/24 13:40:02 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{BC532101-70D4-4DDD-A5B3-E30072CD6000} [2012/08/24 13:28:40 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\bill\Desktop\TDSSKiller.exe [2012/08/22 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{1ACDE1EA-E43A-42B6-8E4B-6B554D9BB07C} [2012/08/22 07:31:08 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{3BE32315-0BDB-4175-8B7F-968A386B2C47} [2012/08/21 19:24:07 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{DB28C5EE-819C-4C7C-89D7-7D7A040E523C} [2012/08/21 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{96657DE7-B495-4784-8C5F-81FF92F993DD} [2012/08/20 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{F3DC307D-049C-4F26-97E7-32885FEC1E7B} [2012/08/18 12:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/08/18 12:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect [2012/08/18 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{4F68C277-D9CD-45A4-93E4-7C4B9F031ECD} [2012/08/18 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{EB96ABC9-4ADA-4A28-8E54-2185D2A71EE1} [2012/08/18 12:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog [2012/08/18 12:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog [2012/08/18 09:15:10 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{397F1D4D-48A5-4223-8881-64FDB15F195C} [2012/08/17 09:57:31 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{77E2196B-41FC-4261-8CDA-911763B6143E} [2012/08/17 09:56:52 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{BD56BDA9-2B0D-4EC9-A7BE-E2CCDC4CE6B8} [2012/08/16 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{5344CF5E-8D1B-4422-A35E-F72F45862DB7} [2012/08/16 13:46:09 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{AABFEF9E-A83B-4578-8ADC-207C56DB66A4} [2012/08/15 20:49:06 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{79DD92FA-9086-4A9F-B4DF-D530D8FD2003} [2012/08/15 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{7E651C0F-DF79-4A48-BE72-D31E2C818AE3} ========== Files - Modified Within 30 Days ========== [2012/09/14 11:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/14 11:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe [2012/09/14 11:10:10 | 000,000,580 | ---- | M] () -- C:\Users\bill\Desktop\MBR.zip [2012/09/14 11:09:50 | 000,000,512 | ---- | M] () -- C:\Users\bill\Desktop\MBR.dat [2012/09/14 10:51:03 | 000,000,512 | ---- | M] () -- C:\Users\bill\Desktop\MBR-1.dat [2012/09/14 10:42:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe [2012/09/14 10:29:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 10:29:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 10:25:44 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/14 10:25:44 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/14 10:25:44 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/14 10:19:51 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLAPTOP$.job [2012/09/14 10:19:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/14 10:19:36 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2012/09/14 10:17:44 | 000,512,399 | ---- | M] () -- C:\Users\bill\Desktop\adwcleaner.exe [2012/09/13 21:01:32 | 000,011,590 | ---- | M] () -- C:\Users\bill\.recently-used.xbel [2012/09/13 20:47:56 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012/09/13 19:14:04 | 001,378,816 | ---- | M] () -- C:\Users\bill\Desktop\RogueKiller.exe [2012/09/12 20:34:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/09/12 17:16:02 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\bill\Desktop\ComboFix.exe [2012/09/11 19:08:28 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbill.job [2012/09/11 17:05:32 | 000,008,877 | ---- | M] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3 [2012/09/11 17:03:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/11 07:30:47 | 000,017,914 | ---- | M] () -- C:\Users\bill\Desktop\9-11.jpg [2012/09/10 19:02:07 | 022,413,312 | ---- | M] () -- C:\Users\bill\Documents\B-R.accdb [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/02 21:12:02 | 000,014,235 | ---- | M] () -- C:\Users\bill\Desktop\pirates plunge.jpg [2012/08/28 15:53:13 | 000,270,196 | ---- | M] () -- C:\Users\bill\Documents\L2_SW_rew_cp_cert_01.png [2012/08/27 13:06:31 | 006,050,107 | ---- | M] () -- C:\Users\bill\Documents\8thind.csv [2012/08/27 12:57:47 | 004,468,637 | ---- | M] () -- C:\Users\bill\Documents\8th.csv [2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\bill\Desktop\TDSSKiller.exe [2012/08/18 12:31:50 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk [2012/08/16 15:08:06 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/08/16 14:56:33 | 000,561,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/09/14 11:10:10 | 000,000,580 | ---- | C] () -- C:\Users\bill\Desktop\MBR.zip [2012/09/14 11:09:50 | 000,000,512 | ---- | C] () -- C:\Users\bill\Desktop\MBR.dat [2012/09/14 10:51:03 | 000,000,512 | ---- | C] () -- C:\Users\bill\Desktop\MBR-1.dat [2012/09/14 10:17:42 | 000,512,399 | ---- | C] () -- C:\Users\bill\Desktop\adwcleaner.exe [2012/09/13 21:01:32 | 000,011,590 | ---- | C] () -- C:\Users\bill\.recently-used.xbel [2012/09/13 19:14:03 | 001,378,816 | ---- | C] () -- C:\Users\bill\Desktop\RogueKiller.exe [2012/09/12 17:19:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/12 17:19:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/12 17:19:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/12 17:19:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/12 17:19:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/11 17:03:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/11 07:30:46 | 000,017,914 | ---- | C] () -- C:\Users\bill\Desktop\9-11.jpg [2012/09/02 21:12:01 | 000,014,235 | ---- | C] () -- C:\Users\bill\Desktop\pirates plunge.jpg [2012/08/28 15:53:12 | 000,270,196 | ---- | C] () -- C:\Users\bill\Documents\L2_SW_rew_cp_cert_01.png [2012/08/27 12:57:04 | 022,413,312 | ---- | C] () -- C:\Users\bill\Documents\B-R.accdb [2012/08/27 12:09:02 | 006,050,107 | ---- | C] () -- C:\Users\bill\Documents\8thind.csv [2012/08/27 09:44:26 | 004,468,637 | ---- | C] () -- C:\Users\bill\Documents\8th.csv [2012/08/18 12:31:50 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk [2012/06/06 18:12:04 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/06 18:12:04 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/06/06 18:12:02 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/06/06 18:11:58 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/03/25 18:32:05 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/02/17 20:15:59 | 000,000,114 | ---- | C] () -- C:\Users\bill\webct_upload_applet.properties [2011/12/28 09:36:08 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\UNWISE.EXE [2011/12/22 09:22:56 | 000,220,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/11/14 16:15:58 | 000,000,032 | ---- | C] () -- C:\Users\bill\.gtk-bookmarks [2011/11/14 15:36:16 | 000,743,597 | ---- | C] () -- C:\Users\bill\.fonts.cache-1 [2011/10/11 17:31:49 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/04 10:34:56 | 000,008,877 | ---- | C] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3 [2011/08/26 19:22:48 | 000,000,160 | ---- | C] () -- C:\Windows\ka.ini [2011/08/15 15:13:08 | 000,008,092 | ---- | C] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.2 [2011/08/15 14:54:07 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe [2011/08/15 10:43:16 | 000,743,954 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/08/15 09:42:04 | 000,000,740 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2011/08/15 09:40:21 | 000,176,798 | ---- | C] () -- C:\Windows\hppins11.dat [2011/08/15 09:40:21 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat [2011/07/18 08:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/07/18 08:49:48 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011/07/18 08:48:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/07/18 08:44:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/04/08 16:54:49 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/25 22:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/02/22 19:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== LOP Check ========== [2012/09/11 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\.freeciv [2012/09/12 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Anvisoft [2011/08/15 09:56:44 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Blio [2011/12/15 08:26:39 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\com.Shutterfly.ExpressUploader [2012/09/14 07:20:15 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\FileZilla [2012/05/04 11:10:29 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Firefly Studios [2012/09/13 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\gtk-2.0 [2012/03/09 08:41:42 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Hemera [2012/03/03 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Juniper Networks [2012/08/16 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Spotify [2012/03/09 08:26:52 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Summitsoft [2011/08/15 08:27:33 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Synaptics [2011/08/23 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011/09/15 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Windows Live Writer [2009/07/14 01:08:49 | 000,019,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SERVICES.EXE > [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SVCHOST.EXE > [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < %systemroot%\*. /rp /s > < %systemdrive%\$Recycle.Bin|@;true;true;true > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: Hitachi HTS547575A9E384 Partitions: 4 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 0.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 684.00GB Starting Offset: 209715200 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 14.00GB Starting Offset: 734650171392 Hidden sectors: 0 DeviceID: Disk #0, Partition #3 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 0.00GB Starting Offset: 750047461376 Hidden sectors: 0 < End of report >
