Repeat infection/post ZeroAccess/BITS & failing windows updates

[paphofo]

I recently had an infection with a trojan and used this forum to clean my computer. But now it seems I'm reinfected. I'm hoping you can help me out. Thank you in advance for your help.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Greg at 19:46:39 on 2012-08-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6073 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Users\Greg\AppData\Local\Temp\pckda.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\gPadServer\gPadServer.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Greg\AppData\Local\Temp\pckda.exe

C:\Users\Greg\AppData\Local\Temp\pckda.exe

C:\Users\Greg\AppData\Local\Temp\pckda.exe

C:\Users\Greg\AppData\Local\Temp\pckda.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.creighton.edu/students/

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GPADSE~1.LNK - C:\Program Files (x86)\gPadServer\gPadServer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\0586F656E69687 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\2516D626C65627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\26C6575602C696E656 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\342716E67756C6C6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C2C1BA8E-C66C-4AD1-95F7-33459BE7D32C}\46F6E64747F6573686D69727F657475627C616272797 : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO-X64: Lync add-on BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default\

FF - prefs.js: browser.startup.homepage - www.dyingscene.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-3-22 1136128]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-2-23 134928]

R2 fromlrzjla;vxrgzyjlhb;C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc --> C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]

S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-09 01:45:54 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iTunes

2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iPod

2012-08-02 01:20:21 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-23 13:49:48 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-11 06:42:27 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 04:34:06 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 04:34:06 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 04:34:06 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 04:34:06 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 04:34:06 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 04:34:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

==================== Find3M ====================

.

2012-08-09 08:10:20 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-08-04 01:31:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-04 01:31:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 19:47:58.03 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/9/2011 4:44:52 PM

System Uptime: 8/9/2012 6:18:11 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | U46E

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU 1 | 989/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 145.768 GiB free.

D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP118: 7/9/2012 10:46:32 PM - Scheduled Checkpoint

RP119: 7/10/2012 11:37:19 PM - Windows Update

RP120: 7/18/2012 12:22:01 PM - Scheduled Checkpoint

RP121: 7/19/2012 11:43:13 AM - OTL Restore Point - 7/19/2012 11:43:13 AM

RP122: 7/28/2012 8:31:00 PM - Scheduled Checkpoint

RP123: 8/5/2012 11:35:10 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIO_Scan

Alcor Micro USB Card Reader

Amazon MP3 Downloader 1.0.15

Amazon MP3 Uploader

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS U Series ScreenSaver

ASUS Virtual Camera

ASUS WebStorage

AsusVibe2.0

ATK Package

BufferChm

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

Copy

CustomerResearchQFolder

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Destinations

DeviceManagementQFolder

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

Dropbox

eSupportQFolder

F4100

F4100_Help

Free Mp3 Wma Converter V 2.2

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

gPad Server 2.0 2.0.0

HP Photosmart Essential

HP Update

HPProductAssistant

HPSSupply

Intel PROSet Wireless

Intel® Control Center

Intel® Processor Graphics

Intel® WiDi

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Mesh Runtime

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nuance PDF Reader

QuickTime

Realtek High Definition Audio Driver

Scan

SceneSwitch

Secure Download Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Service Pack 1 for SQL Server 2008 (KB968369)

SolutionCenter

Songbird 1.10.2 (Build 2199)

Sonic Focus

Sql Server Customer Experience Improvement Program

Status

syncables desktop SE

Toolbox

TrayApp

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WebReg

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinFlash

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 7:07:58 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/9/2012 7:07:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/8/2012 6:46:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/8/2012 6:46:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/8/2012 6:46:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/8/2012 6:43:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 6:42:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/8/2012 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/8/2012 6:42:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/8/2012 6:42:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/8/2012 6:42:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 6:42:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/5/2012 11:00:46 PM, Error: Service Control Manager [7030] - The vxrgzyjlhb service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/5/2012 1:13:47 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

8/5/2012 1:13:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

.

==== End Of File ===========================

[Maurice Naggar]

Hello paphofo,

Please only follow my guidance.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
   
2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
   On Windows 7, press Windows-key, then start typing in text box

Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]

Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b]
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

[paphofo]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Greg :: BOB [administrator]

8/13/2012 7:35:52 PM

mbam-log-2012-08-13 (19-35-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198040

Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5584 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

[Maurice Naggar]

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

[paphofo]

Let's try and clean it for now. Is there anyway it would be possible to backup files changed since my last backup before reformatting, or is that not an option?

[Maurice Naggar]

Q:

Is there anyway it would be possible to backup files changed since my last backup before reformatting, or is that not an option?

Just when was your last backup ?

You'd need to do backup on your own of the files, documents you wanted to prevserve by copying them to offline media.

Proceeding with cleaning attempt, let's do this

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member paphofo only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[paphofo]

Q:

Just when was your last backup ?

You'd need to do backup on your own of the files, documents you wanted to prevserve by copying them to offline media.

It was multiple months ago. If I were to plug my external hard drive in and transfer only files like documents, music, pictures, and videos, would I be at risk of infecting my external hard drive and reinfecting my computer after reformatting?

I tried running combofix, but about 30 second in to the process, my computer displayed a blue screen saying that an error had occurred. My computer then restarted with no combofix.txt document on reboot. Would you like me to try running it again, or is there an alternative?

[Maurice Naggar]

a) If you were to copy/backup any files and then, after reformatting and installing Windows anew..... before copying back the files, one would have to 1st scan each of those files with antivirus & antimalware programs.....before putting them back or opening/using those files.

b) anytime you get a BSOD .....while we are in this Help thread .... you need to write down the BSOD STOP code and report that to me in a reply.

c) Restart the pc fresh .....do that first

d) turn off your Antivirus program

e) Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  Link 2
  Link 3
  Link 4
  
• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• If the tool does not run from any of the links provided, please let me know.
  
• If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  
• If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
  

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

f) start Combofix and run it like I outlined before

[paphofo]

a) What antivirus/antimalware programs would you recommend scanning the files with before transfer.

b-f) I ran rkill, and below is the .txt document. However, when I ran combofix again, I received a popup that said combofix needed an update. No matter what I clicked, I received another BSOD :-( I tried frantically to write down the stop code. What I got was 0x0000001E (0xFFFF....C....). I hope that can help some. I did not try iexplore.exe or any other rkill links because it ran successfully. Please let me know what I can do.

Rkill 2.2.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/16/2012 08:26:17 PM in x64 mode.

Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 2064) [uP-HEUR]

* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3296) [WD-HEUR]

* C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 4928) [uP-HEUR]

* C:\Users\Greg\AppData\Local\Temp\pckda.exe (PID: 5476) [uP-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks.

* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]

* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* BITS [Missing Service]

* CscService [Missing Service]

* iphlpsvc [Missing Service]

* MpsSvc [Missing Service]

* PeerDistSvc [Missing Service]

* UmRdpService [Missing Service]

* WinDefend [Missing Service]

* wscsvc [Missing Service]

* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]

+-> C:\Windows\erdnt\cache64\Services.exe : 328,704 : 07/13/2009 06:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl]

+-> C:\Windows\system64\services.exe : 328,704 : 07/13/2009 06:39 PM : 014a9cb92514e27c0107614df764bc06 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 06:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl]

Program finished at: 08/16/2012 08:28:03 PM

Execution time: 0 hours(s), 1 minute(s), and 46 seconds(s)

[Maurice Naggar]

On point a).... look, save any personal files that you have not already saved to offline media. Much later on, you can scan with your updated & functional (once all is ready) with your antivirus and or with several online scanners.

For now, concentrate on getting this system operational again, if possible. Unless you have decided to wipe/pave the HDD and start from scratch.

