Jump to content

robrides

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by robrides

  1. OK MrC...I've fixed the issue. It was the WebWatcher software causing the problem. I went to reinstall the software, got a couple of warnings from my Comodo Defense+, and trusted the files. The reinstall didn't complete so, I ended the task and restarted. The problem went away but I tried to reinstall the WebWatcher again anyway to ensure a complete reinstall but it hung again. So, I enabled my Defense+ again (I had disabled it before the second reinstall attempt), restarted and the issue is confirmed gone. I created a restore point just in case as it seems to be running fine now. I haven't checked to see that my WebWatcher service is working but that's the least of my concerns at the moment. I don't know if the root of the problem was an update to Comodo which blocked a file for WebWatcher or, perhaps a Windows update changed something (as it was patch Tuesday when this all started happening) but it's working fine. Sorry for the mental gymnastics but hopefully something to add to the initial line of questioning when someone comes to the site looking for assistance with a teen's laptop. Thanks again for all your patience, time, and assistance.
  2. I haven't been able to figure out how to boot into safe mode in Win8. I just reinstalled the Workforce 845 drivers and printed a test page. I'm going to restart and see if that helped. I'm also looking for the WebWatcher software to see if I can reinstall that as well.
  3. Well, I'm not exactly sure how but I was able to invoke a system restore and I am back in with my reset Microsoft live password for the admin account. Here is the content of the OTL log file after the custom code and reboot...All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully. File PTYJAVA] not found. File ptytemp] not found. File PTYFLASH] not found. OTL by OldTimer - Version 3.2.69.0 log created on 04052013_195907
  4. I'm not able to log in to the computer as an admin now. I was trying to avoid a system restore. My hiren's boot cd is not working but it's a bit dated so I'm going to see what I can find out about an update.
  5. Well MrC I copy and pasted the custom code and it asked me to restart so, I did. Now my password doesn't work. It's a microsoft live account and I tried resetting the password but I still cannot log into the system with my admin account. I'm thinking I'll need to download a Hiren's boot cd to get in...any thoughts?
  6. Well, for the workforce 845 line, that is the networked computer I have on the network but my son did mention something about it not working a while ago but it was well before this dialog box started popping up. For the VirusTotal Scan on C:\Windows\SysWOW64\abwgcwrs\svcboot_iasgxfv.dll; it does come up as a Trojan linked to WebWatcher. This is a service I paid for and installed on my son's laptop before I even gave it to him at Christmas last year. I keep tabs on his extracurricular activities and would like to keep doing so. Again, this has been on the system long before he started getting the dialog box popping up with this error. I can try reinstalling the printer and webwatcher software to see if that corrects the issue. URL for VirusTotal Scan https://www.virustotal.com/en/file/2a8cda1189318408d0ed3305c28e2edd80cf4b0607602292a957c75cd4180ead/analysis/1365208647/
  7. Extras file contents............OTL Extras logfile created on: 4/5/2013 4:44:16 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.90 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.45% Memory free 15.90 Gb Paging File | 14.03 Gb Available in Paging File | 88.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 904.54 Gb Total Space | 796.01 Gb Free Space | 88.00% Space Free | Partition Type: NTFS Drive D: | 26.19 Gb Total Space | 3.10 Gb Free Space | 11.84% Space Free | Partition Type: NTFS Computer Name: HPM4TWO | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09AF8FC3-C682-4ED4-986A-9D4EDB9F1AF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0A31CAE0-C6F5-4AED-BE19-FC776FE081E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{10BBB1E3-EECA-4C4A-8EAF-8336DC0150CE}" = lport=137 | protocol=17 | dir=in | app=system | "{19E6FB07-AEEE-4940-8A9C-F18A3002F208}" = rport=139 | protocol=6 | dir=out | app=system | "{1AAD1585-DEA1-49EB-AB9C-56B4CE91C6E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2F2D9F58-80A8-4469-81E3-548BE14C7F47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B60109F-B532-472C-AE20-F1472A826043}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{3C6103E4-1DB5-4005-80E4-34E93644CBDD}" = rport=138 | protocol=17 | dir=out | app=system | "{3DD3D6CE-C444-4863-B4A1-49452DEEB840}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3ECF0FAC-82F6-49E4-8C88-844240EA8EE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4A6E9F13-2D4B-46D7-91CE-5239D22E2B76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C7EF62D-D257-4201-9947-F206439801F5}" = rport=137 | protocol=17 | dir=out | app=system | "{4F34DDCC-6697-4161-B63A-2DE1DD0E120F}" = lport=10243 | protocol=6 | dir=in | app=system | "{6C9E0176-6210-413A-82C2-F5716105BF5E}" = rport=10243 | protocol=6 | dir=out | app=system | "{70C61E00-09AC-4031-A554-5B92428400A7}" = rport=445 | protocol=6 | dir=out | app=system | "{8DA681F3-4290-4DCD-849D-0ADAAB45692F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A9ACD5A2-26FB-4D15-8A05-46BE597E559F}" = lport=139 | protocol=6 | dir=in | app=system | "{AEEA9EB3-276F-403A-A01A-85335765881A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B19520E9-7E4F-4EC5-86AD-D92C320FA6E1}" = lport=445 | protocol=6 | dir=in | app=system | "{B27D1E31-CCA2-4FBC-8187-8F444F2C5672}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C583E293-08E1-4EAA-BA76-BC2769771EB0}" = lport=138 | protocol=17 | dir=in | app=system | "{EF1F5655-6FA1-4F87-A3F5-F6A1E08C6A29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F21C2AE6-E6F7-4AAC-A824-72CD773D59CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{FD573358-9E0F-4D50-A091-841E7C493424}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003646CD-D683-41F7-B3B8-601E41C74FA7}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{00E558DC-B133-4F56-8E7F-CC2EC59D849C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{054542A1-5D5A-4A37-9D77-9A04DBF1B7C8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0676536B-BB4A-4447-B70B-12F08D7389D2}" = dir=out | name=kindle | "{069F4DDE-7C5A-4D8F-AE7A-7B19DB7129C1}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{0B05F256-2D6B-47BE-A28A-977FEF0BFF70}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{10782E77-54A4-47DC-B29E-24FFD4155E73}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{10DC11AB-35C9-4067-B7AD-E11261295EF6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{11B23C98-10A2-4000-931A-F7EB4127A9BC}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{1298CA6A-8F3A-49A9-8BE9-B3C7327F02AA}" = dir=out | name=netflix | "{132C413D-F807-44EE-8BFD-52100F502CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1460F72F-C016-4443-8E01-E84219E3D1DE}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{14AB21D6-7C3C-424F-A500-8F05F4905855}" = dir=out | name=the chess lv.100 | "{15BA617F-8D0D-4E54-9B35-2F098D5B5880}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{192D79E8-B3D8-4FB9-B5D7-B1DDF16FCF03}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{1936B302-D538-4527-844D-6153C7EF853E}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{1CE324CE-6A4B-4367-B0F1-F23AF261822C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1DD84615-C945-4EEE-B7D6-5D9DC3A7DB77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{204485D2-9956-4384-9501-069CBE3E02FC}" = dir=out | name=microsoft mahjong | "{2084DA51-E7AB-4F9F-9F7F-E5BAFC269BD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{279E6A41-91DF-4989-AF15-1AC1A2B4C7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{27D5D9C6-F96F-4156-82BD-6D50BC78C5C9}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{2C1B8B23-CA7B-46FD-B1BD-40D6C52B56DC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{2C6D5C9A-9A12-477A-BA38-954A2B2D3F8A}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{2DF2A956-7151-41A2-B644-46517A0D004F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{31F2786A-EFE6-49F6-BA77-FFEB79A3A726}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{322A1F3B-A48C-413E-8F20-892AC4DA13F9}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{322E270A-FFE1-4EFC-BAD1-55E90F3A5AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{3619CFBC-0A04-4F28-A05A-962DA60A1203}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{38902A2E-68E8-42D1-968F-28235B227062}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{39762630-9DBA-4853-9EBE-CF72E0C4F7EC}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{3A6DBD1B-3D1F-4EAF-B387-4FAD26FB853D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3AC17866-E28B-4C29-A02B-2D9FFC54DF25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B428359-76DF-4378-A2E8-26D37F35310C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{3B9A9C8C-97DC-4CCD-8642-6B5B45C3DC45}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{3BE0D24C-DD09-47FB-8D92-9AA56891A875}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{3C6FAD07-332D-4DB9-8CC6-7203882DBCA4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{3CB3FE1B-7A33-4E85-AD07-C4D9AF81FCB0}" = dir=out | name=hp registration | "{3D46AB6F-44E7-430B-8D44-AEAE96B301EE}" = dir=out | name=hp connected photo powered by snapfish | "{3FECFEA5-40A4-41F6-B762-3BD5D7B13A07}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{40DDD4A4-88F2-43CD-9832-799A41F7F325}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{41A5E820-F3D2-49AD-8ED1-8A9FFA9507AA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{428B3699-A918-41DB-A544-CF55ED327635}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{4481613F-3E5A-44CA-87BB-FBCDFE504C41}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{44BE89D2-1035-47D0-9DF4-0D7C75C5D82F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{46AE1565-7FB7-45D1-A9E9-3CFBCAA4EC73}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{4917E171-1C51-4D3C-A4F8-66C292B341A2}" = dir=out | name=hp registration | "{4ABD58D0-F58A-4A4D-889F-E049977660FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{4B41902A-B74F-4AE4-A28E-5B6C36FFBF55}" = dir=out | name=ebay | "{4C56B13D-C761-4621-94E3-AD7A6BD54943}" = dir=out | name=microsoft mahjong | "{4E43D957-54F0-4250-9991-6210A5C8D435}" = dir=out | name=microsoft solitaire collection | "{4E77DF04-380D-4105-BC51-B43F50C06E15}" = dir=out | name=iheartradio | "{504F3839-EE63-47E8-A7CC-7862C3C3980A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{5444B943-6F77-48A4-97BA-D8B1867E0C60}" = dir=in | name=ebay | "{54A7C7BB-D0D7-4CB8-894A-4EA530B2BEDB}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{5828547A-6991-4723-B0A9-A893357D6D8D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{5C9D1323-BE70-4399-8B02-344F21988602}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{5D97A602-683A-44C4-B538-C4DF85A5EA2E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{5DD4842F-52FC-4525-ADAE-54661FA124A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5E7CFABB-EF1D-4F00-9B95-A0F18154EA80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6286D868-A63C-4071-B5EE-7BA319A65119}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{63712F51-0D81-46B0-9B7E-2CF38889AEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{66262D69-7E69-438E-897E-470050FE7827}" = dir=out | name=getting started with windows 8 | "{667C317F-07F2-4C14-A7FD-91DC36BC2CAC}" = dir=out | name=microsoft solitaire collection | "{69A971E5-28A6-40C3-89A6-E5DC53B98F6C}" = dir=out | name=hp connected photo powered by snapfish | "{6E07F861-C65F-4B31-B587-6D9794F1D769}" = dir=out | name=brain cube reloaded | "{71360913-3607-44C3-81C8-716F1072970A}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{71693A1D-98E3-4ED2-807F-2DC55198786F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{74258772-B639-4F21-8990-C1E575D649FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{747E83DB-D67F-4155-B7A2-D31CDCED6715}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{764A2484-3516-4292-A8E7-D99A5F08BA51}" = dir=out | name=skype | "{771EBDDD-4F04-45F0-980A-94DF606D8E7D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7720EF7C-C48B-4E76-A981-5186FE891B33}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{7AAD503D-B549-45D0-86B7-89E5F44AE51C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{7C582C8A-3AEA-4133-967A-5DFA68288E7D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{7E28164B-110A-4684-BFA7-09DE2EAF2904}" = protocol=6 | dir=out | app=system | "{7FC0C5CF-6F57-4BFB-9F86-FDF5B822E622}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7FD3BED3-13BC-4479-B452-872F7DE48B6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{81505996-1E1E-4D26-B49C-768B07047363}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{8249B76B-F6CD-446C-A6AA-BAFD84FF70AD}" = dir=in | name=ebay | "{849455CF-25A6-4C8B-B44A-5115D07D6A65}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{852870A7-A419-4625-878E-9BAD8840EEE7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{857E9D96-D945-4384-8462-4788DDC7FC4F}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{86D952C2-C1D9-4C22-9319-86227AC4DC2C}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | "{8BBC5687-B4CE-451B-942A-15863D7D4CF9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{8DEA4AAC-8CBA-490C-876A-31A14605335C}" = dir=out | name=norton studio | "{8FCA09BD-C36C-4260-8286-CF043DB746FB}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{8FF15983-DEEB-459E-8279-537C6AE8BA24}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{949F5A81-8026-453C-B322-8DDD31841467}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{95863EF6-EB9C-41C7-9A12-7BC12800D51A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{960D0581-AC1B-4BDE-A641-3D803978EC41}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{96D366FD-289B-4CBD-9359-730AAD2E629C}" = dir=out | name=hp+ | "{9F0B27E3-B049-4EE1-8C7A-67C0FDD6FAAF}" = dir=out | name=iheartradio | "{9FD67F77-CAB2-4DC9-8E5F-244D98D9B147}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{A30094D2-DEA6-4B9F-A2BF-5515A4C995AE}" = dir=out | name=microsoft minesweeper | "{A575D0C6-6BB6-4C64-8A32-C42B14E0B915}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{A59EB07B-5A7E-4B17-8EFD-CA3CAF33FFDB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{A6B1B092-B0C1-4C9C-885E-197CDF5C984C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A9ED53AE-2B54-4A75-AD8A-8401C812D199}" = dir=out | name=norton studio | "{AA82B65A-0DFC-43FA-B533-34BA9977EBFA}" = dir=in | name=kindle | "{ABA19E48-5762-486C-912D-32529D4EEC42}" = dir=out | name=netflix | "{AD2D44E5-B92C-4A46-8072-E8106CAB6493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AEA44DBF-005A-47E9-8813-4FA36E9D281A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{B37DB2DE-F79A-4F83-9E11-A5D8763D8F08}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{B7166EB6-28FB-4AA1-8330-9B73E7844426}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BC9E6504-6B78-442A-8A0B-E1C5502E885F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C19B5D43-A7AA-4FE0-93AD-CE4C467A9588}" = dir=in | name=hp+ | "{C20F2950-D7B4-49BA-940F-C8C3BAF5206C}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{C34EF96A-BC4E-47DC-8D8B-85C6AAA6D6B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | "{C3B5994A-279D-4B8C-B22C-C04BFB1D1AC3}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{C56FAA6F-4574-44F0-8568-B6E301CA1863}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{C6A81BBF-F579-4101-BB31-8A6A2418E490}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C79D4F79-D6E4-45FB-9EEF-094956DE5C5C}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{CFDA0FCC-6813-4F3E-BCDB-34BC2AE9B2CE}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{D16DA57E-E788-40E8-985A-034E1D9E1532}" = dir=in | name=skype | "{D1AB9758-D14E-4B3C-A336-0335F2E171A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D3BA08BF-B737-43C2-BA30-71B1BE4E4BAF}" = dir=out | name=hp+ | "{D52F13FF-9DBB-4DC4-B332-C2000B45FA5B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{D61538FA-4FCB-4717-9DA5-262CBC149641}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DA145A21-0DF9-41A1-92CF-7D670CE696EE}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{DB952C89-69BB-4DAA-8242-0CEDDE1BC5F8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DBCA0079-393D-470C-9778-B0B784E4370E}" = dir=out | name=getting started with windows 8 | "{DBE82770-09CC-4005-9493-E8C525A30B89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DD0B1418-20AB-4EFB-B9C8-71A7B54C858A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DD4176D0-2A4A-4EE7-BE5B-A8C3DD65C63F}" = dir=out | name=@{470alexeigarbuzenko.mindgamesfree_1.0.3.23_neutral__gd2qghq4jdjcm?ms-resource://470alexeigarbuzenko.mindgamesfree/resources/appname} | "{DEF3E97B-68AE-4997-9D74-1F7EEF989FA1}" = dir=in | name=hp connected photo powered by snapfish | "{E2620682-7F35-42C5-98E7-ADCAC318779B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E328BBB5-76C4-456D-A665-6D9374E8A12B}" = dir=out | name=ebay | "{E5EE42F7-0D12-4BBD-9CF8-BCC811BB49CC}" = dir=out | name=kindle | "{E75A85FA-808D-488A-8240-303929391AD0}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{ED3F561D-8A2E-4B1A-937C-BF4DD2B00D90}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{EFDA139C-DF04-447A-BAF8-FD5F134018BA}" = dir=out | name=khan academy | "{F0F52793-9C50-418B-89A8-B9E9E9CFDEEC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{F93AB4D3-B8A3-4589-AEE6-6E81AD1BFD92}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{FB32D585-324E-4849-9829-120975CA28A6}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{FBA3E2C2-A8CD-4096-B628-BB786F0BAE6B}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{FD086493-9281-4C7F-A2B6-00E1FA6BDE9D}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "TCP Query User{AE9AE315-9368-41DD-B643-289810D23999}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{A679D1A8-7290-4DDB-A834-DE354C3D4650}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{E33003B9-6A0D-4126-BD67-6FC62D643501}" = AuthenTec WinBio FingerPrint Software 64-bit "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service "{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security "{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit "{F244D07D-1876-4CDD-914D-214E15A8D327}" = HP 3D DriveGuard "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "CutePDF Writer Installation" = CutePDF Writer 3.0 "EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{47320D8D-3600-474A-8356-2F62244186D4}" = HP Documentation "{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}" = HP Connected Backup "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ASD800_is1" = Anime Studio Debut 8.0 "EPSON Scanner" = EPSON Scan "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "StartHPConnectedMusic" = HP Connected Music (Meridian - installer) "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "WTA-00ee9f72-1888-4ee8-8443-8658863d35ea" = Mortimer Beckett and the Crimson Thief Premium Edition "WTA-0be7435c-e3e5-4366-91ef-2d3737b11ab9" = Polar Golfer "WTA-16a3689b-86f9-454a-b03b-be1db463baae" = Peggle Nights "WTA-1b6e4cee-1285-48e7-9474-075ec4ca541e" = FlatOut 2 "WTA-2cb9195d-9720-4df7-a983-fbb4b5c24f56" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-30bf96f3-297d-4df5-b54f-10a98475ae75" = Governor of Poker 2 Premium Edition "WTA-33567c1d-e099-475a-920a-175a7b6f8c21" = Polar Bowler "WTA-341a7a86-b9b6-4fb8-8694-f920c26f020f" = Luxor Evolved "WTA-464eabfa-d467-46db-afb4-11b17ce94ea5" = Bejeweled 3 "WTA-4f66b41e-31e2-42b0-be65-87c4c4f1d9df" = Farm Frenzy "WTA-5b68c26c-fd89-44ee-a731-351aca17bad4" = 4 Elements II "WTA-5e90157a-3df8-41ab-96a3-4bce361af3bb" = Cradle of Rome 2 "WTA-659f348e-0ff4-41dd-91b2-3125e9d2ca3f" = Tales of Lagoona "WTA-6ba888ab-502a-4e5d-99c8-32b37d2dcd60" = Penguins! "WTA-71a73639-4524-4f1a-93f5-31eaff258198" = Hoyle Card Games "WTA-75d8beac-7a95-4af6-9e8f-d6078cacd6af" = Build-a-lot 4 - Power Source "WTA-76fcf2d8-a82f-4af6-b9c0-c263817a0613" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-83332ff4-e264-4697-b32b-3f557613d562" = Cradle Of Egypt Collector's Edition "WTA-9fcb7beb-c828-48cd-bfa1-5df9d015dbdf" = Roads of Rome 3 "WTA-a3fca10b-f47c-437e-92b3-65f794a7ff12" = Vacation Quest™ - Australia "WTA-d4f2b98b-0608-434d-a230-eb7ee97f6e25" = Zuma's Revenge "WTA-de07b294-ad78-4f11-b718-0948e6e3c48f" = Jewel Match 3 "WTA-de34260f-737e-413d-a99a-3d70cf6acdbb" = John Deere Drive Green "WTA-e519b0a0-d5aa-4ba4-a14d-5ec2080930b8" = FATE: The Cursed King "WTA-ea84dbde-a9f3-4378-9d82-35749bdc8b75" = Final Drive Fury "WTA-f46b31cc-86f2-41ee-855f-36f73c5e6d54" = Chuzzle Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/29/2013 10:06:01 PM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0x21c8 Faulting application start time: 0x01ce2ceb1bcacf60 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: 5df9f025-98de-11e2-bed6-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/29/2013 10:19:02 PM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0x2110 Faulting application start time: 0x01ce2ce9c21b6d66 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: 2fe08fd7-98e0-11e2-bed6-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/30/2013 10:00:58 AM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0x1898 Faulting application start time: 0x01ce2d4eb0467946 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: 3e8e5eb3-9942-11e2-bed7-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/30/2013 10:15:07 AM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0x1be4 Faulting application start time: 0x01ce2d4f3926460e Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: 38d01365-9944-11e2-bed7-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/30/2013 10:19:32 AM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0xf48 Faulting application start time: 0x01ce2d51043cfccf Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: d6997b90-9944-11e2-bed7-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/30/2013 10:32:45 AM | Computer Name = HPm4two | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time. Error - 3/30/2013 10:35:20 AM | Computer Name = HPm4two | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time. Error - 3/30/2013 10:38:39 AM | Computer Name = HPm4two | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time. Error - 3/30/2013 10:39:23 AM | Computer Name = HPm4two | Source = Application