  5. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-14 10:43:25 ----------------------------- 10:43:25.306 OS Version: Windows x64 6.1.7601 Service Pack 1 10:43:25.306 Number of processors: 8 586 0x2A07 10:43:25.307 ComputerName: LAPTOP UserName: bill 10:43:27.189 Initialize success 10:44:37.846 AVAST engine defs: 12091400 10:44:51.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:44:51.042 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3 10:44:51.057 Disk 0 MBR read successfully 10:44:51.062 Disk 0 MBR scan 10:44:51.070 Disk 0 Windows 7 default MBR code 10:44:51.076 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 10:44:51.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700417 MB offset 409600 10:44:51.124 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14684 MB offset 1434863616 10:44:51.146 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448 10:44:51.198 Disk 0 scanning C:\Windows\system32\drivers 10:45:02.703 Service scanning 10:45:33.663 Modules scanning 10:45:33.679 Disk 0 trace - called modules: 10:45:33.715 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 10:45:33.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083b0790] 10:45:33.726 3 CLASSPNP.SYS[fffff88001c9e43f] -> nt!IofCallDriver -> [0xfffffa80082b8b10] 10:45:33.732 5 hpdskflt.sys[fffff880019eb189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800818a050] 10:45:35.333 AVAST engine scan C:\Windows 10:45:39.346 AVAST engine scan C:\Windows\system32 10:48:21.738 AVAST engine scan C:\Windows\system32\drivers 10:48:35.018 AVAST engine scan C:\Users\bill 10:51:03.808 Disk 0 MBR has been saved successfully to "C:\Users\bill\Desktop\MBR.dat" 10:51:03.815 The log file has been saved successfully to "C:\Users\bill\Desktop\aswMBR.txt" 11:07:32.559 AVAST engine scan C:\ProgramData 11:09:11.088 Scan finished successfully 11:09:50.342 Disk 0 MBR has been saved successfully to "C:\Users\bill\Desktop\MBR.dat" 11:09:50.347 The log file has been saved successfully to "C:\Users\bill\Desktop\aswMBR.txt" MBR.zip
  6. Yep ... Just tried a google search and got redirected to http://8.26.70.252/see/display.php?q=angelo+d+emilia&affsub=46938-10090&subid=e10 when I clicked on a result.
  7. Here's the log from AdwCleaner: # AdwCleaner v2.001 - Logfile created 09/14/2012 at 10:18:23 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : bill - LAPTOP # Boot Mode : Normal # Running from : C:\Users\bill\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0 (en-US) Profile name : default File : C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [1415 octets] - [14/09/2012 10:18:23] ########## EOF - C:\AdwCleaner[s1].txt - [1475 octets] ##########
  8. Here's the results of the ESET scan: C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe a variant of Win32/SoftonicDownloader.D application
  9. MalwareBytes still finds nothing: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 bill :: LAPTOP [administrator] 9/14/2012 7:21:23 AM mbam-log-2012-09-14 (07-21-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204647 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Still nothing found when I run this one ... report is below: 19:33:38.0641 9588 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 19:33:39.0054 9588 ============================================================ 19:33:39.0054 9588 Current date / time: 2012/09/13 19:33:39.0054 19:33:39.0054 9588 SystemInfo: 19:33:39.0054 9588 19:33:39.0054 9588 OS Version: 6.1.7601 ServicePack: 1.0 19:33:39.0054 9588 Product type: Workstation 19:33:39.0054 9588 ComputerName: LAPTOP 19:33:39.0055 9588 UserName: bill 19:33:39.0055 9588 Windows directory: C:\Windows 19:33:39.0055 9588 System windows directory: C:\Windows 19:33:39.0055 9588 Running under WOW64 19:33:39.0055 9588 Processor architecture: Intel x64 19:33:39.0055 9588 Number of processors: 8 19:33:39.0055 9588 Page size: 0x1000 19:33:39.0055 9588 Boot type: Normal boot 19:33:39.0055 9588 ============================================================ 19:33:39.0639 9588 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:33:39.0649 9588 ============================================================ 19:33:39.0649 9588 \Device\Harddisk0\DR0: 19:33:39.0650 9588 MBR partitions: 19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55800800 19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55864800, BlocksNum 0x1CAE000 19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 19:33:39.0650 9588 ============================================================ 19:33:39.0680 9588 C: <-> \Device\Harddisk0\DR0\Partition2 19:33:39.0723 9588 D: <-> \Device\Harddisk0\DR0\Partition3 19:33:39.0740 9588 F: <-> \Device\Harddisk0\DR0\Partition4 19:33:39.0740 9588 ============================================================ 19:33:39.0740 9588 Initialize success 19:33:39.0740 9588 ============================================================ 19:33:47.0988 9112 ============================================================ 19:33:47.0988 9112 Scan started 19:33:47.0988 9112 Mode: Manual; TDLFS; 19:33:47.0988 9112 ============================================================ 19:33:48.0418 9112 ================ Scan system memory ======================== 19:33:48.0418 9112 System memory - ok 19:33:48.0419 9112 ================ Scan services ============================= 19:33:48.0646 9112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:33:48.0651 9112 1394ohci - ok 19:33:48.0693 9112 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 19:33:48.0695 9112 Accelerometer - ok 19:33:48.0758 9112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:33:48.0765 9112 ACPI - ok 19:33:48.0801 9112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:33:48.0803 9112 AcpiPmi - ok 19:33:48.0940 9112 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:33:48.0942 9112 AdobeARMservice - ok 19:33:49.0101 9112 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:33:49.0105 9112 AdobeFlashPlayerUpdateSvc - ok 19:33:49.0172 9112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:33:49.0183 9112 adp94xx - ok 19:33:49.0244 9112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:33:49.0252 9112 adpahci - ok 19:33:49.0303 9112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:33:49.0308 9112 adpu320 - ok 19:33:49.0340 9112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:33:49.0343 9112 AeLookupSvc - ok 19:33:49.0448 9112 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 19:33:49.0451 9112 AESTFilters - ok 19:33:49.0504 9112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:33:49.0514 9112 AFD - ok 19:33:49.0551 9112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:33:49.0554 9112 agp440 - ok 19:33:49.0580 9112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:33:49.0583 9112 ALG - ok 19:33:49.0625 9112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:33:49.0627 9112 aliide - ok 19:33:49.0672 9112 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:33:49.0677 9112 AMD External Events Utility - ok 19:33:49.0705 9112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:33:49.0707 9112 amdide - ok 19:33:49.0737 9112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:33:49.0740 9112 AmdK8 - ok 19:33:49.0953 9112 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:33:50.0138 9112 amdkmdag - ok 19:33:50.0205 9112 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 19:33:50.0211 9112 amdkmdap - ok 19:33:50.0242 9112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 19:33:50.0244 9112 AmdPPM - ok 19:33:50.0268 9112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:33:50.0272 9112 amdsata - ok 19:33:50.0305 9112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 19:33:50.0310 9112 amdsbs - ok 19:33:50.0337 9112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:33:50.0338 9112 amdxata - ok 19:33:50.0379 9112 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 19:33:50.0386 9112 AMPPAL - ok 19:33:50.0399 9112 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 19:33:50.0404 9112 AMPPALP - ok 19:33:50.0496 9112 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 19:33:50.0519 9112 AMPPALR3 - ok 19:33:50.0563 9112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:33:50.0566 9112 AppID - ok 19:33:50.0595 9112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:33:50.0596 9112 AppIDSvc - ok 19:33:50.0626 9112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:33:50.0629 9112 Appinfo - ok 19:33:50.0721 9112 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:33:50.0723 9112 Apple Mobile Device - ok 19:33:50.0771 9112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 19:33:50.0774 9112 arc - ok 19:33:50.0794 9112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:33:50.0797 9112 arcsas - ok 19:33:50.0825 9112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:33:50.0826 9112 AsyncMac - ok 19:33:50.0873 9112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:33:50.0874 9112 atapi - ok 19:33:50.0921 9112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:33:50.0934 9112 AudioEndpointBuilder - ok 19:33:50.0951 9112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:33:50.0960 9112 AudioSrv - ok 19:33:50.0991 9112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:33:50.0995 9112 AxInstSV - ok 19:33:51.0030 9112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 19:33:51.0041 9112 b06bdrv - ok 19:33:51.0079 9112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:33:51.0085 9112 b57nd60a - ok 19:33:51.0161 9112 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 19:33:51.0174 9112 BCM43XX - ok 19:33:51.0217 9112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:33:51.0218 9112 BDESVC - ok 19:33:51.0246 9112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:33:51.0247 9112 Beep - ok 19:33:51.0293 9112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:33:51.0300 9112 BFE - ok 19:33:51.0341 9112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 19:33:51.0350 9112 BITS - ok 19:33:51.0376 9112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 19:33:51.0377 9112 blbdrive - ok 19:33:51.0443 9112 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:33:51.0448 9112 Bonjour Service - ok 19:33:51.0484 9112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:33:51.0485 9112 bowser - ok 19:33:51.0514 9112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 19:33:51.0514 9112 BrFiltLo - ok 19:33:51.0539 9112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 19:33:51.0540 9112 BrFiltUp - ok 19:33:51.0562 9112 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 19:33:51.0564 9112 BridgeMP - ok 19:33:51.0610 9112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:33:51.0612 9112 Browser - ok 19:33:51.0637 9112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:33:51.0640 9112 Brserid - ok 19:33:51.0665 9112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:33:51.0666 9112 BrSerWdm - ok 19:33:51.0712 9112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:33:51.0713 9112 BrUsbMdm - ok 19:33:51.0742 9112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:33:51.0743 9112 BrUsbSer - ok 19:33:51.0750 9112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:33:51.0751 9112 BTHMODEM - ok 19:33:51.0791 9112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:33:51.0793 9112 bthserv - ok 19:33:51.0814 9112 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 19:33:51.0816 9112 BTHSSecurityMgr - ok 19:33:51.0853 9112 catchme - ok 19:33:51.0881 9112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:33:51.0883 9112 cdfs - ok 19:33:51.0907 9112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:33:51.0909 9112 cdrom - ok 19:33:51.0949 9112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:33:51.0950 9112 CertPropSvc - ok 19:33:51.0972 9112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 19:33:51.0973 9112 circlass - ok 19:33:52.0000 9112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:33:52.0008 9112 CLFS - ok 19:33:52.0081 9112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:33:52.0083 9112 clr_optimization_v2.0.50727_32 - ok 19:33:52.0148 9112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:33:52.0150 9112 clr_optimization_v2.0.50727_64 - ok 19:33:52.0233 9112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:33:52.0237 9112 clr_optimization_v4.0.30319_32 - ok 19:33:52.0277 9112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:33:52.0281 9112 clr_optimization_v4.0.30319_64 - ok 19:33:52.0311 9112 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 19:33:52.0313 9112 clwvd - ok 19:33:52.0340 9112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 19:33:52.0341 9112 CmBatt - ok 19:33:52.0360 9112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:33:52.0362 9112 cmdide - ok 19:33:52.0422 9112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:33:52.0432 9112 CNG - ok 19:33:52.0476 9112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 19:33:52.0476 9112 Compbatt - ok 19:33:52.0501 9112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:33:52.0503 9112 CompositeBus - ok 19:33:52.0517 9112 COMSysApp - ok 19:33:52.0544 9112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:33:52.0545 9112 crcdisk - ok 19:33:52.0593 9112 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:33:52.0598 9112 CryptSvc - ok 19:33:52.0632 9112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:33:52.0642 9112 DcomLaunch - ok 19:33:52.0673 9112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:33:52.0678 9112 defragsvc - ok 19:33:52.0703 9112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:33:52.0706 9112 DfsC - ok 19:33:52.0738 9112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:33:52.0744 9112 Dhcp - ok 19:33:52.0753 9112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:33:52.0754 9112 discache - ok 19:33:52.0799 9112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 19:33:52.0800 9112 Disk - ok 19:33:52.0825 9112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:33:52.0830 9112 Dnscache - ok 19:33:52.0860 9112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:33:52.0867 9112 dot3svc - ok 19:33:52.0895 9112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:33:52.0900 9112 DPS - ok 19:33:52.0927 9112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:33:52.0928 9112 drmkaud - ok 19:33:52.0975 9112 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys 19:33:52.0977 9112 dsNcAdpt - ok 19:33:53.0026 9112 [ B9750C064B43C7A3BBC8A74F1127AA4E ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe 19:33:53.0036 9112 dsNcService - ok 19:33:53.0087 9112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:33:53.0102 9112 DXGKrnl - ok 19:33:53.0149 9112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:33:53.0153 9112 EapHost - ok 19:33:53.0247 9112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 19:33:53.0313 9112 ebdrv - ok 19:33:53.0364 9112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:33:53.0368 9112 EFS - ok 19:33:53.0440 9112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:33:53.0454 9112 ehRecvr - ok 19:33:53.0478 9112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:33:53.0482 9112 ehSched - ok 19:33:53.0527 9112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:33:53.0539 9112 elxstor - ok 19:33:53.0562 9112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:33:53.0564 9112 ErrDev - ok 19:33:53.0620 9112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:33:53.0630 9112 EventSystem - ok 19:33:53.0696 9112 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 19:33:53.0723 9112 EvtEng - ok 19:33:53.0751 9112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:33:53.0754 9112 exfat - ok 19:33:53.0770 9112 ezSharedSvc - ok 19:33:53.0791 9112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:33:53.0795 9112 fastfat - ok 19:33:53.0838 9112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:33:53.0847 9112 Fax - ok 19:33:53.0872 9112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 19:33:53.0874 9112 fdc - ok 19:33:53.0893 9112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:33:53.0895 9112 fdPHost - ok 19:33:53.0907 9112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:33:53.0908 9112 FDResPub - ok 19:33:53.0943 9112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:33:53.0945 9112 FileInfo - ok 19:33:53.0963 9112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:33:53.0965 9112 Filetrace - ok 19:33:54.0001 9112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 19:33:54.0003 9112 flpydisk - ok 19:33:54.0043 9112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:33:54.0048 9112 FltMgr - ok 19:33:54.0085 9112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:33:54.0104 9112 FontCache - ok 19:33:54.0148 9112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:33:54.0150 9112 FontCache3.0.0.0 - ok 19:33:54.0207 9112 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 19:33:54.0212 9112 FPLService - ok 19:33:54.0244 9112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:33:54.0247 9112 FsDepends - ok 19:33:54.0270 9112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:33:54.0271 9112 Fs_Rec - ok 19:33:54.0317 9112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:33:54.0322 9112 fvevol - ok 19:33:54.0359 9112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:33:54.0362 9112 gagp30kx - ok 19:33:54.0416 9112 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 19:33:54.0421 9112 GamesAppService - ok 19:33:54.0459 9112 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:33:54.0460 9112 GEARAspiWDM - ok 19:33:54.0502 9112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:33:54.0519 9112 gpsvc - ok 19:33:54.0600 9112 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:33:54.0604 9112 gusvc - ok 19:33:54.0630 9112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:33:54.0632 9112 hcw85cir - ok 19:33:54.0675 9112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:33:54.0684 9112 HdAudAddService - ok 19:33:54.0720 9112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:33:54.0723 9112 HDAudBus - ok 19:33:54.0752 9112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 19:33:54.0754 9112 HidBatt - ok 19:33:54.0777 9112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:33:54.0781 9112 HidBth - ok 19:33:54.0815 9112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 19:33:54.0818 9112 HidIr - ok 19:33:54.0891 9112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 19:33:54.0894 9112 hidserv - ok 19:33:54.0982 9112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:33:54.0985 9112 HidUsb - ok 19:33:55.0013 9112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:33:55.0018 9112 hkmsvc - ok 19:33:55.0042 9112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:33:55.0049 9112 HomeGroupListener - ok 19:33:55.0075 9112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:33:55.0082 9112 HomeGroupProvider - ok 19:33:55.0198 9112 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 19:33:55.0199 9112 HP Support Assistant Service - ok 19:33:55.0246 9112 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe 19:33:55.0260 9112 HPAuto - ok 19:33:55.0294 9112 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 19:33:55.0302 9112 HPClientSvc - ok 19:33:55.0382 9112 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 19:33:55.0400 9112 hpCMSrv - ok 19:33:55.0470 9112 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 19:33:55.0474 9112 HPDrvMntSvc.exe - ok 19:33:55.0504 9112 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 19:33:55.0505 9112 hpdskflt - ok 19:33:55.0618 9112 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 19:33:55.0623 9112 hpqcxs08 - ok 19:33:55.0640 9112 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 19:33:55.0643 9112 hpqddsvc - ok 19:33:55.0711 9112 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 19:33:55.0726 9112 hpqwmiex - ok 19:33:55.0748 9112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:33:55.0750 9112 HpSAMD - ok 19:33:55.0772 9112 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 19:33:55.0775 9112 hpsrv - ok 19:33:55.0820 9112 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 19:33:55.0821 9112 HPWMISVC - ok 19:33:55.0864 9112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:33:55.0879 9112 HTTP - ok 19:33:55.0895 9112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:33:55.0896 9112 hwpolicy - ok 19:33:55.0931 9112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:33:55.0933 9112 i8042prt - ok 19:33:55.0981 9112 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:33:55.0990 9112 iaStor - ok 19:33:56.0075 9112 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 19:33:56.0076 9112 IAStorDataMgrSvc - ok 19:33:56.0120 9112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:33:56.0127 9112 iaStorV - ok 19:33:56.0223 9112 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 19:33:56.0255 9112 IconMan_R - ok 19:33:56.0312 9112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:33:56.0330 9112 idsvc - ok 19:33:56.0358 9112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:33:56.0360 9112 iirsp - ok 19:33:56.0402 9112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:33:56.0420 9112 IKEEXT - ok 19:33:56.0449 9112 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 19:33:56.0456 9112 IntcDAud - ok 19:33:56.0491 9112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:33:56.0493 9112 intelide - ok 19:33:56.0771 9112 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys 19:33:56.0988 9112 intelkmd - ok 19:33:57.0007 9112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:33:57.0008 9112 intelppm - ok 19:33:57.0107 9112 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 19:33:57.0108 9112 