To continue attempt at cleanup/removal, do the following:

We Need to Run a Batch Script

1. Press the Windows-key on keyboard.
   
2. In the box, type notepad and press Enter.
   
3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
   

   del /f /q C:\Users\Greg\AppData\Local\Temp\pckda.exe
   del /f /q c:\windows\assembly\gac_32\desktop.ini
   del /f /q c:\windows\assembly\gac_64\desktop.ini
   del /f /q "%~f0"

   
   

4. Select File -> Save AS.
   
5. Press the Desktop button on the left side of the save dialog.
   
6. In the box, type in Fix.bat.
   
7. Press .
   
8. Close Notepad.
   
9. Right click on your desktop, and choose .
   
10. Press Yes if prompted by User Account Control.
    

Step 2

• For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
  
• For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Step 3

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• Startup Repair
  System Restore
  Windows Complete
  PC Restore Windows
  Memory Diagnostic Tool
  Command Prompt

• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  

Note: There will be lots and lots more to do later.

Edited August 17, 2012 by Maurice Naggar

[paphofo]

Scan result of Farbar Recovery Scan Tool Version: 18-08-2012

Ran by SYSTEM at 18-08-2012 10:28:26

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-09] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-09] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-09] (Intel Corporation)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2264168 2011-07-13] (Realtek Semiconductor)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation)

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-03-30] (Intel Corporation)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-18] ()

HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)

HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [43008 2011-04-08] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Greg\...\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe [266240 2012-01-19] ()

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Greg\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

Startup: C:\Users\Greg\Start Menu\Programs\Startup\gPadServer.lnk

ShortcutTarget: gPadServer.lnk -> C:\Program Files (x86)\gPadServer\gPadServer.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)

2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

2 BcmSqlStartupSvc; "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [34216 2010-03-25] (Microsoft Corporation)

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [923984 2011-03-30] (Intel Corporation)

3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1321296 2011-03-30] (Intel Corporation)

2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-03-30] (Intel Corporation)

2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-02-23] (Intel® Corporation)

2 fromlrzjla; C:\Users\Greg\AppData\Local\Temp\pckda.exe -svc [192000 2012-08-05] ()

3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-30] (Microsoft Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-30] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)

0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)

1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)

3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)

3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2012-01-19] (GEAR Software Inc.)

3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-03-22] (Intel Corporation)

3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()

3 BFE; . [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-18 10:28 - 2012-08-18 10:28 - 00000000 ____D C:\FRST

2012-08-16 19:42 - 2012-08-16 19:42 - 00262144 ____A C:\Windows\Minidump\081612-25178-01.dmp

2012-08-16 19:33 - 2012-08-16 19:33 - 00262144 ____A C:\Windows\Minidump\081612-26473-01.dmp

2012-08-16 19:30 - 2012-08-16 19:30 - 00262144 ____A C:\Windows\Minidump\081612-35412-01.dmp

2012-08-16 19:26 - 2012-08-16 19:28 - 00004580 ____A C:\Users\Greg\Desktop\Rkill.txt

2012-08-16 19:25 - 2012-08-16 19:25 - 01543584 ____A (Bleeping Computer, LLC) C:\Users\Greg\Desktop\rkill.com

2012-08-15 17:09 - 2012-08-15 17:09 - 00262144 ____A C:\Windows\Minidump\081512-21340-01.dmp

2012-08-15 17:08 - 2012-08-16 19:42 - 00000000 ___SD C:\32788R22FWJFW

2012-08-15 17:08 - 2012-08-16 19:39 - 00000000 ____D C:\Qoobox

2012-08-15 17:07 - 2012-08-15 17:08 - 00001453 ____A C:\Users\Greg\Desktop\ComboFix.exe - Shortcut.lnk

2012-08-15 17:06 - 2012-08-16 19:39 - 04731953 ____R (Swearware) C:\Users\Greg\Downloads\ComboFix.exe

2012-08-15 16:24 - 2012-08-15 16:24 - 00003480 ____N C:\bootsqm.dat

2012-08-15 16:21 - 2012-08-15 16:21 - 00000000 __SHD C:\found.000

2012-08-14 19:14 - 2012-08-18 09:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-14 19:14 - 2012-08-14 19:14 - 00002116 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-14 03:01 - 2012-08-16 19:42 - 674228864 ____A C:\Windows\MEMORY.DMP

2012-08-14 03:01 - 2012-08-16 19:42 - 00000000 ____D C:\Windows\Minidump

2012-08-14 03:01 - 2012-08-14 03:01 - 00262144 ____A C:\Windows\Minidump\081412-23056-01.dmp

2012-08-13 18:44 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-13 18:25 - 2012-08-13 18:25 - 00000930 ____A C:\Users\Greg\Desktop\NTREGOPT.lnk

2012-08-13 18:25 - 2012-08-13 18:25 - 00000911 ____A C:\Users\Greg\Desktop\ERUNT.lnk

2012-08-13 18:25 - 2012-08-13 18:25 - 00000000 ____D C:\Program Files (x86)\ERUNT

2012-08-13 18:24 - 2012-08-13 18:24 - 00791393 ____A (Lars Hederer ) C:\Users\Greg\Downloads\erunt-setup.exe

2012-08-09 18:48 - 2012-08-09 18:48 - 00027454 ____A C:\Users\Greg\Desktop\DDS.txt

2012-08-09 18:48 - 2012-08-09 18:48 - 00011453 ____A C:\Users\Greg\Desktop\Attach.txt

2012-08-09 18:44 - 2012-08-09 18:44 - 00607260 ____R (Swearware) C:\Users\Greg\Desktop\dds.scr

2012-08-01 17:20 - 2012-08-01 17:20 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files\iTunes

2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files\iPod

2012-08-01 17:20 - 2012-08-01 17:20 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-08-01 17:16 - 2012-08-01 17:17 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-07-19 15:44 - 2012-07-19 15:44 - 00000673 ____A C:\Users\Greg\Greg - Shortcut.lnk

2012-07-19 13:36 - 2012-08-15 17:08 - 00000000 ____D C:\Windows\erdnt

============ 3 Months Modified Files ========================

2012-08-18 09:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-18 09:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-18 09:16 - 2012-08-14 19:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-18 09:15 - 2009-07-13 20:51 - 00156373 ____A C:\Windows\setupact.log

2012-08-17 23:32 - 2011-07-15 17:45 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2012-08-17 23:32 - 2009-07-13 21:13 - 00837322 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-16 19:42 - 2012-08-16 19:42 - 00262144 ____A C:\Windows\Minidump\081612-25178-01.dmp

2012-08-16 19:42 - 2012-08-14 03:01 - 674228864 ____A C:\Windows\MEMORY.DMP

2012-08-16 19:39 - 2012-08-15 17:06 - 04731953 ____R (Swearware) C:\Users\Greg\Downloads\ComboFix.exe

2012-08-16 19:33 - 2012-08-16 19:33 - 00262144 ____A C:\Windows\Minidump\081612-26473-01.dmp

2012-08-16 19:30 - 2012-08-16 19:30 - 00262144 ____A C:\Windows\Minidump\081612-35412-01.dmp

2012-08-16 19:28 - 2012-08-16 19:26 - 00004580 ____A C:\Users\Greg\Desktop\Rkill.txt

2012-08-16 19:25 - 2012-08-16 19:25 - 01543584 ____A (Bleeping Computer, LLC) C:\Users\Greg\Desktop\rkill.com

2012-08-15 17:09 - 2012-08-15 17:09 - 00262144 ____A C:\Windows\Minidump\081512-21340-01.dmp

2012-08-15 17:08 - 2012-08-15 17:07 - 00001453 ____A C:\Users\Greg\Desktop\ComboFix.exe - Shortcut.lnk

2012-08-15 16:24 - 2012-08-15 16:24 - 00003480 ____N C:\bootsqm.dat

2012-08-14 20:35 - 2012-04-12 13:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-14 20:35 - 2011-10-10 16:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-14 19:14 - 2012-08-14 19:14 - 00002116 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-14 03:01 - 2012-08-14 03:01 - 00262144 ____A C:\Windows\Minidump\081412-23056-01.dmp

