svchost is winning

nicolep218 · April 19, 2012

We started off here on April 3rd:

http://forums.malwarebytes.org/index.php?showtopic=108160&st=0

Computer worked for a week or so,Now we're here:

http://forums.malwarebytes.org/index.php?app=members&module=messaging&section=view&do=showConversation&topicID=34909&st=20#msg47240

It seems like I can't get on my computer in safe or normal mode without recovering.

I'm working from ipad.

Nicole

Maurice Naggar · April 19, 2012

Hello Nicole.

Your 2nd link (above) is not linking properly. Please be sure that you do not have more than 1 active topic for this system !

These steps are for member nicolep218 only. If you are a casual viewer, do NOT try this on your system!

If you are not nicolep218 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & Result.txt .

Use separate replies as needed if logs do not fit into one reply box.

nicolep218 · April 19, 2012

http://forums.malwarebytes.org/index.php?app=members&module=messaging&section=view&do=showConversation&topicID=34909&st=20#msg47240

Does it work now?

Maurice Naggar · April 19, 2012

Still no. Disregard that, but do the tasks I outlined (as above). I need those reports for review.

nicolep218 · April 19, 2012

rsit #1

Logfile of random's system information tool 1.09 (written by random/random)

Run by Nicole at 2012-04-19 12:50:02

Microsoft Windows 7 Home Premium

System drive C: has 209 GB (72%) free of 292 GB

Total RAM: 3999 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:50:25 PM, on 4/19/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Nicole.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 176.9.75.3 www.google-analytics.com.

O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.

O1 - Hosts: 176.9.75.3 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [googletalk] C:\Users\Nicole\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [ceafdbeabdcfaedct] "C:\ProgramData\ceafdbeabdcfaedct.exe"

O4 - HKUS\S-1-5-18\..\Run: [drivermgr] \devicemgrpro.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ACFinder] "C:\Windows\system32\config\systemprofile\AppData\Local\AppCore\ACFinder\ACFinder.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ceafdbeabdcfaedct] "C:\ProgramData\ceafdbeabdcfaedct.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [drivermgr] \devicemgrpro.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\STacSV64.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 14552 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Explorer.EXE

ctfmon.exe

-netsvcs

\??\C:\Windows\system32\conhost.exe "-196165533112362496481667532956811650859111849401735852792814921892791058864783

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1184 CREDAT:79875

ctfmon.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1184 CREDAT:145413

"C:\Users\Nicole\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3421062915-921111798-977847982-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3421062915-921111798-977847982-1000UA.job

C:\Windows\tasks\HPCeeScheduleForNicole.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-01-11 1517368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]

AIM Toolbar Loader - C:\Program Files (x86)\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-01-21 163128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files (x86)\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-01-11 1517368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-24 1560872]

"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-11-18 914224]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2008-10-26 441856]

"blmry"=C:\Windows\TEMP\blmry.dll,CompileShader []

"stfet"=C:\Windows\TEMP\stfet.dll,AssociateRobo []

"qdmdsv"=C:\Windows\TEMP\qdmdsv.dll,PreprocessShaderFromResourceA []

"cdlps"=C:\Windows\TEMP\cdlps.dll [2012-04-18 110592]

"dwimgs"=C:\Windows\TEMP\dwimgs.dll [2012-04-18 254464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-13 163328]

"googletalk"=C:\Us [2012-04-10 1573]

"HPAdvisor"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-11-18 966656]

"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

"Messenger (Yahoo!)"=C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

"MobileDocuments"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]

"ceafdbeabdcfaedct"=C:\ProgramData\ceafdbeabdcfaedct.exe [2012-04-18 86016]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"CLMLServer for HP TouchSmart"=C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-12-25 189736]

"DVDAgent"=C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-11-28 1148200]

"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128]

"TSMAgent"=C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-12-25 1316136]

"TVAgent"=C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [2009-05-08 206120]

"UCam_Menu"=C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-11-14 218408]

"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-10-30 210216]

"UpdatePDIRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-11-26 210216]

"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-12-08 432432]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-03-27 421736]

"dplaysvr"=C:\Windows\system32\config\system [2012-04-19 18087936]

C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-04-01 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"legalnoticetext"=

"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-19 13:19:06 ----D---- C:\Temp