IntuitUpdateServiceV4 - ok 19:33:57.0149 9112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:33:57.0151 9112 IPBusEnum - ok 19:33:57.0177 9112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:33:57.0179 9112 IpFilterDriver - ok 19:33:57.0200 9112 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:33:57.0206 9112 iphlpsvc - ok 19:33:57.0222 9112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:33:57.0223 9112 IPMIDRV - ok 19:33:57.0246 9112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:33:57.0248 9112 IPNAT - ok 19:33:57.0340 9112 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:33:57.0355 9112 iPod Service - ok 19:33:57.0371 9112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:33:57.0372 9112 IRENUM - ok 19:33:57.0398 9112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:33:57.0399 9112 isapnp - ok 19:33:57.0435 9112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:33:57.0440 9112 iScsiPrt - ok 19:33:57.0470 9112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:33:57.0472 9112 kbdclass - ok 19:33:57.0511 9112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:33:57.0513 9112 kbdhid - ok 19:33:57.0531 9112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:33:57.0533 9112 KeyIso - ok 19:33:57.0567 9112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:33:57.0569 9112 KSecDD - ok 19:33:57.0585 9112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:33:57.0589 9112 KSecPkg - ok 19:33:57.0623 9112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:33:57.0624 9112 ksthunk - ok 19:33:57.0668 9112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:33:57.0678 9112 KtmRm - ok 19:33:57.0718 9112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 19:33:57.0726 9112 LanmanServer - ok 19:33:57.0750 9112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:33:57.0756 9112 LanmanWorkstation - ok 19:33:57.0983 9112 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 19:33:58.0019 9112 LeapFrog Connect Device Service - ok 19:33:58.0055 9112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:33:58.0056 9112 lltdio - ok 19:33:58.0082 9112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:33:58.0092 9112 lltdsvc - ok 19:33:58.0116 9112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:33:58.0119 9112 lmhosts - ok 19:33:58.0176 9112 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:33:58.0181 9112 LMS - ok 19:33:58.0220 9112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:33:58.0223 9112 LSI_FC - ok 19:33:58.0258 9112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:33:58.0261 9112 LSI_SAS - ok 19:33:58.0290 9112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 19:33:58.0293 9112 LSI_SAS2 - ok 19:33:58.0307 9112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:33:58.0310 9112 LSI_SCSI - ok 19:33:58.0349 9112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:33:58.0352 9112 luafv - ok 19:33:58.0399 9112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:33:58.0404 9112 Mcx2Svc - ok 19:33:58.0440 9112 MDM - ok 19:33:58.0468 9112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 19:33:58.0470 9112 megasas - ok 19:33:58.0502 9112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 19:33:58.0508 9112 MegaSR - ok 19:33:58.0548 9112 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 19:33:58.0550 9112 MEIx64 - ok 19:33:58.0618 9112 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 19:33:58.0622 9112 Microsoft Office Groove Audit Service - ok 19:33:58.0656 9112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:33:58.0660 9112 MMCSS - ok 19:33:58.0689 9112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:33:58.0691 9112 Modem - ok 19:33:58.0720 9112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:33:58.0722 9112 monitor - ok 19:33:58.0766 9112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:33:58.0768 9112 mouclass - ok 19:33:58.0807 9112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:33:58.0810 9112 mouhid - ok 19:33:58.0839 9112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:33:58.0842 9112 mountmgr - ok 19:33:58.0896 9112 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:33:58.0899 9112 MozillaMaintenance - ok 19:33:58.0987 9112 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:33:58.0992 9112 MpFilter - ok 19:33:59.0018 9112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:33:59.0023 9112 mpio - ok 19:33:59.0052 9112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:33:59.0055 9112 mpsdrv - ok 19:33:59.0097 9112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:33:59.0114 9112 MpsSvc - ok 19:33:59.0133 9112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:33:59.0136 9112 MRxDAV - ok 19:33:59.0160 9112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:33:59.0163 9112 mrxsmb - ok 19:33:59.0176 9112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:33:59.0180 9112 mrxsmb10 - ok 19:33:59.0196 9112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:33:59.0198 9112 mrxsmb20 - ok 19:33:59.0223 9112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:33:59.0224 9112 msahci - ok 19:33:59.0242 9112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:33:59.0246 9112 msdsm - ok 19:33:59.0285 9112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:33:59.0291 9112 MSDTC - ok 19:33:59.0335 9112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:33:59.0336 9112 Msfs - ok 19:33:59.0359 9112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:33:59.0360 9112 mshidkmdf - ok 19:33:59.0384 9112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:33:59.0385 9112 msisadrv - ok 19:33:59.0408 9112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:33:59.0414 9112 MSiSCSI - ok 19:33:59.0419 9112 msiserver - ok 19:33:59.0439 9112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:33:59.0440 9112 MSKSSRV - ok 19:33:59.0505 9112 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 19:33:59.0506 9112 MsMpSvc - ok 19:33:59.0539 9112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:33:59.0541 9112 MSPCLOCK - ok 19:33:59.0547 9112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:33:59.0549 9112 MSPQM - ok 19:33:59.0573 9112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:33:59.0579 9112 MsRPC - ok 19:33:59.0595 9112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:33:59.0596 9112 mssmbios - ok 19:33:59.0624 9112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:33:59.0625 9112 MSTEE - ok 19:33:59.0657 9112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 19:33:59.0659 9112 MTConfig - ok 19:33:59.0681 9112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:33:59.0683 9112 Mup - ok 19:33:59.0736 9112 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 19:33:59.0743 9112 MyWiFiDHCPDNS - ok 19:33:59.0778 9112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:33:59.0790 9112 napagent - ok 19:33:59.0853 9112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:33:59.0860 9112 NativeWifiP - ok 19:33:59.0933 9112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:33:59.0951 9112 NDIS - ok 19:33:59.0978 9112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:33:59.0979 9112 NdisCap - ok 19:34:00.0002 9112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:34:00.0004 9112 NdisTapi - ok 19:34:00.0013 9112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:34:00.0015 9112 Ndisuio - ok 19:34:00.0034 9112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:34:00.0037 9112 NdisWan - ok 19:34:00.0048 9112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:34:00.0050 9112 NDProxy - ok 19:34:00.0089 9112 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 19:34:00.0091 9112 Net Driver HPZ12 - ok 19:34:00.0121 9112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:34:00.0123 9112 NetBIOS - ok 19:34:00.0136 9112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:34:00.0140 9112 NetBT - ok 19:34:00.0164 9112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:34:00.0166 9112 Netlogon - ok 19:34:00.0212 9112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:34:00.0222 9112 Netman - ok 19:34:00.0236 9112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:34:00.0245 9112 netprofm - ok 19:34:00.0269 9112 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:34:00.0272 9112 NetTcpPortSharing - ok 19:34:00.0470 9112 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 19:34:00.0626 9112 NETwNs64 - ok 19:34:00.0649 9112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:34:00.0650 9112 nfrd960 - ok 19:34:00.0685 9112 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:34:00.0688 9112 NisDrv - ok 19:34:00.0713 9112 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 19:34:00.0717 9112 NisSrv - ok 19:34:00.0746 9112 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:34:00.0752 9112 NlaSvc - ok 19:34:00.0772 9112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:34:00.0773 9112 Npfs - ok 19:34:00.0802 9112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:34:00.0806 9112 nsi - ok 19:34:00.0821 9112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:34:00.0823 9112 nsiproxy - ok 19:34:00.0903 9112 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:34:00.0928 9112 Ntfs - ok 19:34:00.0953 9112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:34:00.0954 9112 Null - ok 19:34:00.0999 9112 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 19:34:01.0002 9112 nusb3hub - ok 19:34:01.0032 9112 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 19:34:01.0036 9112 nusb3xhc - ok 19:34:01.0079 9112 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 19:34:01.0088 9112 NVENETFD - ok 19:34:01.0141 9112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:34:01.0144 9112 nvraid - ok 19:34:01.0157 9112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:34:01.0160 9112 nvstor - ok 19:34:01.0183 9112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:34:01.0185 9112 nv_agp - ok 19:34:01.0245 9112 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:34:01.0251 9112 odserv - ok 19:34:01.0293 9112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:34:01.0295 9112 ohci1394 - ok 19:34:01.0355 9112 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:34:01.0359 9112 ose - ok 19:34:01.0397 9112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:34:01.0406 9112 p2pimsvc - ok 19:34:01.0431 9112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:34:01.0443 9112 p2psvc - ok 19:34:01.0482 9112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 19:34:01.0486 9112 Parport - ok 19:34:01.0518 9112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:34:01.0520 9112 partmgr - ok 