2012-08-13 18:44 - 2011-07-15 17:43 - 00002246 ____A C:\Windows\System32\AutoRunFilter.ini

2012-08-13 18:43 - 2011-04-01 20:17 - 00347586 ____A C:\Windows\PFRO.log

2012-08-13 18:25 - 2012-08-13 18:25 - 00000930 ____A C:\Users\Greg\Desktop\NTREGOPT.lnk

2012-08-13 18:25 - 2012-08-13 18:25 - 00000911 ____A C:\Users\Greg\Desktop\ERUNT.lnk

2012-08-13 18:24 - 2012-08-13 18:24 - 00791393 ____A (Lars Hederer ) C:\Users\Greg\Downloads\erunt-setup.exe

2012-08-09 18:48 - 2012-08-09 18:48 - 00027454 ____A C:\Users\Greg\Desktop\DDS.txt

2012-08-09 18:48 - 2012-08-09 18:48 - 00011453 ____A C:\Users\Greg\Desktop\Attach.txt

2012-08-09 18:44 - 2012-08-09 18:44 - 00607260 ____R (Swearware) C:\Users\Greg\Desktop\dds.scr

2012-08-08 17:48 - 2011-10-09 17:38 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-08 17:47 - 2011-07-15 17:43 - 00001479 ____A C:\Windows\System32\ServiceFilter.ini

2012-08-08 17:38 - 2011-07-15 17:24 - 01634287 ____A C:\Windows\WindowsUpdate.log

2012-08-01 17:20 - 2012-08-01 17:20 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-07-23 05:49 - 2011-10-09 15:45 - 00110016 ____A C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-23 05:49 - 2009-07-13 20:45 - 00418712 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-19 15:44 - 2012-07-19 15:44 - 00000673 ____A C:\Users\Greg\Greg - Shortcut.lnk

2012-07-19 13:46 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-07-14 15:49 - 2012-02-16 09:55 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-10 22:39 - 2011-10-11 09:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 12:46 - 2011-10-09 17:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-27 22:48 - 2012-06-27 22:48 - 00003059 ____A C:\Users\Greg\Desktop\M3.lnk

2012-06-18 10:03 - 2012-01-11 11:18 - 00001017 ____A C:\Users\Greg\Desktop\Dropbox.lnk

2012-06-11 19:08 - 2012-07-10 22:42 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-10 20:34 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 20:34 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-10 20:34 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 20:34 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 20:33 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 20:34 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 20:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 20:33 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-26 15:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-26 15:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-26 15:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-26 15:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-26 15:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:19 - 2012-06-26 15:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:15 - 2012-06-26 15:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-26 15:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-26 15:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-10 22:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-10 22:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-10 22:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-10 22:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-10 22:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-10 22:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-10 22:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-10 22:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-10 22:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-10 22:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-10 22:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-10 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-10 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-10 22:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-10 22:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-10 22:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-10 22:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-10 22:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-10 22:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-10 22:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-10 22:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 22:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 22:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-10 22:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-10 22:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 22:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-10 20:33 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 20:33 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 20:33 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 20:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 20:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 20:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 20:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 20:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 20:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

ZeroAccess:

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\201d3dde

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@

ZeroAccess:

C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}

C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L

C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8102.76 MB

Available physical RAM: 7342.96 MB

Total Pagefile: 8100.91 MB

Available Pagefile: 7337.87 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (Piddle) (Fixed) (Total:279.45 GB) (Free:152.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.08 GB) NTFS

4 Drive f: (FLASH CU) (Removable) (Total:0.25 GB) (Free:0.24 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 1024 KB

Disk 1 Online 252 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 25 GB 1024 KB

Partition 2 Primary 279 GB 25 GB

Partition 0 Extended 394 GB 304 GB

Partition 3 Logical 394 GB 304 GB

==================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C Piddle NTFS Partition 279 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D DATA NTFS Partition 394 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 252 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FLASH CU FAT Removable 252 MB Healthy

==================================================================================

Last Boot: 2012-08-08 16:51

======================= End Of Log ==========================

[Maurice Naggar]

Hello paphofo.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member paphofo only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Remove any CD, DVD, or USB-flash-thumb drive from pc. Disconnect any external drives.

RESTART the pc & Windows fresh into normal mode.

Step 1

We Need to Run a Batch Script

1. Press the Windows-key on keyboard.
   
2. In the box, type notepad and press Enter.
   
3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
   

   sc stop Setwallpaper
   sc stop fromlrzjla
   sc delete Setwallpaper
   sc delete fromlrzjla
   del /f /q C:\Users\Greg\AppData\Local\Temp\pckda.exe
   del /f /q C:\Windows\assembly\GAC_32\Desktop.ini
   del /f /q C:\Windows\assembly\GAC_64\Desktop.ini
   rd /s /q C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@
   rd /s /q C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L
   rd /s /q C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n
   rd /s /q C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U
   rd /s /q C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}
   rd /s /q C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L
   rd /s /q C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U
   rd /s /q C:\Users\Greg\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}
   del /f /q "%~f0"

   
   

4. Select File -> Save AS.
   
5. Press the Desktop button on the left side of the save dialog.
   
6. In the box, type in Fix.bat.
   
7. Press .
   
8. Close Notepad.
   
9. Right click on your desktop, and choose .
   
10. Press Yes if prompted by User Account Control.
    

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[paphofo]

I'm sorry, but again while running combofix, I got a BSOD the stop code I received this time was 0x000000F7(....) I can repeat the process to get the rest of the stop code if you need. While combofix was running a window came up with a blue and a red progress bars.The screen went blank and the BSOD came up four about 5 seconds before the computer restarted.

[Maurice Naggar]

Restart the system fresh, one time.

Then look for C:\Combofix.txt

If there, Copy all and paste into a reply.

Step 2

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSITx64.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt

Edited August 20, 2012 by Maurice Naggar
add TDSSKILLER

[paphofo]

18:19:49.0935 5468 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

18:19:50.0501 5468 ============================================================

18:19:50.0501 5468 Current date / time: 2012/08/20 18:19:50.0501

18:19:50.0502 5468 SystemInfo:

18:19:50.0502 5468

18:19:50.0502 5468 OS Version: 6.1.7601 ServicePack: 1.0

18:19:50.0502 5468 Product type: Workstation

18:19:50.0502 5468 ComputerName: BOB

18:19:50.0502 5468 UserName: Greg

18:19:50.0502 5468 Windows directory: C:\Windows

18:19:50.0502 5468 System windows directory: C:\Windows

18:19:50.0502 5468 Running under WOW64

18:19:50.0502 5468 Processor architecture: Intel x64

18:19:50.0502 5468 Number of processors: 4

18:19:50.0502 5468 Page size: 0x1000

18:19:50.0502 5468 Boot type: Normal boot

18:19:50.0502 5468 ============================================================

18:19:52.0528 5468 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:19:52.0546 5468 ============================================================

18:19:52.0546 5468 \Device\Harddisk0\DR0:

18:19:52.0546 5468 MBR partitions:

18:19:52.0546 5468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800

18:19:52.0577 5468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9800, BlocksNum 0x3145C000

18:19:52.0577 5468 ============================================================

18:19:52.0665 5468 C: <-> \Device\Harddisk0\DR0\Partition1

18:19:52.0774 5468 D: <-> \Device\Harddisk0\DR0\Partition2

18:19:52.0774 5468 ============================================================

18:19:52.0774 5468 Initialize success

18:19:52.0774 5468 ============================================================

18:19:55.0799 1436 ============================================================

18:19:55.0799 1436 Scan started

18:19:55.0799 1436 Mode: Manual;

18:19:55.0799 1436 ============================================================

18:19:59.0648 1436 ================ Scan system memory ========================

18:19:59.0648 1436 System memory - ok

18:19:59.0648 1436 ================ Scan services =============================

18:20:00.0328 1436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:20:00.0332 1436 1394ohci - ok