2012-04-19 12:50:02 ----D---- C:\rsit

2012-04-19 12:50:02 ----D---- C:\Program Files\trend micro

2012-04-19 12:40:17 ----D---- C:\Program Files (x86)\ERUNT

2012-04-19 11:29:32 ----A---- C:\Windows\svchost.exe

2012-04-19 08:46:19 ----SD---- C:\ComboFix

2012-04-18 20:00:41 ----SHD---- C:\$RECYCLE.BIN

2012-04-18 00:37:41 ----A---- C:\ProgramData\ceafdbeabdcfaedct.exe

2012-04-14 15:58:47 ----D---- C:\Windows\system64

2012-04-13 18:12:49 ----A---- C:\Windows\zip.exe

2012-04-13 18:12:49 ----A---- C:\Windows\SWSC.exe

2012-04-13 18:12:49 ----A---- C:\Windows\SWREG.exe

2012-04-13 18:12:49 ----A---- C:\Windows\sed.exe

2012-04-13 18:12:49 ----A---- C:\Windows\PEV.exe

2012-04-13 18:12:49 ----A---- C:\Windows\NIRCMD.exe

2012-04-13 18:12:49 ----A---- C:\Windows\MBR.exe

2012-04-13 18:12:49 ----A---- C:\Windows\grep.exe

2012-04-13 18:12:43 ----D---- C:\Windows\ERDNT

2012-04-13 18:12:39 ----D---- C:\Qoobox

2012-04-12 06:27:06 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-04-12 06:27:06 ----A---- C:\Windows\system32\mshtmled.dll

2012-04-12 06:27:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-04-12 06:27:05 ----A---- C:\Windows\system32\iertutil.dll

2012-04-12 06:27:04 ----A---- C:\Windows\SYSWOW64\url.dll

2012-04-12 06:27:04 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-04-12 06:27:04 ----A---- C:\Windows\system32\url.dll

2012-04-12 06:27:04 ----A---- C:\Windows\system32\jscript9.dll

2012-04-12 06:27:04 ----A---- C:\Windows\system32\ieui.dll

2012-04-12 06:27:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-04-12 06:27:03 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-04-12 06:27:02 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-04-12 06:27:02 ----A---- C:\Windows\system32\urlmon.dll

2012-04-12 06:27:02 ----A---- C:\Windows\system32\jsproxy.dll

2012-04-12 06:27:02 ----A---- C:\Windows\system32\jscript.dll

2012-04-12 06:27:01 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-04-12 06:27:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-04-12 06:27:00 ----A---- C:\Windows\system32\wininet.dll

2012-04-12 06:26:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-04-12 06:26:57 ----A---- C:\Windows\system32\mshtml.dll

2012-04-12 06:26:56 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-04-12 06:26:54 ----A---- C:\Windows\system32\ieframe.dll

2012-04-12 06:25:36 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2012-04-12 06:25:36 ----A---- C:\Windows\system32\imagehlp.dll

2012-04-12 06:25:36 ----A---- C:\Windows\system32\drivers\fs_rec.sys

2012-04-12 06:25:32 ----A---- C:\Windows\SYSWOW64\wmi.dll

2012-04-12 06:25:32 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2012-04-12 06:25:32 ----A---- C:\Windows\system32\wmi.dll

2012-04-12 06:25:32 ----A---- C:\Windows\system32\wintrust.dll

2012-04-09 09:42:00 ----D---- C:\Users\Nicole\AppData\Roaming\Mozilla

2012-04-06 18:41:38 ----D---- C:\Cache

2012-04-05 08:13:55 ----D---- C:\w

2012-04-05 08:13:55 ----D---- C:\visi

2012-04-05 08:13:54 ----D---- C:\skins

2012-04-03 18:09:17 ----A---- C:\TDSSKiller.2.7.25.0_03.04.2012_18.09.16_log.txt

2012-04-03 17:09:29 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-04-03 17:09:29 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-04-03 17:09:27 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-04-03 17:03:10 ----A---- C:\TDSSKiller.2.7.25.0_03.04.2012_17.03.10_log.txt

2012-04-03 16:59:04 ----A---- C:\TDSSKiller.2.7.25.0_03.04.2012_16.59.04_log.txt

2012-04-03 16:36:42 ----D---- C:\TDSSKiller_Quarantine

2012-04-03 16:29:12 ----A---- C:\TDSSKiller.2.7.25.0_03.04.2012_16.29.12_log.txt

2012-04-01 23:06:14 ----D---- C:\e

2012-04-01 22:20:34 ----D---- C:\Data

2012-04-01 21:37:35 ----D---- C:\Program Files\iPod

2012-04-01 21:37:34 ----D---- C:\Program Files\iTunes

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\msrating.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\msls31.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\mshtmler.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\iepeers.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\ieakeng.dll

2012-04-01 03:43:01 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\wextract.exe

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\webcheck.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\pngfilt.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\occache.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\mshta.exe