19:34:01.0550 9112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:34:01.0557 9112 PcaSvc - ok 19:34:01.0592 9112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:34:01.0597 9112 pci - ok 19:34:01.0628 9112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:34:01.0630 9112 pciide - ok 19:34:01.0663 9112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:34:01.0669 9112 pcmcia - ok 19:34:01.0699 9112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:34:01.0700 9112 pcw - ok 19:34:01.0731 9112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:34:01.0741 9112 PEAUTH - ok 19:34:01.0825 9112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:34:01.0828 9112 PerfHost - ok 19:34:01.0899 9112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:34:01.0920 9112 pla - ok 19:34:01.0956 9112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:34:01.0964 9112 PlugPlay - ok 19:34:02.0053 9112 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 19:34:02.0060 9112 PMBDeviceInfoProvider - ok 19:34:02.0088 9112 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 19:34:02.0092 9112 Pml Driver HPZ12 - ok 19:34:02.0113 9112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:34:02.0118 9112 PNRPAutoReg - ok 19:34:02.0141 9112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:34:02.0148 9112 PNRPsvc - ok 19:34:02.0182 9112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:34:02.0192 9112 PolicyAgent - ok 19:34:02.0227 9112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:34:02.0233 9112 Power - ok 19:34:02.0259 9112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:34:02.0262 9112 PptpMiniport - ok 19:34:02.0275 9112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 19:34:02.0277 9112 Processor - ok 19:34:02.0310 9112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:34:02.0316 9112 ProfSvc - ok 19:34:02.0331 9112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:34:02.0333 9112 ProtectedStorage - ok 19:34:02.0372 9112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:34:02.0374 9112 Psched - ok 19:34:02.0428 9112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:34:02.0451 9112 ql2300 - ok 19:34:02.0464 9112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:34:02.0465 9112 ql40xx - ok 19:34:02.0492 9112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:34:02.0496 9112 QWAVE - ok 19:34:02.0521 9112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:34:02.0522 9112 QWAVEdrv - ok 19:34:02.0533 9112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:34:02.0534 9112 RasAcd - ok 19:34:02.0547 9112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:34:02.0548 9112 RasAgileVpn - ok 19:34:02.0567 9112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:34:02.0569 9112 RasAuto - ok 19:34:02.0586 9112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:34:02.0587 9112 Rasl2tp - ok 19:34:02.0627 9112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:34:02.0637 9112 RasMan - ok 19:34:02.0652 9112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:34:02.0655 9112 RasPppoe - ok 19:34:02.0683 9112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:34:02.0685 9112 RasSstp - ok 19:34:02.0706 9112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:34:02.0711 9112 rdbss - ok 19:34:02.0729 9112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 19:34:02.0731 9112 rdpbus - ok 19:34:02.0765 9112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:34:02.0766 9112 RDPCDD - ok 19:34:02.0784 9112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:34:02.0784 9112 RDPENCDD - ok 19:34:02.0801 9112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:34:02.0802 9112 RDPREFMP - ok 19:34:02.0837 9112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:34:02.0843 9112 RDPWD - ok 19:34:02.0866 9112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:34:02.0871 9112 rdyboost - ok 19:34:02.0960 9112 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 19:34:02.0976 9112 RegSrvc - ok 19:34:03.0000 9112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:34:03.0005 9112 RemoteAccess - ok 19:34:03.0030 9112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:34:03.0037 9112 RemoteRegistry - ok 19:34:03.0085 9112 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 19:34:03.0091 9112 RoxioNow Service - ok 19:34:03.0113 9112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:34:03.0118 9112 RpcEptMapper - ok 19:34:03.0160 9112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:34:03.0163 9112 RpcLocator - ok 19:34:03.0189 9112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:34:03.0199 9112 RpcSs - ok 19:34:03.0234 9112 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 19:34:03.0239 9112 RSPCIESTOR - ok 19:34:03.0271 9112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:34:03.0274 9112 rspndr - ok 19:34:03.0309 9112 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:34:03.0315 9112 RTL8167 - ok 19:34:03.0331 9112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:34:03.0334 9112 SamSs - ok 19:34:03.0365 9112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:34:03.0368 9112 sbp2port - ok 19:34:03.0405 9112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:34:03.0412 9112 SCardSvr - ok 19:34:03.0431 9112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:34:03.0432 9112 scfilter - ok 19:34:03.0487 9112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:34:03.0507 9112 Schedule - ok 19:34:03.0527 9112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:34:03.0529 9112 SCPolicySvc - ok 19:34:03.0554 9112 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 19:34:03.0556 9112 sdbus - ok 19:34:03.0585 9112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:34:03.0589 9112 SDRSVC - ok 19:34:03.0621 9112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:34:03.0623 9112 secdrv - ok 19:34:03.0652 9112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:34:03.0656 9112 seclogon - ok 19:34:03.0679 9112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 19:34:03.0685 9112 SENS - ok 19:34:03.0710 9112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:34:03.0715 9112 SensrSvc - ok 19:34:03.0741 9112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 19:34:03.0742 9112 Serenum - ok 19:34:03.0762 9112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 19:34:03.0764 9112 Serial - ok 19:34:03.0795 9112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:34:03.0797 9112 sermouse - ok 19:34:03.0833 9112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:34:03.0837 9112 SessionEnv - ok 19:34:03.0863 9112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:34:03.0864 9112 sffdisk - ok 19:34:03.0895 9112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:34:03.0896 9112 sffp_mmc - ok 19:34:03.0906 9112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:34:03.0908 9112 sffp_sd - ok 19:34:03.0934 9112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:34:03.0936 9112 sfloppy - ok 19:34:03.0973 9112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:34:03.0980 9112 SharedAccess - ok 19:34:04.0015 9112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:34:04.0024 9112 ShellHWDetection - ok 19:34:04.0059 9112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 19:34:04.0061 9112 SiSRaid2 - ok 19:34:04.0089 9112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:34:04.0091 9112 SiSRaid4 - ok 19:34:04.0129 9112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:34:04.0133 9112 Smb - ok 19:34:04.0183 9112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:34:04.0187 9112 SNMPTRAP - ok 19:34:04.0207 9112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:34:04.0208 9112 spldr - ok 19:34:04.0268 9112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:34:04.0283 9112 Spooler - ok 19:34:04.0379 9112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:34:04.0461 9112 sppsvc - ok 19:34:04.0489 9112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:34:04.0491 9112 sppuinotify - ok 19:34:04.0524 9112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:34:04.0534 9112 srv - ok 19:34:04.0571 9112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:34:04.0579 9112 srv2 - ok 19:34:04.0605 9112 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:34:04.0612 9112 SrvHsfHDA - ok 19:34:04.0663 9112 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:34:04.0682 9112 SrvHsfV92 - ok 19:34:04.0696 9112 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:34:04.0703 9112 SrvHsfWinac - ok 19:34:04.0729 9112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:34:04.0731 9112 srvnet - ok 19:34:04.0753 9112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:34:04.0756 9112 SSDPSRV - ok 19:34:04.0765 9112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:34:04.0767 9112 SstpSvc - ok 19:34:04.0851 9112 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 19:34:04.0859 9112 STacSV - ok 19:34:04.0883 9112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 19:34:04.0886 9112 stexstor - ok 19:34:04.0925 9112 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 19:34:04.0936 9112 STHDA - ok 19:34:04.0967 9112 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 19:34:04.0969 9112 StillCam - ok 19:34:05.0011 9112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:34:05.0027 9112 stisvc - ok 19:34:05.0044 9112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:34:05.0045 9112 swenum - ok 19:34:05.0069 9112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:34:05.0079 9112 swprv - ok 19:34:05.0119 9112 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:34:05.0123 9112 SynTP - ok 19:34:05.0185 9112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:34:05.0203 9112 SysMain - ok 19:34:05.0223 9112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:34:05.0225 9112 TabletInputService - ok 19:34:05.0261 9112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:34:05.0271 9112 TapiSrv - ok 19:34:05.0287 9112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:34:05.0293 9112 TBS - ok 19:34:05.0377 9112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:34:05.0401 9112 Tcpip - ok 19:34:05.0455 9112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:34:05.0470 9112 TCPIP6 - ok 19:34:05.0486 9112 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:34:05.0487 9112 tcpipreg - ok 19:34:05.0501 9112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:34:05.0502 9112 TDPIPE - ok 19:34:05.0541 9112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:34:05.0544 9112 TDTCP - ok 19:34:05.0577 9112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:34:05.0581 9112 tdx - ok 