Error | ID = 1000 Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16519, time stamp: 0x51106090 Faulting module name: mcie_yjoorcgd.dll, version: 8.1.20.1048, time stamp: 0x509c1642 Exception code: 0xc0000005 Fault offset: 0x0000c1c1 Faulting process id: 0x13f4 Faulting application start time: 0x01ce2d519a28624d Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: c:\windows\system32\abwgcwrs\mcie_yjoorcgd.dll Report Id: 9c8551f8-9947-11e2-bed7-6c3be5f1f152 Faulting package full name: Faulting package-relative application ID: Error - 3/30/2013 10:40:35 AM | Computer Name = HPm4two | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time. [ System Events ] Error - 4/2/2013 4:52:18 PM | Computer Name = HPM4TWO | Source = BugCheck | ID = 1001 Description = Error - 4/2/2013 4:57:08 PM | Computer Name = HPm4two | Source = EventLog | ID = 6008 Description = The previous system shutdown at 3:52:14 PM on ?4/?2/?2013 was unexpected. Error - 4/3/2013 7:48:23 AM | Computer Name = HPm4two | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:34:07 PM on ?4/?2/?2013 was unexpected. Error - 4/3/2013 6:20:23 PM | Computer Name = HPm4two | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:18:23 AM on ?4/?3/?2013 was unexpected. Error - 4/3/2013 6:22:40 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7038 Description = The HomeGroupProvider service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 4/3/2013 6:22:40 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7000 Description = The HomeGroup Provider service failed to start due to the following error: %%1069 Error - 4/3/2013 6:22:40 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7038 Description = The NcdAutoSetup service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 4/3/2013 6:22:40 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7000 Description = The Network Connected Devices Auto-Setup service failed to start due to the following error: %%1069 Error - 4/3/2013 6:22:42 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1115 Error - 4/3/2013 6:22:43 PM | Computer Name = HPm4two | Source = Service Control Manager | ID = 7023 Description = The Server service terminated with the following error: %%1115 < End of report >
  8. Again, thank you, Mr. C...here is the OTL file contents... OTL logfile created on: 4/5/2013 4:44:16 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.90 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.45% Memory free 15.90 Gb Paging File | 14.03 Gb Available in Paging File | 88.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 904.54 Gb Total Space | 796.01 Gb Free Space | 88.00% Space Free | Partition Type: NTFS Drive D: | 26.19 Gb Total Space | 3.10 Gb Free Space | 11.84% Space Free | Partition Type: NTFS Computer Name: HPM4TWO | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/05 16:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/08/10 04:36:54 | 001,641,320 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe PRC - [2012/08/10 04:36:40 | 003,698,024 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe PRC - [2012/08/10 04:36:26 | 004,073,320 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe PRC - [2012/07/27 21:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2012/07/09 23:35:36 | 002,232,320 | ---- | M] () -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe PRC - [2012/07/09 15:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/07/09 15:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012/03/28 21:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/08/26 16:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe ========== Modules (No Company Name) ========== MOD - [2013/02/26 08:05:48 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll MOD - [2013/02/26 08:05:47 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll MOD - [2013/02/17 11:33:56 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll MOD - [2013/01/31 22:07:30 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll MOD - [2013/01/31 22:07:08 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll MOD - [2013/01/31 22:07:04 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll MOD - [2013/01/31 22:06:59 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll MOD - [2013/01/31 22:06:42 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll MOD - [2013/01/31 22:06:38 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll MOD - [2013/01/31 22:06:33 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll MOD - [2013/01/31 22:06:33 | 000,197,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\b249a18b676b527f7afd1366fb91f3d3\CustomMarshalers.ni.dll MOD - [2012/08/10 04:36:26 | 004,073,320 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe MOD - [2012/06/08 14:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/02/02 03:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/01/28 20:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012/11/08 02:37:40 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012/08/10 18:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/20 20:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/07/16 09:59:12 | 000,401,256 | ---- | M] (AuthenTec, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService) SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/08 16:13:25 | 000,231,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\abwgcwrs\svcboot_iasgxfv.dll -- (svcboot_iasgxfv) SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/08/10 19:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/08/10 04:36:54 | 001,641,320 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService) SRV - [2012/07/30 17:37:14 