18:20:00.0369 1436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:20:00.0375 1436 ACPI - ok

18:20:00.0399 1436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:20:00.0401 1436 AcpiPmi - ok

18:20:00.0508 1436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:20:00.0511 1436 AdobeARMservice - ok

18:20:00.0641 1436 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:20:00.0645 1436 AdobeFlashPlayerUpdateSvc - ok

18:20:00.0710 1436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

18:20:00.0720 1436 adp94xx - ok

18:20:00.0736 1436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

18:20:00.0745 1436 adpahci - ok

18:20:00.0754 1436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

18:20:00.0758 1436 adpu320 - ok

18:20:00.0784 1436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:20:00.0786 1436 AeLookupSvc - ok

18:20:00.0824 1436 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe

18:20:00.0832 1436 AFBAgent - ok

18:20:00.0879 1436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:20:00.0888 1436 AFD - ok

18:20:00.0914 1436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:20:00.0916 1436 agp440 - ok

18:20:00.0946 1436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:20:00.0949 1436 ALG - ok

18:20:00.0970 1436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:20:00.0971 1436 aliide - ok

18:20:00.0978 1436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:20:00.0979 1436 amdide - ok

18:20:01.0002 1436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

18:20:01.0005 1436 AmdK8 - ok

18:20:01.0013 1436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

18:20:01.0015 1436 AmdPPM - ok

18:20:01.0046 1436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:20:01.0049 1436 amdsata - ok

18:20:01.0062 1436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

18:20:01.0066 1436 amdsbs - ok

18:20:01.0079 1436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:20:01.0080 1436 amdxata - ok

18:20:01.0116 1436 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

18:20:01.0122 1436 AMPPAL - ok

18:20:01.0132 1436 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

18:20:01.0135 1436 AMPPALP - ok

18:20:01.0305 1436 [ 4977534658CDBCD8F376BA276A115F66 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

18:20:01.0322 1436 AMPPALR3 - ok

18:20:01.0353 1436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:20:01.0355 1436 AppID - ok

18:20:01.0382 1436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:20:01.0388 1436 AppIDSvc - ok

18:20:01.0402 1436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:20:01.0404 1436 Appinfo - ok

18:20:01.0484 1436 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:20:01.0487 1436 Apple Mobile Device - ok

18:20:01.0530 1436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

18:20:01.0533 1436 arc - ok

18:20:01.0543 1436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

18:20:01.0546 1436 arcsas - ok

18:20:01.0604 1436 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

18:20:01.0606 1436 ASLDRService - ok

18:20:01.0638 1436 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

18:20:01.0639 1436 ASMMAP64 - ok

18:20:01.0711 1436 [ A7E7AE771A2FCDBD5F28910A38D9A82C ] assd C:\Windows\system32\drivers\assd.sys

18:20:01.0712 1436 assd - ok

18:20:01.0738 1436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:20:01.0740 1436 AsyncMac - ok

18:20:01.0767 1436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:20:01.0767 1436 atapi - ok

18:20:01.0809 1436 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys

18:20:01.0851 1436 athr - ok

18:20:01.0874 1436 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

18:20:01.0879 1436 ATKGFNEXSrv - ok

18:20:01.0929 1436 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

18:20:01.0929 1436 ATKWMIACPIIO - ok

18:20:01.0977 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:20:01.0989 1436 AudioEndpointBuilder - ok

18:20:02.0004 1436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:20:02.0011 1436 AudioSrv - ok

18:20:02.0056 1436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:20:02.0060 1436 AxInstSV - ok

18:20:02.0109 1436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

18:20:02.0118 1436 b06bdrv - ok

18:20:02.0156 1436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:20:02.0162 1436 b57nd60a - ok

18:20:02.0217 1436 [ 3C404C55DE548B09F3BA9F136C1B7100 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

18:20:02.0225 1436 BcmSqlStartupSvc - ok

18:20:02.0268 1436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:20:02.0271 1436 BDESVC - ok

18:20:02.0303 1436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:20:02.0305 1436 Beep - ok

18:20:02.0334 1436 BFE - ok

18:20:02.0357 1436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:20:02.0359 1436 blbdrive - ok

18:20:02.0622 1436 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

18:20:02.0631 1436 Bluetooth Device Monitor - ok

18:20:02.0823 1436 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

18:20:02.0835 1436 Bluetooth Media Service - ok

18:20:02.0917 1436 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

18:20:02.0928 1436 Bluetooth OBEX Service - ok

18:20:02.0978 1436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:20:02.0986 1436 Bonjour Service - ok

18:20:03.0018 1436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:20:03.0021 1436 bowser - ok

18:20:03.0057 1436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

18:20:03.0059 1436 BrFiltLo - ok

18:20:03.0065 1436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

18:20:03.0066 1436 BrFiltUp - ok

18:20:03.0103 1436 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

18:20:03.0107 1436 BridgeMP - ok

18:20:03.0141 1436 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

18:20:03.0145 1436 Browser - ok

18:20:03.0165 1436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:20:03.0171 1436 Brserid - ok

18:20:03.0183 1436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:20:03.0185 1436 BrSerWdm - ok

18:20:03.0191 1436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:20:03.0192 1436 BrUsbMdm - ok

18:20:03.0200 1436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:20:03.0201 1436 BrUsbSer - ok

18:20:03.0242 1436 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

18:20:03.0243 1436 BthEnum - ok

18:20:03.0256 1436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

18:20:03.0258 1436 BTHMODEM - ok

18:20:03.0280 1436 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

18:20:03.0284 1436 BthPan - ok

18:20:03.0306 1436 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

18:20:03.0316 1436 BTHPORT - ok

18:20:03.0359 1436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:20:03.0362 1436 bthserv - ok

18:20:03.0381 1436 [ 377AD2480462A72371BA7322352D19EC ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

18:20:03.0385 1436 BTHSSecurityMgr - ok

18:20:03.0401 1436 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

18:20:03.0404 1436 BTHUSB - ok

18:20:03.0442 1436 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

18:20:03.0444 1436 btmaux - ok

18:20:03.0476 1436 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

18:20:03.0481 1436 btmhsf - ok

18:20:03.0510 1436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:20:03.0512 1436 cdfs - ok

18:20:03.0570 1436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:20:03.0573 1436 cdrom - ok

18:20:03.0612 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:20:03.0615 1436 CertPropSvc - ok

18:20:03.0647 1436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

18:20:03.0650 1436 circlass - ok

18:20:03.0699 1436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:20:03.0721 1436 CLFS - ok

18:20:03.0830 1436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:20:03.0832 1436 clr_optimization_v2.0.50727_32 - ok

18:20:03.0883 1436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:20:03.0888 1436 clr_optimization_v2.0.50727_64 - ok

18:20:03.0978 1436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:20:04.0016 1436 clr_optimization_v4.0.30319_32 - ok

18:20:04.0037 1436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:20:04.0041 1436 clr_optimization_v4.0.30319_64 - ok

18:20:04.0074 1436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:20:04.0075 1436 CmBatt - ok

18:20:04.0091 1436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:20:04.0093 1436 cmdide - ok

18:20:04.0120 1436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:20:04.0128 1436 CNG - ok

18:20:04.0157 1436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

18:20:04.0158 1436 Compbatt - ok

18:20:04.0178 1436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

18:20:04.0180 1436 CompositeBus - ok

18:20:04.0191 1436 COMSysApp - ok

18:20:04.0210 1436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

18:20:04.0211 1436 crcdisk - ok

18:20:04.0235 1436 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:20:04.0240 1436 CryptSvc - ok

18:20:04.0278 1436 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

18:20:04.0279 1436 dc3d - ok

18:20:04.0308 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:20:04.0320 1436 DcomLaunch - ok

18:20:04.0355 1436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:20:04.0361 1436 defragsvc - ok

18:20:04.0380 1436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:20:04.0383 1436 DfsC - ok