19:34:05.0611 9112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:34:05.0613 9112 TermDD - ok 19:34:05.0663 9112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:34:05.0680 9112 TermService - ok 19:34:05.0700 9112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:34:05.0703 9112 Themes - ok 19:34:05.0723 9112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:34:05.0725 9112 THREADORDER - ok 19:34:05.0741 9112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:34:05.0745 9112 TrkWks - ok 19:34:05.0800 9112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:34:05.0804 9112 TrustedInstaller - ok 19:34:05.0836 9112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:34:05.0838 9112 tssecsrv - ok 19:34:05.0862 9112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:34:05.0864 9112 TsUsbFlt - ok 19:34:05.0878 9112 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 19:34:05.0879 9112 TsUsbGD - ok 19:34:05.0932 9112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:34:05.0935 9112 tunnel - ok 19:34:05.0973 9112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:34:05.0976 9112 uagp35 - ok 19:34:06.0008 9112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:34:06.0016 9112 udfs - ok 19:34:06.0039 9112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:34:06.0043 9112 UI0Detect - ok 19:34:06.0064 9112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:34:06.0067 9112 uliagpkx - ok 19:34:06.0091 9112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:34:06.0093 9112 umbus - ok 19:34:06.0120 9112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 19:34:06.0122 9112 UmPass - ok 19:34:06.0262 9112 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:34:06.0280 9112 UNS - ok 19:34:06.0304 9112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:34:06.0308 9112 upnphost - ok 19:34:06.0357 9112 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 19:34:06.0360 9112 USBAAPL64 - ok 19:34:06.0413 9112 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:34:06.0417 9112 usbaudio - ok 19:34:06.0467 9112 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:34:06.0470 9112 usbccgp - ok 19:34:06.0490 9112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:34:06.0494 9112 usbcir - ok 19:34:06.0532 9112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 19:34:06.0534 9112 usbehci - ok 19:34:06.0563 9112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:34:06.0571 9112 usbhub - ok 19:34:06.0586 9112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:34:06.0589 9112 usbohci - ok 19:34:06.0614 9112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 19:34:06.0616 9112 usbprint - ok 19:34:06.0646 9112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:34:06.0648 9112 USBSTOR - ok 19:34:06.0678 9112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:34:06.0681 9112 usbuhci - ok 19:34:06.0713 9112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:34:06.0718 9112 usbvideo - ok 19:34:06.0744 9112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:34:06.0748 9112 UxSms - ok 19:34:06.0765 9112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:34:06.0768 9112 VaultSvc - ok 19:34:06.0776 9112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:34:06.0777 9112 vdrvroot - ok 19:34:06.0813 9112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:34:06.0826 9112 vds - ok 19:34:06.0862 9112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:34:06.0864 9112 vga - ok 19:34:06.0883 9112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:34:06.0885 9112 VgaSave - ok 19:34:06.0910 9112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:34:06.0915 9112 vhdmp - ok 19:34:06.0939 9112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:34:06.0941 9112 viaide - ok 19:34:06.0978 9112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:34:06.0980 9112 volmgr - ok 19:34:07.0012 9112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:34:07.0019 9112 volmgrx - ok 19:34:07.0058 9112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:34:07.0063 9112 volsnap - ok 19:34:07.0089 9112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:34:07.0093 9112 vsmraid - ok 19:34:07.0163 9112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:34:07.0192 9112 VSS - ok 19:34:07.0205 9112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:34:07.0207 9112 vwifibus - ok 19:34:07.0242 9112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:34:07.0243 9112 vwififlt - ok 19:34:07.0271 9112 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 19:34:07.0273 9112 vwifimp - ok 19:34:07.0327 9112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:34:07.0338 9112 W32Time - ok 19:34:07.0357 9112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:34:07.0359 9112 WacomPen - ok 19:34:07.0396 9112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:34:07.0398 9112 WANARP - ok 19:34:07.0415 9112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:34:07.0417 9112 Wanarpv6 - ok 19:34:07.0491 9112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:34:07.0517 9112 WatAdminSvc - ok 19:34:07.0580 9112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:34:07.0604 9112 wbengine - ok 19:34:07.0620 9112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:34:07.0623 9112 WbioSrvc - ok 19:34:07.0637 9112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:34:07.0642 9112 wcncsvc - ok 19:34:07.0671 9112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:34:07.0677 9112 WcsPlugInService - ok 19:34:07.0715 9112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 19:34:07.0717 9112 Wd - ok 19:34:07.0759 9112 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:34:07.0771 9112 Wdf01000 - ok 19:34:07.0788 9112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:34:07.0794 9112 WdiServiceHost - ok 19:34:07.0799 9112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:34:07.0804 9112 WdiSystemHost - ok 19:34:07.0837 9112 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys 19:34:07.0839 9112 wdkmd - ok 19:34:07.0869 9112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:34:07.0877 9112 WebClient - ok 19:34:07.0890 9112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:34:07.0898 9112 Wecsvc - ok 19:34:07.0916 9112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:34:07.0921 9112 wercplsupport - ok 19:34:07.0959 9112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:34:07.0964 9112 WerSvc - ok 19:34:07.0990 9112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:34:07.0992 9112 WfpLwf - ok 19:34:08.0004 9112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:34:08.0006 9112 WIMMount - ok 19:34:08.0021 9112 WinDefend - ok 19:34:08.0028 9112 WinHttpAutoProxySvc - ok 19:34:08.0071 9112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:34:08.0077 9112 Winmgmt - ok 19:34:08.0148 9112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:34:08.0172 9112 WinRM - ok 19:34:08.0205 9112 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 19:34:08.0207 9112 WinUsb - ok 19:34:08.0257 9112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:34:08.0275 9112 Wlansvc - ok 19:34:08.0305 9112 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:34:08.0306 9112 wlcrasvc - ok 19:34:08.0447 9112 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:34:08.0472 9112 wlidsvc - ok 19:34:08.0493 9112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:34:08.0493 9112 WmiAcpi - ok 19:34:08.0509 9112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:34:08.0512 9112 wmiApSrv - ok 19:34:08.0542 9112 WMPNetworkSvc - ok 19:34:08.0566 9112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:34:08.0568 9112 WPCSvc - ok 19:34:08.0578 9112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:34:08.0581 9112 WPDBusEnum - ok 19:34:08.0605 9112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:34:08.0606 9112 ws2ifsl - ok 19:34:08.0619 9112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 19:34:08.0622 9112 wscsvc - ok 19:34:08.0648 9112 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 19:34:08.0649 9112 WSDPrintDevice - ok 19:34:08.0651 9112 WSearch - ok 19:34:08.0735 9112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:34:08.0766 9112 wuauserv - ok 19:34:08.0796 9112 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:34:08.0798 9112 WudfPf - ok 19:34:08.0808 9112 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:34:08.0811 9112 WUDFRd - ok 19:34:08.0841 9112 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:34:08.0847 9112 wudfsvc - ok 19:34:08.0864 9112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:34:08.0872 9112 WwanSvc - ok 19:34:08.0892 9112 ================ Scan global =============================== 19:34:08.0914 9112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:34:08.0944 9112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:34:08.0961 9112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:34:08.0984 9112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:34:09.0012 9112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:34:09.0019 9112 [Global] - ok 19:34:09.0020 9112 ================ Scan MBR ================================== 19:34:09.0031 9112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:34:09.0342 9112 \Device\Harddisk0\DR0 - ok 19:34:09.0343 9112 ================ Scan VBR ================================== 19:34:09.0350 9112 [ 7E0CB8B9BC17DD79638166FE6D5595E9 ] \Device\Harddisk0\DR0\Partition1 19:34:09.0353 9112 \Device\Harddisk0\DR0\Partition1 - ok 19:34:09.0369 9112 [ 41EDAB7F006B6232F73CC51BF6668933 ] \Device\Harddisk0\DR0\Partition2 19:34:09.0371 9112 \Device\Harddisk0\DR0\Partition2 - ok 19:34:09.0399 9112 [ 3CCF3E60F8B51FE8FC4CA268F6371CF4 ] \Device\Harddisk0\DR0\Partition3 19:34:09.0401 9112 \Device\Harddisk0\DR0\Partition3 - ok 19:34:09.0421 9112 [ D9AC5C3F7B1204882C47CAFED2666417 ] \Device\Harddisk0\DR0\Partition4 19:34:09.0423 9112 \Device\Harddisk0\DR0\Partition4 - ok 19:34:09.0424 9112 ============================================================ 19:34:09.0424 9112 Scan finished 19:34:09.0424 9112 ============================================================ 19:34:09.0440 1600 Detected object count: 0 19:34:09.0440 1600 Actual detected object count: 0 19:34:22.0451 1736 Deinitialize success