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 22:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/07/09 23:35:36 | 002,232,320 | ---- | M] () [Auto | Running] -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe -- (WLAN ServiceC) SRV - [2012/07/09 15:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/06 23:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/02/02 06:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/02/02 02:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/01/28 20:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/01/28 18:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/01/11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013/01/09 20:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/08 02:38:10 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/10/18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/10/11 00:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012/08/24 04:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/08/24 04:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/24 04:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012/08/10 18:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012/08/10 18:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012/08/09 01:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012/08/03 17:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/07/31 14:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/07/30 08:11:10 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/20 20:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/06/25 13:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012/06/19 10:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/06/13 21:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1985870087-4127796352-1342441762-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845" File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/04 07:16:08 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine [2013/04/03 20:07:50 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes [2013/04/03 20:07:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/03 20:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/03 20:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/03 20:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/03 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Programs [2013/03/13 16:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java ========== Files - Modified Within 30 Days ========== [2013/04/05 16:43:52 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2013/04/04 20:58:56 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/04 20:58:55 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/04 20:58:55 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/04 20:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/04 20:53:59 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/04/04 20:53:54 | 2488,025,087 | -HS- | M] () -- C:\hiberfil.sys [2013/04/03 20:07:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/03 19:49:32 | 386,638,421 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/04/03 18:26:53 | 000,015,853 | ---- | M] () -- C:\Users\owner\Documents\issue2.png [2013/04/03 17:21:40 | 000,009,595 | ---- | M] () -- C:\Users\owner\Documents\issue.png [2013/03/15 17:52:48 | 000,432,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/13 16:53:41 | 000,124,140 | ---- | M] () -- C:\Users\owner\Documents\Robert's activity 2013-03-09 -2.png [2013/03/13 16:53:30 | 000,124,140 | ---- | M] () -- C:\Users\owner\Documents\Robert's activity 2013-03-09.png ========== Files Created - No Company Name ========== [2013/04/03 20:07:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/03 18:26:53 | 000,015,853 | ---- | C] () -- C:\Users\owner\Documents\issue2.png [2013/04/03 17:21:40 | 000,009,595 | ---- | C] () -- C:\Users\owner\Documents\issue.png [2013/03/15 17:52:34 | 000,432,256 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/13 16:53:41 | 000,124,140 | ---- | C] () -- C:\Users\owner\Documents\Robert's activity 2013-03-09 -2.png [2013/03/13 16:53:23 | 000,124,140 | ---- | C] () -- C:\Users\owner\Documents\Robert's activity 2013-03-09.png [2013/01/31 08:23:50 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/08/03 17:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/30 08:11:20 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/07/30 08:11:02 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/07/30 08:11:00 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/07/25 15:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012/07/25 15:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012/07/25 15:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012/09/03 23:51:33 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 18:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 18:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/25 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Synaptics [2013/03/20 13:51:49 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft [2012/12/25 15:39:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Synaptics [2013/02/19 07:52:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Synthesia [2012/12/25 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WebApp [2013/02/03 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > ...................Extras file contents in next post...................