18:20:04.0418 1436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:20:04.0426 1436 Dhcp - ok

18:20:04.0453 1436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:20:04.0455 1436 discache - ok

18:20:04.0480 1436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

18:20:04.0482 1436 Disk - ok

18:20:04.0528 1436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:20:04.0533 1436 Dnscache - ok

18:20:04.0592 1436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:20:04.0613 1436 dot3svc - ok

18:20:04.0735 1436 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

18:20:04.0745 1436 Dot4 - ok

18:20:04.0906 1436 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

18:20:04.0908 1436 Dot4Print - ok

18:20:05.0003 1436 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

18:20:05.0058 1436 dot4usb - ok

18:20:05.0137 1436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:20:05.0142 1436 DPS - ok

18:20:05.0161 1436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:20:05.0163 1436 drmkaud - ok

18:20:05.0204 1436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:20:05.0213 1436 DXGKrnl - ok

18:20:05.0239 1436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:20:05.0242 1436 EapHost - ok

18:20:05.0399 1436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

18:20:05.0467 1436 ebdrv - ok

18:20:05.0520 1436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:20:05.0525 1436 EFS - ok

18:20:05.0712 1436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:20:05.0745 1436 ehRecvr - ok

18:20:05.0762 1436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:20:05.0765 1436 ehSched - ok

18:20:05.0833 1436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

18:20:05.0843 1436 elxstor - ok

18:20:05.0849 1436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:20:05.0850 1436 ErrDev - ok

18:20:05.0888 1436 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys

18:20:05.0890 1436 ETD - ok

18:20:05.0943 1436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:20:05.0951 1436 EventSystem - ok

18:20:06.0064 1436 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

18:20:06.0100 1436 EvtEng - ok

18:20:06.0125 1436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:20:06.0131 1436 exfat - ok

18:20:06.0159 1436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:20:06.0164 1436 fastfat - ok

18:20:06.0204 1436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:20:06.0217 1436 Fax - ok

18:20:06.0237 1436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

18:20:06.0239 1436 fdc - ok

18:20:06.0261 1436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:20:06.0264 1436 fdPHost - ok

18:20:06.0284 1436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:20:06.0287 1436 FDResPub - ok

18:20:06.0307 1436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:20:06.0310 1436 FileInfo - ok

18:20:06.0321 1436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:20:06.0323 1436 Filetrace - ok

18:20:06.0338 1436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

18:20:06.0340 1436 flpydisk - ok

18:20:06.0359 1436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:20:06.0365 1436 FltMgr - ok

18:20:06.0399 1436 [ 7DE8A770487FC4B5E3A168AD97E1D370 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys

18:20:06.0405 1436 FLxHCIc - ok

18:20:06.0421 1436 [ 2D54A3319FC955029E4B371CDC088FF4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys

18:20:06.0424 1436 FLxHCIh - ok

18:20:06.0472 1436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

18:20:06.0506 1436 FontCache - ok

18:20:06.0570 1436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:20:06.0571 1436 FontCache3.0.0.0 - ok

18:20:06.0591 1436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:20:06.0594 1436 FsDepends - ok

18:20:06.0627 1436 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

18:20:06.0636 1436 fssfltr - ok

18:20:06.0838 1436 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

18:20:06.0884 1436 fsssvc - ok

18:20:06.0912 1436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:20:06.0912 1436 Fs_Rec - ok

18:20:06.0948 1436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:20:06.0952 1436 fvevol - ok

18:20:06.0980 1436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

18:20:06.0982 1436 gagp30kx - ok

18:20:07.0030 1436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:20:07.0030 1436 GEARAspiWDM - ok

18:20:07.0092 1436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:20:07.0108 1436 gpsvc - ok

18:20:07.0215 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:20:07.0220 1436 gupdate - ok

18:20:07.0270 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:20:07.0271 1436 gupdatem - ok

18:20:07.0311 1436 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:20:07.0318 1436 gusvc - ok

18:20:07.0356 1436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:20:07.0363 1436 hcw85cir - ok

18:20:07.0412 1436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:20:07.0418 1436 HdAudAddService - ok

18:20:07.0435 1436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

18:20:07.0438 1436 HDAudBus - ok

18:20:07.0444 1436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

18:20:07.0445 1436 HidBatt - ok

18:20:07.0453 1436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

18:20:07.0455 1436 HidBth - ok

18:20:07.0469 1436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

18:20:07.0472 1436 HidIr - ok

18:20:07.0489 1436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

18:20:07.0492 1436 hidserv - ok

18:20:07.0518 1436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:20:07.0520 1436 HidUsb - ok

18:20:07.0553 1436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:20:07.0556 1436 hkmsvc - ok

18:20:07.0578 1436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:20:07.0585 1436 HomeGroupListener - ok

18:20:07.0607 1436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:20:07.0614 1436 HomeGroupProvider - ok

18:20:07.0704 1436 [ CC8A7D8A8DC9F357B57796583CF8B85F ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

18:20:07.0709 1436 hpqcxs08 - ok

18:20:07.0730 1436 [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

18:20:07.0733 1436 hpqddsvc - ok

18:20:07.0758 1436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:20:07.0760 1436 HpSAMD - ok

18:20:07.0798 1436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:20:07.0811 1436 HTTP - ok

18:20:07.0827 1436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:20:07.0828 1436 hwpolicy - ok

18:20:07.0859 1436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

18:20:07.0861 1436 i8042prt - ok

18:20:07.0908 1436 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

18:20:07.0912 1436 iaStor - ok

18:20:07.0953 1436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:20:07.0961 1436 iaStorV - ok

18:20:07.0985 1436 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

18:20:07.0988 1436 iBtFltCoex - ok

18:20:08.0181 1436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:20:08.0196 1436 idsvc - ok

18:20:09.0384 1436 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

18:20:09.0743 1436 igfx - ok

18:20:09.0780 1436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

18:20:09.0788 1436 iirsp - ok

18:20:09.0909 1436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:20:09.0925 1436 IKEEXT - ok

18:20:09.0971 1436 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

18:20:09.0973 1436 intaud_WaveExtensible - ok

18:20:10.0121 1436 [ 5205DE9BD47F633E06EF3EF3DE11EF99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

18:20:10.0149 1436 IntcAzAudAddService - ok

18:20:10.0196 1436 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

18:20:10.0203 1436 IntcDAud - ok

18:20:10.0219 1436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:20:10.0221 1436 intelide - ok

18:20:10.0260 1436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:20:10.0261 1436 intelppm - ok

18:20:10.0302 1436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:20:10.0310 1436 IPBusEnum - ok

18:20:10.0331 1436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:20:10.0334 1436 IpFilterDriver - ok

18:20:10.0342 1436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:20:10.0344 1436 IPMIDRV - ok

18:20:10.0378 1436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:20:10.0382 1436 IPNAT - ok

18:20:10.0439 1436 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:20:10.0455 1436 iPod Service - ok

18:20:10.0486 1436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:20:10.0488 1436 IRENUM - ok

18:20:10.0511 1436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:20:10.0513 1436 isapnp - ok

18:20:10.0529 1436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:20:10.0535 1436 iScsiPrt - ok

18:20:10.0573 1436 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

18:20:10.0574 1436 iwdbus - ok

18:20:10.0592 1436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:20:10.0593 1436 kbdclass - ok

18:20:10.0613 1436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

18:20:10.0615 1436 kbdhid - ok

18:20:10.0632 1436 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

18:20:10.0633 1436 kbfiltr - ok

18:20:10.0646 1436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:20:10.0648 1436 KeyIso - ok

18:20:10.0679 1436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:20:10.0681 1436 KSecDD - ok

18:20:10.0701 1436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:20:10.0705 1436 KSecPkg - ok

18:20:10.0723 1436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:20:10.0726 1436 ksthunk - ok

18:20:10.0784 1436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:20:10.0792 1436 KtmRm - ok