  11. Third and last RKreport.txt file: RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bill [Admin rights] Mode : Shortcuts HJfix -- Date : 09/13/2012 19:22:20 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 5 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 99 / Fail 0 My documents: Success 8 / Fail 8 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 460 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 75 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\HarddiskVolume4 -- 0x3 --> Restored ¤¤¤ Infection : Root.MBR ¤¤¤ Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  12. Second RKreport.txt file: RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bill [Admin rights] Mode : Remove -- Date : 09/13/2012 19:20:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] e9a2365bf0edd2221b26dc965c38dc7c [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700417 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434863616 | Size: 14684 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 1a6b56e3b8874dbce1e7ab81e4003acf [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  13. First RKreport.txt file: RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bill [Admin rights] Mode : Scan -- Date : 09/13/2012 19:19:04 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] e9a2365bf0edd2221b26dc965c38dc7c [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700417 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434863616 | Size: 14684 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 1a6b56e3b8874dbce1e7ab81e4003acf [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Here is search.txt: Farbar Recovery Scan Tool (x64) Version: 12-09-2012 Ran by SYSTEM at 2012-09-13 09:33:48 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-09-12 16:38] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  15. Thank you for your help! I have posted the frst.txt file below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012 Ran by SYSTEM at 13-09-2012 09:30:38 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [3700736 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-30] (IDT, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-11-30] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [295304 2012-07-05] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKU\bill\...\Run: [googletalk] C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\bill\...\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe [102400 2011-11-16] () HKU\bill\...\Run: [spotify Web Helper] "C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-31] () Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\bill\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Services ==================== 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard) 3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [x] ==================== Drivers ================================= 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-09-12 19:14 - 2012-09-12 19:14 - 01453755 ____A (Farbar) C:\Users\bill\Downloads\FRST64.exe 2012-09-12 16:39 - 2012-09-12 16:39 - 00020448 ____A C:\ComboFix.txt 2012-09-12 15:59 - 2012-09-12 15:59 - 04014897 ____A (BlogDesk ) C:\Users\bill\Downloads\blogdesk-284-en.exe 2012-09-12 13:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-12 13:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-12 13:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-12 13:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-12 13:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-12 13:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-12 13:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-12 13:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-12 13:17 - 2012-09-12 16:39 - 00000000 ____D C:\Qoobox 2012-09-12 13:17 - 2012-09-12 16:38 - 00000000 ____D C:\Windows\erdnt 2012-09-12 13:15 - 2012-09-12 13:16 - 04749988 ____R (Swearware) C:\Users\bill\Desktop\ComboFix.exe 2012-09-12 12:19 - 2012-09-12 12:19 - 00000000 ____D C:\Windows\pss 2012-09-12 08:13 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-12 08:13 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-12 08:13 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-12 08:13 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-12 08:13 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-12 08:13 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-12 08:13 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-11 16:55 - 2012-09-11 16:56 - 00000000 ____D C:\Users\bill\Documents\tdsskiller 2012-09-11 15:22 - 2012-09-12 16:24 - 00000000 ____D C:\Users\bill\AppData\Roaming\Anvisoft 2012-09-11 15:22 - 2012-09-12 16:24 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-09-11 15:21 - 2012-09-11 15:21 - 00352960 ____A (Softonic) C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe 2012-09-11 15:18 - 2012-09-11 15:18 - 00000422 ____A C:\Users\bill\Desktop\scour.txt 2012-09-11 15:13 - 2012-09-11 15:13 - 00600064 ____A (OldTimer Tools) C:\Users\bill\Downloads\OTL.exe 2012-09-11 15:06 - 2012-09-11 15:06 - 01932256 ____A (Symantec Corporation) C:\Users\bill\Downloads\FixTDSS.exe 2012-09-11 13:03 - 2012-09-11 13:03 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-11 13:03 - 2012-09-11 13:03 - 00000000 ____D C:\Users\bill\AppData\Roaming\Malwarebytes 2012-09-11 13:03 - 2012-09-11 13:03 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-11 13:02 - 2012-09-11 13:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-11 13:02 - 2012-09-11 13:02 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\bill\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-11 13:02 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-07 17:00 - 2012-09-07 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-06 16:59 - 2012-09-11 13:03 - 00000000 ____D C:\Users\bill\Desktop\Osprey 2012-09-04 03:36 - 2012-09-04 03:37 - 00000000 ____D C:\Users\bill\AppData\Local\{2E7EAB09-3933-4792-8B5F-55968A5F9636} 2012-08-31 12:58 - 2012-08-31 12:58 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll 2012-08-31 12:58 - 2012-08-31 12:58 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-08-31 12:57 - 2012-08-31 12:57 - 00000000 ____D C:\Users\All Users\McAfee 2012-08-27 09:06 - 2012-08-27 09:06 - 01244499 ____A C:\Users\bill\Downloads\8thind.zip 2012-08-27 08:57 - 2012-09-10 15:02 - 22413312 ____A C:\Users\bill\Documents\B-R.accdb 2012-08-27 08:56 - 2012-08-27 08:56 - 00965249 ____A C:\Users\bill\Downloads\8th.zip 2012-08-27 08:09 - 2012-08-27 09:06 - 06050107 ____A C:\Users\bill\Documents\8thind.csv 2012-08-27 05:44 - 2012-08-27 08:57 - 04468637 ____A C:\Users\bill\Documents\8th.csv 2012-08-26 12:14 - 2012-08-26 12:15 - 00000000 ____D C:\Users\bill\AppData\Local\{FB81D580-3141-4668-A041-DB87F5B3166D} 2012-08-24 09:40 - 2012-08-24 09:40 - 00000000 ____D C:\Users\bill\AppData\Local\{BC532101-70D4-4DDD-A5B3-E30072CD6000} 2012-08-22 15:31 - 2012-08-22 15:32 - 00000000 ____D C:\Users\bill\AppData\Local\{1ACDE1EA-E43A-42B6-8E4B-6B554D9BB07C} 2012-08-22 03:31 - 2012-08-22 03:31 - 00000000 ____D C:\Users\bill\AppData\Local\{3BE32315-0BDB-4175-8B7F-968A386B2C47} 2012-08-21 15:24 - 2012-08-21 15:24 - 00000000 ____D C:\Users\bill\AppData\Local\{DB28C5EE-819C-4C7C-89D7-7D7A040E523C} 2012-08-21 03:23 - 2012-08-21 03:24 - 00000000 ____D C:\Users\bill\AppData\Local\{96657DE7-B495-4784-8C5F-81FF92F993DD} 2012-08-20 09:20 - 2012-08-20 09:21 - 35101696 ____A C:\Users\bill\Downloads\freecol-0.10.5-installer.exe 2012-08-20 04:34 - 2012-08-20 04:35 - 00000000 ____D C:\Users\bill\AppData\Local\{F3DC307D-049C-4F26-97E7-32885FEC1E7B} 2012-08-18 08:31 - 2012-08-18 08:31 - 00000950 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk 2012-08-18 08:31 - 2012-08-18 08:31 - 00000000 ____D C:\Program Files\DIFX 2012-08-18 08:30 - 2012-08-18 08:30 - 00000000 ____D C:\Users\bill\AppData\Local\{4F68C277-D9CD-45A4-93E4-7C4B9F031ECD} 2012-08-18 08:29 - 2012-08-18 08:30 - 00000000 ____D C:\Users\bill\AppData\Local\{EB96ABC9-4ADA-4A28-8E54-2185D2A71EE1} 2012-08-18 08:28 - 2012-08-18 08:31 - 00000000 ____D C:\Program Files (x86)\LeapFrog 2012-08-18 08:28 - 2012-08-18 08:28 - 00000000 ____D C:\Users\bill\Downloads\log 2012-08-18 08:28 - 2012-08-18 08:28 - 00000000 ____D C:\Users\All Users\Leapfrog 2012-08-18 08:27 - 2012-08-18 08:28 - 10716552 ____A (LeapFrog Enterprises, Inc.) C:\Users\bill\Downloads\LeapFrogConnectSetup_Leapster2.exe 2012-08-18 05:15 - 2012-08-18 05:15 - 00000000 ____D C:\Users\bill\AppData\Local\{397F1D4D-48A5-4223-8881-64FDB15F195C} 2012-08-17 05:57 - 2012-08-17 05:58 - 00000000 ____D C:\Users\bill\AppData\Local\{77E2196B-41FC-4261-8CDA-911763B6143E} 2012-08-17 05:56 - 2012-08-17 05:57 - 00000000 ____D C:\Users\bill\AppData\Local\{BD56BDA9-2B0D-4EC9-A7BE-E2CCDC4CE6B8} 2012-08-16 09:46 - 2012-08-16 09:47 - 00000000 ____D C:\Users\bill\AppData\Local\{5344CF5E-8D1B-4422-A35E-F72F45862DB7} 2012-08-16 09:46 - 2012-08-16 09:46 - 00000000 ____D C:\Users\bill\AppData\Local\{AABFEF9E-A83B-4578-8ADC-207C56DB66A4} 2012-08-16 03:30 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-16 03:30 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-16 03:30 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-16 03:30 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-16 03:30 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-16 03:30 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-16 03:30 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-16 03:30 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-16 03:30 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-16 03:30 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-16 03:30 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-16 03:30 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-16 03:30 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-16 03:30 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-16 03:30 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-16 03:30 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-16 03:30 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-16 03:30 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-16 03:30 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-16 03:30 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-16 03:30 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-16 03:30 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-16 03:30 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-16 03:30 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-16 03:30 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-16 03:30 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-16 03:30 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-16 03:30 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 16:49 - 2012-08-15 16:49 - 00000000 ____D C:\Users\bill\AppData\Local\{79DD92FA-9086-4A9F-B4DF-D530D8FD2003} 2012-08-15 16:48 - 2012-08-15 16:49 - 00000000 ____D C:\Users\bill\AppData\Local\{7E651C0F-DF79-4A48-BE72-D31E2C818AE3} 