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\licmgr10.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\inseng.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\imgutil.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\iexpress.exe

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ieakui.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ieaksie.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\icardie.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2012-04-01 03:43:00 ----A---- C:\Windows\SYSWOW64\admparse.dll

2012-04-01 03:43:00 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2012-04-01 03:43:00 ----A---- C:\Windows\system32\pngfilt.dll

2012-04-01 03:43:00 ----A---- C:\Windows\system32\occache.dll

2012-04-01 03:43:00 ----A---- C:\Windows\system32\msrating.dll

2012-04-01 03:43:00 ----A---- C:\Windows\system32\msls31.dll

2012-04-01 03:43:00 ----A---- C:\Windows\system32\ieUnatt.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\wextract.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\webcheck.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\vbscript.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\mshtmler.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\mshta.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\msfeedssync.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\msfeedsbs.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\msfeeds.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\licmgr10.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\inseng.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\imgutil.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iexpress.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iesysprep.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iesetup.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iernonce.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iepeers.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\iedkcs32.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ieapfltr.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ieapfltr.dat

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ieakui.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ieaksie.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ieakeng.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\IEAdvpack.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\ie4uinit.exe

2012-04-01 03:42:59 ----A---- C:\Windows\system32\icardie.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\dxtrans.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\dxtmsft.dll

2012-04-01 03:42:59 ----A---- C:\Windows\system32\admparse.dll

2012-03-30 22:18:52 ----D---- C:\Users\Nicole\AppData\Roaming\DriverCure

2012-03-30 22:18:51 ----D---- C:\Users\Nicole\AppData\Roaming\ParetoLogic

2012-03-30 22:18:36 ----D---- C:\ProgramData\ParetoLogic

2012-03-30 22:18:36 ----D---- C:\Program Files (x86)\ParetoLogic

2012-03-30 05:29:44 ----D---- C:\a264f848cfff78beb326d7

2012-03-30 00:05:38 ----A---- C:\devicemgrpro.exe

2012-03-27 23:30:02 ----SHD---- C:\Windows\system32\%APPDATA%

2012-03-25 14:30:11 ----D---- C:\ProgramData\AVG2012

2012-03-25 13:02:10 ----D---- C:\ProgramData\PC Tools

======List of files/folders modified in the last 1 month======

2012-04-19 12:50:09 ----D---- C:\Windows\Temp

2012-04-19 12:50:02 ----RD---- C:\Program Files

2012-04-19 12:40:17 ----RD---- C:\Program Files (x86)

2012-04-19 12:36:08 ----A---- C:\Windows\ntbtlog.txt

2012-04-19 12:32:52 ----A---- C:\ProgramData\HPWALog.txt

2012-04-19 12:24:10 ----D---- C:\Users\Nicole\AppData\Roaming\Skype

2012-04-19 11:58:41 ----D---- C:\Windows\system32\config

2012-04-19 11:49:10 ----SHD---- C:\System Volume Information

2012-04-19 11:47:46 ----SHD---- C:\Windows\Installer

2012-04-19 11:30:07 ----D---- C:\ProgramData

2012-04-19 11:29:32 ----D---- C:\Windows

2012-04-19 08:46:17 ----D---- C:\Windows\system32\drivers

2012-04-18 20:09:04 ----D---- C:\Windows\System32

2012-04-18 20:09:04 ----D---- C:\Windows\inf

2012-04-18 20:09:04 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-04-18 17:37:46 ----A---- C:\Windows\system.ini

2012-04-18 17:26:16 ----D---- C:\Windows\Minidump

2012-04-13 19:03:06 ----D---- C:\Windows\Tasks

2012-04-13 18:58:48 ----D---- C:\Windows\SYSWOW64\drivers

2012-04-13 18:58:48 ----D---- C:\Windows\SysWOW64

2012-04-13 18:58:48 ----D---- C:\Windows\AppPatch

2012-04-13 18:58:47 ----D---- C:\Program Files\Common Files

2012-04-13 18:58:47 ----D---- C:\Program Files (x86)\Common Files

2012-04-13 18:40:59 ----D---- C:\Users\Nicole\AppData\Roaming\Adobe

2012-04-13 18:40:58 ----D---- C:\Windows\system32\drivers\etc

2012-04-13 18:40:54 ----D---- C:\Program Files (x86)\somototoolbar

2012-04-13 00:17:15 ----D---- C:\Windows\Microsoft.NET

2012-04-13 00:17:13 ----RSD---- C:\Windows\assembly

2012-04-12 12:49:28 ----D---- C:\Windows\system32\catroot2

2012-04-12 12:47:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-12 08:26:05 ----D---- C:\Windows\winsxs