18:20:10.0826 1436 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

18:20:10.0828 1436 L1C - ok

18:20:10.0862 1436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

18:20:10.0869 1436 LanmanServer - ok

18:20:10.0886 1436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:20:10.0892 1436 LanmanWorkstation - ok

18:20:10.0920 1436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:20:10.0923 1436 lltdio - ok

18:20:10.0958 1436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:20:10.0972 1436 lltdsvc - ok

18:20:10.0989 1436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:20:10.0993 1436 lmhosts - ok

18:20:11.0034 1436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

18:20:11.0037 1436 LSI_FC - ok

18:20:11.0047 1436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

18:20:11.0050 1436 LSI_SAS - ok

18:20:11.0059 1436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

18:20:11.0061 1436 LSI_SAS2 - ok

18:20:11.0072 1436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

18:20:11.0076 1436 LSI_SCSI - ok

18:20:11.0093 1436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:20:11.0096 1436 luafv - ok

18:20:11.0120 1436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:20:11.0124 1436 Mcx2Svc - ok

18:20:11.0142 1436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

18:20:11.0144 1436 megasas - ok

18:20:11.0160 1436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

18:20:11.0167 1436 MegaSR - ok

18:20:11.0201 1436 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

18:20:11.0202 1436 MEIx64 - ok

18:20:11.0531 1436 Microsoft SharePoint Workspace Audit Service - ok

18:20:11.0615 1436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:20:11.0620 1436 MMCSS - ok

18:20:11.0642 1436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:20:11.0652 1436 Modem - ok

18:20:11.0673 1436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:20:11.0676 1436 monitor - ok

18:20:11.0695 1436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:20:11.0696 1436 mouclass - ok

18:20:11.0710 1436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:20:11.0719 1436 mouhid - ok

18:20:11.0741 1436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:20:11.0743 1436 mountmgr - ok

18:20:11.0800 1436 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:20:11.0809 1436 MozillaMaintenance - ok

18:20:11.0827 1436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:20:11.0831 1436 mpio - ok

18:20:11.0848 1436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:20:11.0851 1436 mpsdrv - ok

18:20:11.0861 1436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:20:11.0864 1436 MRxDAV - ok

18:20:11.0897 1436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:20:11.0901 1436 mrxsmb - ok

18:20:11.0919 1436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:20:11.0926 1436 mrxsmb10 - ok

18:20:11.0944 1436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:20:11.0948 1436 mrxsmb20 - ok

18:20:11.0967 1436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:20:11.0968 1436 msahci - ok

18:20:12.0014 1436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:20:12.0022 1436 msdsm - ok

18:20:12.0055 1436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:20:12.0061 1436 MSDTC - ok

18:20:12.0091 1436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:20:12.0093 1436 Msfs - ok

18:20:12.0111 1436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:20:12.0113 1436 mshidkmdf - ok

18:20:12.0123 1436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:20:12.0124 1436 msisadrv - ok

18:20:12.0155 1436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:20:12.0159 1436 MSiSCSI - ok

18:20:12.0165 1436 msiserver - ok

18:20:12.0185 1436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:20:12.0187 1436 MSKSSRV - ok

18:20:12.0205 1436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:20:12.0209 1436 MSPCLOCK - ok

18:20:12.0227 1436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:20:12.0230 1436 MSPQM - ok

18:20:12.0256 1436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:20:12.0264 1436 MsRPC - ok

18:20:12.0286 1436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

18:20:12.0287 1436 mssmbios - ok

18:20:12.0345 1436 MSSQL$MSSMLBIZ - ok

18:20:12.0474 1436 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

18:20:12.0478 1436 MSSQLServerADHelper100 - ok

18:20:12.0512 1436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:20:12.0513 1436 MSTEE - ok

18:20:12.0521 1436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

18:20:12.0523 1436 MTConfig - ok

18:20:12.0551 1436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:20:12.0552 1436 Mup - ok

18:20:12.0588 1436 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

18:20:12.0597 1436 MyWiFiDHCPDNS - ok

18:20:12.0629 1436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:20:12.0640 1436 napagent - ok

18:20:12.0677 1436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:20:12.0684 1436 NativeWifiP - ok

18:20:12.0769 1436 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:20:12.0784 1436 NDIS - ok

18:20:12.0950 1436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:20:12.0961 1436 NdisCap - ok

18:20:12.0985 1436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:20:12.0992 1436 NdisTapi - ok

18:20:13.0013 1436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:20:13.0015 1436 Ndisuio - ok

18:20:13.0032 1436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:20:13.0037 1436 NdisWan - ok

18:20:13.0056 1436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:20:13.0059 1436 NDProxy - ok

18:20:13.0104 1436 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

18:20:13.0107 1436 Net Driver HPZ12 - ok

18:20:13.0124 1436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:20:13.0126 1436 NetBIOS - ok

18:20:13.0151 1436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:20:13.0157 1436 NetBT - ok

18:20:13.0170 1436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:20:13.0172 1436 Netlogon - ok

18:20:13.0211 1436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:20:13.0219 1436 Netman - ok

18:20:13.0249 1436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:20:13.0260 1436 netprofm - ok

18:20:13.0287 1436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:20:13.0289 1436 NetTcpPortSharing - ok

18:20:14.0135 1436 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

18:20:14.0316 1436 NETwNs64 - ok

18:20:14.0354 1436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

18:20:14.0357 1436 nfrd960 - ok

18:20:14.0409 1436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:20:14.0416 1436 NlaSvc - ok

18:20:14.0439 1436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:20:14.0441 1436 Npfs - ok

18:20:14.0465 1436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:20:14.0474 1436 nsi - ok

18:20:14.0485 1436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:20:14.0495 1436 nsiproxy - ok

18:20:14.0591 1436 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:20:14.0636 1436 Ntfs - ok

18:20:14.0678 1436 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

18:20:14.0679 1436 NuidFltr - ok

18:20:14.0704 1436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:20:14.0706 1436 Null - ok

18:20:15.0093 1436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:20:15.0096 1436 nvraid - ok

18:20:15.0147 1436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:20:15.0150 1436 nvstor - ok

18:20:15.0179 1436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:20:15.0197 1436 nv_agp - ok

18:20:15.0218 1436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:20:15.0221 1436 ohci1394 - ok

18:20:15.0283 1436 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:20:15.0293 1436 ose64 - ok

18:20:15.0888 1436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:20:15.0999 1436 osppsvc - ok

18:20:16.0048 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:20:16.0055 1436 p2pimsvc - ok

18:20:16.0085 1436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:20:16.0095 1436 p2psvc - ok

18:20:16.0132 1436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

18:20:16.0135 1436 Parport - ok

18:20:16.0170 1436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:20:16.0172 1436 partmgr - ok

18:20:16.0206 1436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:20:16.0236 1436 PcaSvc - ok

18:20:16.0254 1436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:20:16.0258 1436 pci - ok

18:20:16.0277 1436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:20:16.0278 1436 pciide - ok

18:20:16.0320 1436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

18:20:16.0324 1436 pcmcia - ok

18:20:16.0336 1436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:20:16.0337 1436 pcw - ok

18:20:16.0370 1436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:20:16.0381 1436 PEAUTH - ok

18:20:17.0001 1436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:20:17.0003 1436 PerfHost - ok

18:20:17.0225 1436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:20:17.0259 1436 pla - ok

18:20:17.0291 1436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:20:17.0302 1436 PlugPlay - ok

18:20:17.0321 1436 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

18:20:17.0324 1436 Pml Driver HPZ12 - ok

18:20:17.0335 1436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:20:17.0339 1436 PNRPAutoReg - ok

18:20:17.0365 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:20:17.0370 1436 PNRPsvc - ok

18:20:17.0402 1436 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

18:20:17.0404 1436 Point64 - ok

18:20:17.0492 1436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:20:17.0502 1436 PolicyAgent - ok

18:20:17.0537 1436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:20:17.0543 1436 Power - ok