2012-08-15 03:16 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 03:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 03:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 03:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 03:16 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 03:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 03:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-15 03:16 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-15 03:16 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-08-15 03:16 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-15 03:16 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-15 03:16 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-08-15 03:16 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-08-15 03:04 - 2012-08-15 03:05 - 00000000 ____D C:\Users\bill\AppData\Local\{6DFB0789-721F-4D99-AEC0-13BF106DCC27} 2012-08-15 03:04 - 2012-08-15 03:04 - 00000000 ____D C:\Users\bill\AppData\Local\{7614779D-8BC3-449A-BD3E-5EDCC824A08D} 2012-08-14 10:06 - 2012-08-14 10:06 - 00000000 ____D C:\Users\bill\AppData\Local\{5B0CAF6B-33C3-40F6-BCBB-BDF9F682FFD5} 2012-08-14 10:05 - 2012-08-14 10:06 - 00000000 ____D C:\Users\bill\AppData\Local\{3FA95CC0-09B5-43CD-A589-297C1C2837DA} ==================== 3 Months Modified Files ================================ 2012-09-13 05:26 - 2011-07-18 04:51 - 02032194 ____A C:\Windows\WindowsUpdate.log 2012-09-13 05:24 - 2009-07-13 20:51 - 00079500 ____A C:\Windows\setupact.log 2012-09-13 05:10 - 2012-04-12 03:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-12 19:23 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-12 19:23 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-12 19:14 - 2012-09-12 19:14 - 01453755 ____A (Farbar) C:\Users\bill\Downloads\FRST64.exe 2012-09-12 16:48 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-12 16:45 - 2011-08-15 04:25 - 00170592 ____A C:\Users\bill\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-12 16:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-12 16:39 - 2012-09-12 16:39 - 00020448 ____A C:\ComboFix.txt 2012-09-12 16:34 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-09-12 16:32 - 2010-11-20 19:47 - 00247414 ____A C:\Windows\PFRO.log 2012-09-12 15:59 - 2012-09-12 15:59 - 04014897 ____A (BlogDesk ) C:\Users\bill\Downloads\blogdesk-284-en.exe 2012-09-12 13:16 - 2012-09-12 13:15 - 04749988 ____R (Swearware) C:\Users\bill\Desktop\ComboFix.exe 2012-09-12 12:04 - 2011-11-15 15:27 - 00108544 __ASH C:\Users\bill\Desktop\Thumbs.db 2012-09-12 12:00 - 2011-08-15 03:59 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-11 15:21 - 2012-09-11 15:21 - 00352960 ____A (Softonic) C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe 2012-09-11 15:18 - 2012-09-11 15:18 - 00000422 ____A C:\Users\bill\Desktop\scour.txt 2012-09-11 15:13 - 2012-09-11 15:13 - 00600064 ____A (OldTimer Tools) C:\Users\bill\Downloads\OTL.exe 2012-09-11 15:08 - 2012-07-03 07:22 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForbill.job 2012-09-11 15:08 - 2011-11-09 09:57 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForLAPTOP$.job 2012-09-11 15:06 - 2012-09-11 15:06 - 01932256 ____A (Symantec Corporation) C:\Users\bill\Downloads\FixTDSS.exe 2012-09-11 13:05 - 2011-09-04 06:34 - 00008877 ____A C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3 2012-09-11 13:03 - 2012-09-11 13:03 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-11 13:02 - 2012-09-11 13:02 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\bill\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-11 08:27 - 2011-08-16 10:55 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-09-10 15:02 - 2012-08-27 08:57 - 22413312 ____A C:\Users\bill\Documents\B-R.accdb 2012-09-07 13:04 - 2012-09-11 13:02 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-31 12:58 - 2012-08-31 12:58 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll 2012-08-31 12:58 - 2012-08-31 12:58 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-08-31 12:58 - 2011-04-08 12:56 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2012-08-28 11:53 - 2011-09-09 05:31 - 00046592 __ASH C:\Users\bill\Documents\Thumbs.db 2012-08-27 09:06 - 2012-08-27 09:06 - 01244499 ____A C:\Users\bill\Downloads\8thind.zip 2012-08-27 09:06 - 2012-08-27 08:09 - 06050107 ____A C:\Users\bill\Documents\8thind.csv 2012-08-27 08:57 - 2012-08-27 05:44 - 04468637 ____A C:\Users\bill\Documents\8th.csv 2012-08-27 08:56 - 2012-08-27 08:56 - 00965249 ____A C:\Users\bill\Downloads\8th.zip 2012-08-22 10:12 - 2012-09-12 08:13 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 08:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-12 08:13 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 08:13 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-20 09:21 - 2012-08-20 09:20 - 35101696 ____A C:\Users\bill\Downloads\freecol-0.10.5-installer.exe 2012-08-18 08:31 - 2012-08-18 08:31 - 00000950 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk 2012-08-18 08:31 - 2011-07-18 04:52 - 00024920 ____A C:\Windows\DPINST.LOG 2012-08-18 08:28 - 2012-08-18 08:27 - 10716552 ____A (LeapFrog Enterprises, Inc.) C:\Users\bill\Downloads\LeapFrogConnectSetup_Leapster2.exe 2012-08-16 11:08 - 2012-04-12 07:23 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2012-08-16 10:56 - 2009-07-13 20:45 - 00561112 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-14 10:40 - 2012-01-09 14:34 - 00274944 __ASH C:\Users\bill\Downloads\Thumbs.db 2012-08-14 10:35 - 2012-04-12 03:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 10:35 - 2011-08-15 06:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 09:58 - 2012-09-12 08:13 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-12 08:13 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-31 10:40 - 2012-07-31 10:31 - 00001798 ____A C:\Users\bill\Desktop\Spotify.lnk 2012-07-31 10:37 - 2012-07-31 10:36 - 19665520 ____A (Spotify Ltd) C:\Users\bill\Downloads\Spotify Installer.exe 2012-07-31 10:30 - 2012-07-31 10:30 - 00087360 ____A (Spotify Ltd) C:\Users\bill\Downloads\SpotifySetup.exe 2012-07-24 08:05 - 2011-10-25 16:04 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-07-18 10:15 - 2012-08-15 03:16 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 12:13 - 2012-07-11 12:13 - 00265136 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-05 09:17 - 2012-07-05 09:17 - 07341144 ____A C:\Users\bill\Downloads\ld182.zip 2012-07-05 08:57 - 2012-07-05 08:57 - 00891084 ____A C:\Users\bill\Downloads\easton (1).zip 2012-07-04 14:16 - 2012-08-15 03:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 03:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 03:16 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 03:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 03:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-04 12:26 - 2012-09-12 08:13 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-07-02 08:59 - 2012-07-02 08:59 - 00780828 ____A C:\Users\bill\Downloads\swift-basic.0.1.3.zip 2012-07-02 08:45 - 2012-07-02 08:45 - 00004663 ____A C:\Users\bill\.recently-used.xbel 2012-07-02 05:12 - 2012-07-02 05:12 - 01157971 ____A C:\Users\bill\Downloads\webfolio.zip 2012-06-30 03:48 - 2012-06-30 03:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-28 20:55 - 2012-08-16 03:30 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-16 03:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-16 03:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-16 03:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-16 03:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-16 03:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-16 03:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-16 03:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-16 03:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-16 03:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-16 03:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-16 03:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-16 03:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-16 03:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-16 03:30 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-16 03:30 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-16 03:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-16 03:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-16 03:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-16 03:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-16 03:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-16 03:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-16 03:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-16 03:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-16 03:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-16 03:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-16 03:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-16 03:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-19 09:49 - 2012-06-19 09:49 - 00027820 ____A C:\Users\bill\Downloads\MC900437743.WMF 2012-06-19 09:44 - 2012-06-19 09:44 - 00008592 ____A C:\Users\bill\Downloads\MC900009815.WMF 2012-06-19 09:43 - 2012-06-19 09:43 - 00041136 ____A C:\Users\bill\Downloads\MC900154414.WMF ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-20 04:49:48 Restore point made on: 2012-08-23 18:49:15 Restore point made on: 2012-08-27 03:29:18 Restore point made on: 2012-08-30 08:09:37 Restore point made on: 2012-08-31 12:57:56 Restore point made on: 2012-09-03 06:28:07 Restore point made on: 2012-09-06 09:58:05 Restore point made on: 2012-09-06 11:56:31 Restore point made on: 2012-09-06 16:19:12 Restore point made on: 2012-09-10 04:02:49 Restore point made on: 2012-09-12 12:00:45 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8139.86 MB Available physical RAM: 7210.8 MB Total Pagefile: 8138.01 MB Available Pagefile: 7203.69 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================ 1 Drive c: () (Fixed) (Total:684 GB) (Free:543.89 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:14.34 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.86 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 684 GB 200 MB Partition 3 Primary 14 GB 684 GB Partition 4 Primary 102 MB 698 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 684 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 14 GB Healthy ================================================================================== Last Boot: 2012-09-08 05:31 ==================== End Of Log =============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.