2012-04-12 06:52:19 ----D---- C:\Windows\SYSWOW64\migration

2012-04-12 06:52:19 ----D---- C:\Program Files\Internet Explorer

2012-04-12 06:52:19 ----D---- C:\Program Files (x86)\Internet Explorer

2012-04-12 06:52:18 ----D---- C:\Windows\system32\migration

2012-04-12 06:52:05 ----D---- C:\Config.Msi

2012-04-12 06:28:06 ----D---- C:\ProgramData\Microsoft Help

2012-04-12 06:27:24 ----D---- C:\Windows\system32\catroot

2012-04-04 23:35:11 ----D---- C:\Windows\Prefetch

2012-04-01 22:09:57 ----D---- C:\Windows\system32\Tasks

2012-04-01 21:38:24 ----D---- C:\Program Files (x86)\iTunes

2012-04-01 21:34:06 ----D---- C:\Windows\system32\DriverStore

2012-04-01 03:59:48 ----D---- C:\Windows\SYSWOW64\en-US

2012-04-01 03:59:45 ----D---- C:\Windows\system32\en-US

2012-04-01 03:59:45 ----D---- C:\Windows\PolicyDefinitions

2012-04-01 03:44:03 ----D---- C:\Windows\Logs

2012-03-30 07:28:21 ----D---- C:\Users\Nicole\AppData\Roaming\Spotify

2012-03-30 05:41:35 ----D---- C:\Program Files (x86)\Spotify

2012-03-26 22:36:24 ----D---- C:\Windows\SYSWOW64\wbem

2012-03-26 22:36:19 ----D---- C:\Windows\system32\wfp

2012-03-26 22:36:19 ----D---- C:\Windows\system32\wbem

2012-03-26 22:36:13 ----D---- C:\Program Files (x86)\SMINST

2012-03-26 22:33:08 ----D---- C:\Windows\ehome

2012-03-26 22:33:04 ----RSD---- C:\Windows\Media

2012-03-26 22:33:04 ----D---- C:\Program Files\Windows Sidebar

2012-03-26 22:33:04 ----D---- C:\Program Files (x86)\Windows Sidebar

2012-03-26 22:33:04 ----D---- C:\Program Files (x86)\Windows Portable Devices

2012-03-26 22:30:34 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%

2012-03-26 22:30:27 ----D---- C:\Windows\system32\CodeIntegrity

2012-03-26 22:30:02 ----D---- C:\Users\Nicole\AppData\Roaming\NCH Software

2012-03-26 22:30:02 ----D---- C:\Users\Nicole\AppData\Roaming\Move Networks

2012-03-26 22:30:01 ----D---- C:\Users\Nicole\AppData\Roaming\Google

2012-03-26 22:30:01 ----D---- C:\Users\Nicole\AppData\Roaming\CyberLink

2012-03-26 22:30:01 ----D---- C:\Users\Nicole\AppData\Roaming\Azureus

2012-03-26 22:30:00 ----D---- C:\Users\Nicole\AppData\Roaming\AVG10

2012-03-26 22:29:53 ----D---- C:\System.sav

2012-03-26 22:29:53 ----D---- C:\SWSetup

2012-03-26 22:29:32 ----D---- C:\ProgramData\Yahoo! Companion

2012-03-26 22:29:32 ----D---- C:\ProgramData\Yahoo!

2012-03-26 22:29:32 ----D---- C:\ProgramData\WildTangent

2012-03-26 22:29:32 ----D---- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

2012-03-26 22:29:32 ----AD---- C:\ProgramData\Temp

2012-03-26 22:29:31 ----SD---- C:\ProgramData\Microsoft

2012-03-26 22:29:31 ----D---- C:\ProgramData\Skype

2012-03-26 22:29:27 ----D---- C:\ProgramData\Hewlett-Packard

2012-03-26 22:29:27 ----D---- C:\ProgramData\CyberLink

2012-03-26 22:29:26 ----D---- C:\ProgramData\Apple

2012-03-26 22:29:13 ----D---- C:\Program Files\Synaptics

2012-03-26 22:29:13 ----D---- C:\Program Files\Microsoft Games

2012-03-26 22:29:11 ----D---- C:\Program Files\IDT

2012-03-26 22:29:11 ----D---- C:\Program Files\Hewlett-Packard

2012-03-26 22:29:11 ----D---- C:\Program Files\DIFX

2012-03-26 22:29:11 ----D---- C:\Program Files\Common Files\Microsoft Shared

2012-03-26 22:29:10 ----D---- C:\Program Files\Common Files\Apple

2012-03-26 22:29:10 ----D---- C:\Program Files\Bonjour

2012-03-26 22:29:09 ----D---- C:\Program Files\AWS

2012-03-26 22:29:09 ----D---- C:\Program Files (x86)\Yahoo!