  9. Mr C, I've run the Malwarebytes Anti-Rootkit but it came up clean. I even rebooted and ran it again just to be certain. I also ran the fixdamage tool however, the system still has popup stating "svchost.exe - System Error; The program can't start because Proxy.dll is missing from your computer. Try reinstalling the program to fix this problem." Any other ideas? If I click OK on the dialog box it just comes right back up. Everything seems to work fine, there just this annoying dialog box that won't go away. Thanks for your assistance.
  10. MrCharlie, thank you for your reply. I've run RogueKiller and here is the log... RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : owner [Admin rights] Mode : Scan -- Date : 04/04/2013 07:18:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] RT28.exe -- C:\Programdata\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe [-] -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++ --- User --- [MBR] cd9ad748b7c6004fde0d6ff6abc12a76 [bSP] 9f831dad79f2825ef4c65c83ab5191b4 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04042013_02d0718.txt >> RKreport[1]_S_04042013_02d0718.txt
  11. I'm trying to fix my son's laptop which has a popup stating svchost.exe - System Error; The program can't start because Proxy.dll is missing from your computer. Try reinstalling the program to fix this problem. I've tried system restore three times to no avail. I've run the Malwarebytes mbam-setup-1.70.0.1100.exe which came up with nothing. I've run antivirus which found one issue that I was able to quarantine. But nothing will make this error go away. I don't really want to take the time to rebuild this system. I've run dds.com and below are the logs...DDS.txt = DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2 Run by owner at 20:19:39 on 2013-04-03 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8086.6054 [GMT -5:00] . AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\dwm.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\SysWOW64\svchost.exe -k svcboot_iasgxfv C:\Programdata\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhostex.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\HP SimplePass\TouchControl.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe C:\Program Files\Common Files\AuthenTec\TrueService.exe C:\Program Files\Common Files\AuthenTec\TrueService.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\System32\RuntimeBroker.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845" mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7}\35945554D275946494 : DHCPNameServer = 146.163.252.7 146.163.252.6 TCP: Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7}\369736C656077727 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7}\4496A7A797445776F65747 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{D90CBDB3-530B-4395-BE0F-0B5ABD53F0F7}\4516C6C6541676C656 : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952] R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-8 92536] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2012-11-8 22736] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdGuard.sys [2012-11-8 585592] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2012-11-8 41240] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-8 165760] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-3 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-3 682344] R2 svcboot_iasgxfv;svcboot_iasgxfv;C:\Windows\System32\svchost.exe -k svcboot_iasgxfv [2013-1-31 29696] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-8 364416] R2 WLAN ServiceC;WLAN ServiceC;C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe [2012-11-8 2232320] R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\Drivers\ATSwpWDF.sys [2012-10-18 1111856] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-4-3 24176] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-11-8 1958984] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-8 683664] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-8 43832] R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-8 266896] S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-8 41272] S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-1-31 23552] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] . =============== Created Last 30 ================ . 2013-04-04 01:07:50 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes 2013-04-04 01:07:41 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-04 01:07:41 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-04 01:07:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-04 01:06:03 -------- d-----w- C:\Users\owner\AppData\Local\Programs 2013-03-23 18:13:45 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-22 11:54:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-03-13 22:36:01 10115072 ----a-w- C:\Windows\System32\twinui.dll 2013-03-13 22:36:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-03-13 22:36:00 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-13 22:36:00 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-13 22:34:06 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-03-13 22:34:06 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-03-13 22:34:06 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-03-13 22:34:06 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-03-13 22:34:05 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll 2013-03-13 22:34:05 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-03-13 21:57:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2013-03-13 21:57:27 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-13 21:57:27 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-02-22 13:47:14 83968 ----a-w- C:\Windows\System32\E_YD4BHSA.DLL 2013-02-22 13:47:14 120320 ----a-w- C:\Windows\System32\E_YLMHSA.DLL 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll 2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll 2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe 2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe 2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll 2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll 2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll 2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll 2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll 2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll 2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll 2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll 2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll 2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll 2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll 2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll 2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll 2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll 2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys 2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-12 01:02:34 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys 2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe 2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe 2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll 2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll 2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll 2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll 2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL 2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe 2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe 2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll 2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll . ============= FINISH: 20:20:00.27 =============== Attach.txt = . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 12/25/2012 1:45:31 PM System Uptime: 4/3/2013 7:49:11 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 18EE Processor: Intel® Core i7-3632QM CPU @ 2.20GHz | U3E1 | 2201/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 905 GiB total, 797.069 GiB free. D: is FIXED (NTFS) - 26 GiB total, 3.1 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP12: 3/13/2013 4:56:48 PM - Installed Java 7 Update 17 RP14: 3/23/2013 2:33:52 PM - Windows Update RP15: 3/26/2013 6:37:09 PM - Windows Update RP16: 4/3/2013 5:25:10 PM - Restore Operation . ==== Installed Programs ====================== . 4 Elements II Adobe Reader XI Adobe Shockwave Player 11.6 Anime Studio Debut 8.0 AuthenTec TrueAPI 64-bit AuthenTec WinBio FingerPrint Software 64-bit Bejeweled 3 Bonjour Build-a-lot 4 - Power Source Chuzzle Deluxe COMODO Internet Security Cradle Of Egypt Collector's Edition Cradle of Rome 2 CutePDF Writer 3.0 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Energy Star EPSON Scan EPSON WorkForce 845 Series Printer Uninstall Farm Frenzy FATE: The Cursed King Final Drive Fury FlatOut 2 Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.0.0 Hoyle Card Games HP 3D DriveGuard HP Connected Backup HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP MyRoom HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP SimplePass HP Software Framework HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel® Management Engine Components Intel® Processor Graphics Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Trusted Connect Service Client Java 7 Update 17 Java Auto Updater Jewel Match 3 John Deere Drive Green Luxor Evolved Mahjongg Dimensions Deluxe: Tiles in Time Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Application Error Reporting Microsoft Office Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mortimer Beckett and the Crimson Thief Premium Edition MSVCRT Mystery P.I. - Curious Case of Counterfeit Cove Peggle Nights Penguins! Polar Bowler Polar Golfer Ralink RT5390R 802.11bgn Wi-Fi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Roads of Rome 3 Skype™ 6.1 Star Wars: The Old Republic swMSM Synaptics Pointing Device Driver Tales of Lagoona Update Installer for WildTangent Games App Vacation Quest™ - Australia WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World of Warcraft Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 4/3/2013 7:49:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc0000018 (0xfffff8a00002d690, 0xfffff8a00010d540, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040313-32390-01. 4/3/2013 7:27:44 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: A system shutdown is in progress. 4/3/2013 7:27:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 4/3/2013 7:27:42 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown. 4/3/2013 5:22:40 PM, Error: Service Control Manager [7038] - The NcdAutoSetup service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/3/2013 5:22:40 PM, Error: Service Control Manager [7038] - The HomeGroupProvider service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/3/2013 5:22:40 PM, Error: Service Control Manager [7000] - The Network Connected Devices Auto-Setup service failed to start due to the following error: The service did not start due to a logon failure. 4/3/2013 5:22:40 PM, Error: Service Control Manager [7000] - The HomeGroup Provider service failed to start due to the following error: The service did not start due to a logon failure. 4/2/2013 3:52:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc0000018 (0xfffff8a0000cbf90, 0xfffff8a00010baa0, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040213-16421-01. . ==== End Of File =========================== Any assistance would be greatly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.