18:20:17.0570 1436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:20:17.0574 1436 PptpMiniport - ok

18:20:17.0595 1436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

18:20:17.0598 1436 Processor - ok

18:20:17.0630 1436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:20:17.0637 1436 ProfSvc - ok

18:20:17.0660 1436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:20:17.0662 1436 ProtectedStorage - ok

18:20:17.0684 1436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:20:17.0689 1436 Psched - ok

18:20:17.0758 1436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

18:20:17.0784 1436 ql2300 - ok

18:20:17.0806 1436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

18:20:17.0809 1436 ql40xx - ok

18:20:17.0842 1436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:20:17.0849 1436 QWAVE - ok

18:20:17.0863 1436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:20:17.0865 1436 QWAVEdrv - ok

18:20:17.0872 1436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:20:17.0873 1436 RasAcd - ok

18:20:17.0889 1436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:20:17.0892 1436 RasAgileVpn - ok

18:20:17.0907 1436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:20:17.0912 1436 RasAuto - ok

18:20:17.0924 1436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:20:17.0927 1436 Rasl2tp - ok

18:20:17.0945 1436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:20:17.0954 1436 RasMan - ok

18:20:17.0966 1436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:20:17.0969 1436 RasPppoe - ok

18:20:17.0981 1436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:20:17.0984 1436 RasSstp - ok

18:20:18.0010 1436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:20:18.0017 1436 rdbss - ok

18:20:18.0040 1436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

18:20:18.0042 1436 rdpbus - ok

18:20:18.0059 1436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:20:18.0061 1436 RDPCDD - ok

18:20:18.0073 1436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:20:18.0075 1436 RDPENCDD - ok

18:20:18.0091 1436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:20:18.0093 1436 RDPREFMP - ok

18:20:18.0123 1436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:20:18.0128 1436 RDPWD - ok

18:20:18.0159 1436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:20:18.0163 1436 rdyboost - ok

18:20:18.0352 1436 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

18:20:18.0375 1436 RegSrvc - ok

18:20:18.0428 1436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:20:18.0432 1436 RemoteAccess - ok

18:20:18.0476 1436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:20:18.0482 1436 RemoteRegistry - ok

18:20:18.0513 1436 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

18:20:18.0517 1436 RFCOMM - ok

18:20:18.0535 1436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:20:18.0540 1436 RpcEptMapper - ok

18:20:18.0557 1436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:20:18.0560 1436 RpcLocator - ok

18:20:18.0591 1436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll

18:20:18.0598 1436 RpcSs - ok

18:20:18.0626 1436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:20:18.0628 1436 rspndr - ok

18:20:18.0647 1436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:20:18.0649 1436 SamSs - ok

18:20:18.0690 1436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:20:18.0693 1436 sbp2port - ok

18:20:18.0723 1436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:20:18.0730 1436 SCardSvr - ok

18:20:18.0744 1436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:20:18.0750 1436 scfilter - ok

18:20:18.0848 1436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:20:18.0869 1436 Schedule - ok

18:20:18.0902 1436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:20:18.0904 1436 SCPolicySvc - ok

18:20:18.0925 1436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:20:18.0931 1436 SDRSVC - ok

18:20:18.0954 1436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:20:18.0956 1436 secdrv - ok

18:20:18.0977 1436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:20:18.0982 1436 seclogon - ok

18:20:19.0001 1436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

18:20:19.0007 1436 SENS - ok

18:20:19.0027 1436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:20:19.0032 1436 SensrSvc - ok

18:20:19.0057 1436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

18:20:19.0059 1436 Serenum - ok

18:20:19.0081 1436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

18:20:19.0084 1436 Serial - ok

18:20:19.0096 1436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

18:20:19.0098 1436 sermouse - ok

18:20:19.0122 1436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:20:19.0127 1436 SessionEnv - ok

18:20:19.0148 1436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:20:19.0150 1436 sffdisk - ok

18:20:19.0165 1436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:20:19.0167 1436 sffp_mmc - ok

18:20:19.0174 1436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:20:19.0175 1436 sffp_sd - ok

18:20:19.0182 1436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

18:20:19.0183 1436 sfloppy - ok

18:20:19.0229 1436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:20:19.0239 1436 ShellHWDetection - ok

18:20:19.0260 1436 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

18:20:19.0263 1436 SiSGbeLH - ok

18:20:19.0270 1436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

18:20:19.0273 1436 SiSRaid2 - ok

18:20:19.0285 1436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

18:20:19.0288 1436 SiSRaid4 - ok

18:20:19.0296 1436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:20:19.0298 1436 Smb - ok

18:20:19.0338 1436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:20:19.0342 1436 SNMPTRAP - ok

18:20:19.0373 1436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:20:19.0375 1436 spldr - ok

18:20:19.0460 1436 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

18:20:19.0508 1436 Spooler - ok

18:20:19.0612 1436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:20:19.0856 1436 sppsvc - ok

18:20:19.0874 1436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:20:19.0878 1436 sppuinotify - ok

18:20:19.0903 1436 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE

18:20:19.0924 1436 SQLAgent$MSSMLBIZ - ok

18:20:20.0009 1436 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

18:20:20.0020 1436 SQLBrowser - ok

18:20:20.0140 1436 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

18:20:20.0146 1436 SQLWriter - ok

18:20:20.0184 1436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:20:20.0193 1436 srv - ok

18:20:20.0298 1436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:20:20.0310 1436 srv2 - ok

18:20:20.0328 1436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:20:20.0333 1436 srvnet - ok

18:20:20.0370 1436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:20:20.0376 1436 SSDPSRV - ok

18:20:20.0388 1436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:20:20.0393 1436 SstpSvc - ok

18:20:20.0426 1436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

18:20:20.0429 1436 stexstor - ok

18:20:20.0475 1436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:20:20.0488 1436 stisvc - ok

18:20:20.0506 1436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

18:20:20.0507 1436 swenum - ok

18:20:20.0553 1436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:20:20.0565 1436 swprv - ok

18:20:20.0616 1436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:20:20.0661 1436 SysMain - ok

18:20:20.0684 1436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:20:20.0689 1436 TabletInputService - ok

18:20:20.0714 1436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:20:20.0725 1436 TapiSrv - ok

18:20:20.0747 1436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:20:20.0750 1436 TBS - ok

18:20:21.0403 1436 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:20:21.0470 1436 Tcpip - ok

18:20:21.0556 1436 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:20:21.0575 1436 TCPIP6 - ok

18:20:21.0637 1436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:20:21.0639 1436 tcpipreg - ok

18:20:21.0666 1436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:20:21.0670 1436 TDPIPE - ok

18:20:21.0700 1436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:20:21.0702 1436 TDTCP - ok

18:20:21.0733 1436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:20:21.0735 1436 tdx - ok

18:20:21.0750 1436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

18:20:21.0751 1436 TermDD - ok

18:20:21.0805 1436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:20:21.0819 1436 TermService - ok

18:20:21.0837 1436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:20:21.0841 1436 Themes - ok

18:20:21.0857 1436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:20:21.0859 1436 THREADORDER - ok

18:20:21.0880 1436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:20:21.0885 1436 TrkWks - ok

18:20:21.0930 1436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:20:21.0934 1436 TrustedInstaller - ok

18:20:21.0957 1436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:20:21.0960 1436 tssecsrv - ok

18:20:21.0991 1436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:20:21.0993 1436 TsUsbFlt - ok

18:20:22.0008 1436 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

18:20:22.0009 1436 TsUsbGD - ok

18:20:22.0036 1436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:20:22.0040 1436 tunnel - ok

18:20:22.0067 1436 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

18:20:22.0068 1436 TurboB - ok

18:20:22.0104 1436 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

18:20:22.0107 1436 TurboBoost - ok

18:20:22.0126 1436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

18:20:22.0130 1436 uagp35 - ok

18:20:22.0153 1436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:20:22.0160 1436 udfs - ok