2012-03-26 22:29:09 ----D---- C:\Program Files (x86)\WinZip

2012-03-26 22:29:08 ----D---- C:\Program Files (x86)\WinRAR

2012-03-26 22:29:07 ----D---- C:\Program Files (x86)\Windows Media Player

2012-03-26 22:29:07 ----D---- C:\Program Files (x86)\Windows Live

2012-03-26 22:29:06 ----D---- C:\Program Files (x86)\Windows Live SkyDrive

2012-03-26 22:29:06 ----D---- C:\Program Files (x86)\WildTangent Games

2012-03-26 22:29:05 ----D---- C:\Program Files (x86)\Vuze Trial FileBulldog Toolbar

2012-03-26 22:29:05 ----D---- C:\Program Files (x86)\Vuze

2012-03-26 22:29:03 ----RD---- C:\Program Files (x86)\Skype

2012-03-26 22:29:03 ----D---- C:\Program Files (x86)\Sling Media

2012-03-26 22:29:03 ----D---- C:\Program Files (x86)\QuickTime

2012-03-26 22:29:01 ----RD---- C:\Program Files (x86)\Online Services

2012-03-26 22:29:01 ----D---- C:\Program Files (x86)\NetZeroPreloader

2012-03-26 22:29:00 ----D---- C:\Program Files (x86)\Microsoft.NET

2012-03-26 22:29:00 ----D---- C:\Program Files (x86)\Microsoft Works

2012-03-26 22:29:00 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-03-26 22:29:00 ----D---- C:\Program Files (x86)\Microsoft

2012-03-26 22:28:57 ----D---- C:\Program Files (x86)\MFInstall

2012-03-26 22:28:56 ----D---- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-03-26 22:28:56 ----D---- C:\Program Files (x86)\JunoPreloader

2012-03-26 22:28:54 ----D---- C:\Program Files (x86)\iPhone Configuration Utility

2012-03-26 22:28:53 ----D---- C:\Program Files (x86)\InstallShield Installation Information

2012-03-26 22:28:48 ----D---- C:\Program Files (x86)\Hp

2012-03-26 22:28:44 ----D---- C:\Program Files (x86)\HP Games

2012-03-26 22:28:30 ----D---- C:\Program Files (x86)\Hewlett-Packard

2012-03-26 22:27:59 ----D---- C:\Program Files (x86)\Garmin

2012-03-26 22:27:44 ----D---- C:\Program Files (x86)\CyberLink

2012-03-26 22:27:30 ----D---- C:\Program Files (x86)\ComcastAccess

2012-03-26 22:27:30 ----D---- C:\Program Files (x86)\Bonjour

2012-03-26 22:27:30 ----D---- C:\Program Files (x86)\Apple Software Update

2012-03-26 22:27:28 ----D---- C:\Program Files (x86)\AIM

2012-03-26 22:27:27 ----D---- C:\Program Files (x86)\AIM Toolbar

2012-03-26 22:27:26 ----D---- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites

2012-03-26 22:27:25 ----D---- C:\HP

2012-03-26 22:19:31 ----D---- C:\Windows\registration

2012-03-26 22:15:21 ----D---- C:\Windows\Web

2012-03-26 22:15:21 ----D---- C:\Windows\Vss

2012-03-26 22:15:19 ----D---- C:\Windows\SYSWOW64\winrm

2012-03-26 22:15:18 ----D---- C:\Windows\SYSWOW64\WindowsPowerShell

2012-03-26 22:15:17 ----D---- C:\Windows\SYSWOW64\wdi

2012-03-26 22:15:17 ----D---- C:\Windows\SYSWOW64\WCN

2012-03-26 22:15:14 ----D---- C:\Windows\SYSWOW64\spp

2012-03-26 22:15:14 ----D---- C:\Windows\SYSWOW64\Speech

2012-03-26 22:15:14 ----D---- C:\Windows\SYSWOW64\slmgr

2012-03-26 22:15:11 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts

2012-03-26 22:15:07 ----D---- C:\Windows\SYSWOW64\MUI

2012-03-26 22:15:03 ----D---- C:\Windows\SYSWOW64\migwiz

2012-03-26 22:15:03 ----D---- C:\Windows\SYSWOW64\Macromed

2012-03-26 22:15:02 ----D---- C:\Windows\SYSWOW64\Lang

2012-03-26 22:15:01 ----D---- C:\Windows\SYSWOW64\InstallShield

2012-03-26 22:15:00 ----D---- C:\Windows\SYSWOW64\IME

2012-03-26 22:14:57 ----D---- C:\Windows\SYSWOW64\HPMDP

2012-03-26 22:14:50 ----D---- C:\Windows\SYSWOW64\DriverStore

2012-03-26 22:14:50 ----D---- C:\Windows\SYSWOW64\Dism

2012-03-26 22:10:21 ----D---- C:\Windows\SYSWOW64\com

2012-03-26 22:10:15 ----D---- C:\Windows\system32\winrm

2012-03-26 22:10:15 ----D---- C:\Windows\system32\WindowsPowerShell

2012-03-26 22:10:14 ----D---- C:\Windows\system32\WinBioPlugIns

2012-03-26 22:10:13 ----D---- C:\Windows\system32\WCN

2012-03-26 22:10:08 ----D---- C:\Windows\system32\sysprep

2012-03-26 22:10:06 ----D---- C:\Windows\system32\SRSLabs

2012-03-26 22:10:05 ----D---- C:\Windows\system32\spp

2012-03-26 22:10:05 ----D---- C:\Windows\system32\spool

2012-03-26 22:10:05 ----D---- C:\Windows\system32\Speech

2012-03-26 22:10:05 ----D---- C:\Windows\system32\SMI

2012-03-26 22:10:05 ----D---- C:\Windows\system32\slmgr

2012-03-26 22:10:01 ----D---- C:\Windows\system32\Printing_Admin_Scripts

2012-03-26 22:09:59 ----D---- C:\Windows\system32\oobe

2012-03-26 22:09:55 ----D---- C:\Windows\system32\MUI

2012-03-26 22:09:51 ----SD---- C:\Windows\system32\Microsoft

2012-03-26 22:09:51 ----D---- C:\Windows\system32\migwiz

2012-03-26 22:09:48 ----D---- C:\Windows\system32\IME

2012-03-26 22:09:37 ----DC---- C:\Windows\system32\DRVSTORE

2012-03-26 22:09:32 ----D---- C:\Windows\system32\drivers\UMDF

2012-03-26 22:09:31 ----D---- C:\Windows\system32\Dism

2012-03-26 22:09:29 ----D---- C:\Windows\system32\com

2012-03-26 22:09:26 ----D---- C:\Windows\system32\Boot

2012-03-26 22:09:23 ----D---- C:\Windows\Speech

2012-03-26 22:09:23 ----D---- C:\Windows\Setup

2012-03-26 22:09:23 ----D---- C:\Windows\servicing

2012-03-26 22:09:22 ----D---- C:\Windows\ServiceProfiles

2012-03-26 22:09:22 ----D---- C:\Windows\security

2012-03-26 22:09:22 ----D---- C:\Windows\schemas

2012-03-26 22:09:22 ----D---- C:\Windows\Resources

2012-03-26 22:09:22 ----D---- C:\Windows\rescache

2012-03-26 22:09:21 ----D---- C:\Windows\PLA

2012-03-26 22:09:21 ----D---- C:\Windows\Performance

2012-03-26 22:08:18 ----D---- C:\Windows\IME

2012-03-26 22:08:18 ----D---- C:\Windows\Help

2012-03-26 22:08:12 ----D---- C:\Windows\Globalization

2012-03-26 22:08:10 ----D---- C:\Windows\Downloaded Installations

2012-03-26 22:08:07 ----D---- C:\Windows\diagnostics

2012-03-26 22:08:06 ----D---- C:\Windows\Branding

2012-03-26 22:08:06 ----D---- C:\Windows\Boot

2012-03-26 22:06:10 ----D---- C:\Windows\AppCompat

2012-03-26 22:06:08 ----RD---- C:\Users

2012-03-26 22:05:50 ----SD---- C:\Users\Nicole\AppData\Roaming\Microsoft

2012-03-26 22:05:48 ----D---- C:\Users\Nicole\AppData\Roaming\Macromedia

2012-03-26 22:02:52 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-03-26 22:01:02 ----D---- C:\ProgramData\STOPzilla!

2012-03-26 22:00:56 ----D---- C:\ProgramData\Skype Extras

2012-03-26 22:00:35 ----D---- C:\ProgramData\MFAData

2012-03-26 22:00:34 ----D---- C:\ProgramData\Malwarebytes

2012-03-26 22:00:12 ----D---- C:\ProgramData\Apple Computer

2012-03-26 22:00:11 ----D---- C:\ProgramData\AIM Toolbar

2012-03-26 22:00:08 ----D---- C:\ProgramData\Adobe

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows Photo Viewer

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows NT

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows Media Player

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows Mail

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows Journal

2012-03-26 21:59:30 ----D---- C:\Program Files\Windows Defender

2012-03-26 21:59:28 ----D---- C:\Program Files\Reference Assemblies

2012-03-26 21:59:28 ----D---- C:\Program Files\MSBuild

2012-03-26 21:59:28 ----D---- C:\Program Files\Microsoft Office

2012-03-26 21:59:05 ----D---- C:\Program Files\DVD Maker

2012-03-26 21:59:05 ----D---- C:\Program Files\Common Files\System

2012-03-26 21:59:05 ----D---- C:\Program Files\Common Files\SpeechEngines

2012-03-26 21:58:58 ----D---- C:\Program Files\Broadcom

2012-03-26 21:58:38 ----D---- C:\Program Files (x86)\Windows Photo Viewer

2012-03-26 21:58:38 ----D---- C:\Program Files (x86)\Windows NT

2012-03-26 21:58:37 ----D---- C:\Program Files (x86)\Windows Mail

2012-03-26 21:58:28 ----D---- C:\Program Files (x86)\Windows Defender

2012-03-26 21:58:14 ----D---- C:\Program Files (x86)\Reference Assemblies

2012-03-26 21:58:14 ----D---- C:\Program Files (x86)\Realtek

2012-03-26 21:58:00 ----D---- C:\Program Files (x86)\NCH Swift Sound

2012-03-26 21:57:54 ----D---- C:\Program Files (x86)\muvee Technologies

2012-03-26 21:57:54 ----D---- C:\Program Files (x86)\MSN

2012-03-26 21:57:54 ----D---- C:\Program Files (x86)\MSBuild

2012-03-26 21:57:53 ----D---- C:\Program Files (x86)\Microsoft WSE

2012-03-26 21:57:46 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-03-26 21:57:16 ----D---- C:\Program Files (x86)\Microsoft Office

2012-03-26 21:57:06 ----D---- C:\Program Files (x86)\Java

2012-03-26 21:53:25 ----D---- C:\Program Files (x86)\Google

2012-03-26 21:50:48 ----D---- C:\Program Files (x86)\AVG

2012-03-26 21:50:41 ----D---- C:\Program Files (x86)\Ancestry

2012-03-26 21:50:24 ----D---- C:\Program Files (x86)\Adobe

2012-03-25 14:31:18 ----D---- C:\ProgramData\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2008-03-27 26984]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 214096]

R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 40296]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-08-24 1526776]

R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-09-04 64000]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 18432]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2008-08-06 174592]

R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [2008-09-19 68096]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-07-24 250928]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:12:36]; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]

S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-21 126464]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]

S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2008-10-26 469504]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\AESTSr64.exe [2008-06-27 89088]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 136176]

S2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

S2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 23040]

S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]

S2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [2008-12-17 365952]

S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]

S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\STacSV64.exe [2008-10-26 279040]

S2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS); C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 136176]

S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-19 1255736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe []

-----------------EOF-----------------

nicolep218 · April 19, 2012

rsit #2

info.txt logfile of random's system information tool 1.09 2012-04-19 12:50:32

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Big City Adventures San Francisco\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Family Feud 3\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\JoJo's Fashion Show\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Tradewinds Legends\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"

-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

Acrobat.com-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex

Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}

Agere Systems HDA Modem-->agrsmdel

AIM 7-->C:\Program Files (x86)\AIM\uninst.exe

AIM Toolbar-->"C:\Program Files (x86)\AIM Toolbar\uninstall.exe"

Ancestry World Archives Project - Keying Tool-->MsiExec.exe /X{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}

Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

Apple Mobile Device Support-->MsiExec.exe /I{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

Comcast Access-->msiexec /qb /x {68D923E0-1244-0F60-6108-2B154B0462D0}

Comcast Access-->MsiExec.exe /I{68D923E0-1244-0F60-6108-2B154B0462D0}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}

Garmin USB Drivers-->MsiExec.exe /X{510D2239-6C2E-457B-9590-485EC552D94D}

Garmin WebUpdater-->MsiExec.exe /X{CCB71FF8-DE82-469C-8641-44378F4443EB}

Google Talk Plugin-->MsiExec.exe /I{5DBC79DA-87D2-376D-A65D-B14097C06C71}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly

HP Common Access Service Library-->MsiExec.exe /I{732A3F80-008B-4350-BD58-EC5AE98707B8}

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly

HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}

HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS

HP MediaSmart SlingPlayer-->"C:\Program Files (x86)\Hewlett-Packard\Media\SlingPlayer\unins000.exe"

HP MediaSmart SmartMenu-->MsiExec.exe /I{F1568AA6-5982-4AFB-A871-C68E4328BC3B}

HP MediaSmart TV-->"C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall

HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z

HP Quick Launch Buttons 6.40 L1-->C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst

HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}

HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95A747E0-DF19-46CB-A622-20A0107201BD}\setup.exe" -l0x9 -removeonly

HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}

HP User Guides 0126-->MsiExec.exe /X{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}

HP Wireless Assistant-->MsiExec.exe /X{E5E29403-3D25-40C6-892B-F9FEE2A95585}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly

Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall

iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}

iPodAid iPod to Computer Transfer 6-->"F:\iPodAid iPod to Computer Transfer\unins000.exe"

iTunes-->MsiExec.exe /I{CF8FFD12-602B-422D-AF1D-511B411E7632}

Java 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}

LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Live Search Toolbar-->MsiExec.exe /X{6A370610-3778-44AF-9AAC-69B2FD1A3356}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729-->MsiExec.exe /X{4FFA2088-8317-3B14-93CD-4C699DB37843}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee Reveal-->MsiExec.exe /X{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}

My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"

NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}

Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

ProtectSmart Hard Drive Protection-->MsiExec.exe /X{2F97CE84-9C33-4631-821B-85EA371EA254}

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly

Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}

Slingbox - Watch Your TV Anywhere-->MsiExec.exe /X{7B798B31-2F33-4DC8-BDA4-D36488E86636}

SlingPlayer-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

SPORE Creature Creator Trial Edition-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"

Spotify-->"C:\Program Files (x86)\Spotify\uninstall.exe"

Switch Sound File Converter-->C:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

Vuze Trial FileBulldog Toolbar-->C:\Program Files (x86)\Vuze Trial FileBulldog Toolbar\UninstallToolbar.exe

Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe

Vuze-->G:\Movies\uninstall.exe

WildTangent Games App (HP Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"

Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\0169CE~1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_amd64_neutral_82d736bafda2506c\enecir.inf

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\048B92BA3327CEF8\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_amd64_neutral_3e4b654f12f06d57\grmnusb.inf

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}

Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

WinZip 15.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}

Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE

Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

176.9.75.3 www.google-analytics.com.

176.9.75.3 ad-emea.doubleclick.net.

176.9.75.3 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

======System event log======

Computer Name: Nicole-PC

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2518865(Security Update) into Install Requested(Install Requested) state

Record Number: 104992

Source Name: Microsoft-Windows-Servicing

Time Written: 20110628092914.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Nicole-PC

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2518865(Security Update) into Install Requested(Install Requested) state

Record Number: 104984

Source Name: Microsoft-Windows-Servicing

Time Written: 20110628092914.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Nicole-PC

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2518865(Security Update) into Install Requested(Install Requested) state

Record Number: 104981

Source Name: Microsoft-Windows-Servicing

Time Written: 20110628092914.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Nicole-PC

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2518865(Security Update) into Install Requested(Install Requested) state

Record Number: 104979

Source Name: Microsoft-Windows-Servicing

Time Written: 20110628092914.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Nicole-PC

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2518865(Security Update) into Install Requested(Install Requested) state

Record Number: 104975

Source Name: Microsoft-Windows-Servicing

Time Written: 20110628092914.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Nicole-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 2023801

Record Number: 637942

Source Name: Bonjour Service

Time Written: 20110815035137.000000-000

Event Type: Error

User:

Computer Name: Nicole-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 637941

Source Name: Bonjour Service

Time Written: 20110815035137.000000-000

Event Type: Error

User:

Computer Name: Nicole-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 2022787

Record Number: 637940

Source Name: Bonjour Service

Time Written: 20110815035136.000000-000

Event Type: Error

User:

Computer Name: Nicole-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 2022787

Record Number: 637939

Source Name: Bonjour Service

Time Written: 20110815035136.000000-000

Event Type: Error

User:

Computer Name: Nicole-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 637938

Source Name: Bonjour Service

Time Written: 20110815035136.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Nicole-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: NICOLE-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x28c

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 19503

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110225125242.903001-000

Event Type: Audit Success

User:

Computer Name: Nicole-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: NICOLE-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x28c

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 19502

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110225125242.903001-000

Event Type: Audit Success

User:

Computer Name: Nicole-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Privileges: SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeImpersonatePrivilege

Record Number: 19501

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110225125240.469385-000