18:20:22.0190 1436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:20:22.0196 1436 UI0Detect - ok

18:20:22.0212 1436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:20:22.0215 1436 uliagpkx - ok

18:20:22.0247 1436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:20:22.0250 1436 umbus - ok

18:20:22.0256 1436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

18:20:22.0258 1436 UmPass - ok

18:20:22.0282 1436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:20:22.0291 1436 upnphost - ok

18:20:22.0334 1436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

18:20:22.0336 1436 USBAAPL64 - ok

18:20:22.0368 1436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:20:22.0371 1436 usbccgp - ok

18:20:22.0415 1436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:20:22.0418 1436 usbcir - ok

18:20:22.0445 1436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

18:20:22.0449 1436 usbehci - ok

18:20:22.0485 1436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:20:22.0492 1436 usbhub - ok

18:20:22.0512 1436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:20:22.0515 1436 usbohci - ok

18:20:22.0533 1436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:20:22.0536 1436 usbprint - ok

18:20:22.0574 1436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:20:22.0576 1436 usbscan - ok

18:20:22.0596 1436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:20:22.0599 1436 USBSTOR - ok

18:20:22.0615 1436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:20:22.0618 1436 usbuhci - ok

18:20:22.0657 1436 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

18:20:22.0662 1436 usbvideo - ok

18:20:22.0680 1436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:20:22.0685 1436 UxSms - ok

18:20:22.0698 1436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:20:22.0700 1436 VaultSvc - ok

18:20:22.0725 1436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:20:22.0726 1436 vdrvroot - ok

18:20:23.0265 1436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:20:23.0278 1436 vds - ok

18:20:23.0300 1436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:20:23.0303 1436 vga - ok

18:20:23.0315 1436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:20:23.0318 1436 VgaSave - ok

18:20:23.0338 1436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:20:23.0343 1436 vhdmp - ok

18:20:23.0358 1436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:20:23.0359 1436 viaide - ok

18:20:23.0382 1436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:20:23.0384 1436 volmgr - ok

18:20:23.0410 1436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:20:23.0418 1436 volmgrx - ok

18:20:23.0436 1436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:20:23.0441 1436 volsnap - ok

18:20:23.0470 1436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

18:20:23.0474 1436 vsmraid - ok

18:20:23.0535 1436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:20:23.0597 1436 VSS - ok

18:20:23.0608 1436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

18:20:23.0619 1436 vwifibus - ok

18:20:23.0654 1436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

18:20:23.0657 1436 vwififlt - ok

18:20:23.0687 1436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

18:20:23.0688 1436 vwifimp - ok

18:20:23.0707 1436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:20:23.0718 1436 W32Time - ok

18:20:23.0733 1436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

18:20:23.0735 1436 WacomPen - ok

18:20:23.0760 1436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:20:23.0763 1436 WANARP - ok

18:20:23.0770 1436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:20:23.0772 1436 Wanarpv6 - ok

18:20:23.0890 1436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:20:23.0933 1436 WatAdminSvc - ok

18:20:24.0003 1436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:20:24.0048 1436 wbengine - ok

18:20:24.0066 1436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:20:24.0073 1436 WbioSrvc - ok

18:20:24.0090 1436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:20:24.0100 1436 wcncsvc - ok

18:20:24.0112 1436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:20:24.0116 1436 WcsPlugInService - ok

18:20:24.0131 1436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

18:20:24.0133 1436 Wd - ok

18:20:24.0166 1436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:20:24.0178 1436 Wdf01000 - ok

18:20:24.0197 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:20:24.0202 1436 WdiServiceHost - ok

18:20:24.0207 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:20:24.0210 1436 WdiSystemHost - ok

18:20:24.0248 1436 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

18:20:24.0250 1436 wdkmd - ok

18:20:24.0308 1436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:20:24.0315 1436 WebClient - ok

18:20:24.0352 1436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:20:24.0359 1436 Wecsvc - ok

18:20:24.0380 1436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:20:24.0385 1436 wercplsupport - ok

18:20:24.0403 1436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:20:24.0409 1436 WerSvc - ok

18:20:24.0448 1436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:20:24.0465 1436 WfpLwf - ok

18:20:24.0493 1436 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

18:20:24.0498 1436 WimFltr - ok

18:20:24.0512 1436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:20:24.0515 1436 WIMMount - ok

18:20:24.0523 1436 WinHttpAutoProxySvc - ok

18:20:24.0707 1436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:20:24.0729 1436 Winmgmt - ok

18:20:25.0169 1436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:20:25.0265 1436 WinRM - ok

18:20:25.0329 1436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

18:20:25.0331 1436 WinUsb - ok

18:20:25.0367 1436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:20:25.0432 1436 Wlansvc - ok

18:20:25.0502 1436 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:20:25.0506 1436 wlcrasvc - ok

18:20:25.0893 1436 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:20:25.0955 1436 wlidsvc - ok

18:20:25.0972 1436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

18:20:25.0973 1436 WmiAcpi - ok

18:20:26.0016 1436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:20:26.0027 1436 wmiApSrv - ok

18:20:26.0057 1436 WMPNetworkSvc - ok

18:20:26.0088 1436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:20:26.0093 1436 WPCSvc - ok

18:20:26.0110 1436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:20:26.0116 1436 WPDBusEnum - ok

18:20:26.0140 1436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:20:26.0142 1436 ws2ifsl - ok

18:20:26.0148 1436 WSearch - ok

18:20:26.0170 1436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:20:26.0173 1436 WudfPf - ok

18:20:26.0201 1436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:20:26.0206 1436 WUDFRd - ok

18:20:26.0219 1436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:20:26.0224 1436 wudfsvc - ok

18:20:26.0240 1436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:20:26.0247 1436 WwanSvc - ok

18:20:26.0279 1436 ================ Scan global ===============================

18:20:26.0305 1436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:20:26.0334 1436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:20:26.0347 1436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:20:26.0371 1436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:20:26.0405 1436 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe

18:20:26.0416 1436 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

18:20:26.0416 1436 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

18:20:26.0417 1436 ================ Scan MBR ==================================

18:20:26.0435 1436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:20:26.0436 1436 Suspicious mbr (Forged): \Device\Harddisk0\DR0

18:20:26.0515 1436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

18:20:26.0515 1436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

18:20:26.0515 1436 ================ Scan VBR ==================================

18:20:26.0520 1436 [ 05D95A8ACE6F146854CBC9F1C007FF9D ] \Device\Harddisk0\DR0\Partition1

18:20:26.0525 1436 \Device\Harddisk0\DR0\Partition1 - ok

18:20:26.0660 1436 [ B1BB516956C3DDBBCCEFBC0F0E5299EC ] \Device\Harddisk0\DR0\Partition2

18:20:26.0672 1436 \Device\Harddisk0\DR0\Partition2 - ok

18:20:26.0673 1436 ============================================================

18:20:26.0673 1436 Scan finished

18:20:26.0673 1436 ============================================================

18:20:26.0690 3592 Detected object count: 2

18:20:26.0690 3592 Actual detected object count: 2

18:20:31.0638 3592 C:\Windows\system32\services.exe - copied to quarantine

18:20:31.0989 3592 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine

18:20:31.0990 3592 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine

18:20:32.0281 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ - copied to quarantine

18:20:32.0284 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ - copied to quarantine

18:20:32.0286 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ - copied to quarantine

18:20:32.0287 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ - copied to quarantine

18:20:32.0288 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ - copied to quarantine

18:20:32.0290 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ - copied to quarantine

18:20:32.0292 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ - copied to quarantine

18:21:00.0531 3592 Backup copy found, using it..

18:21:00.0623 3592 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot

18:21:00.0623 3592 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot

18:21:00.0654 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ - will be deleted on reboot

18:21:00.0654 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@ - will be deleted on reboot

18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ - will be deleted on reboot

18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ - will be deleted on reboot

18:21:00.0655 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@ - will be deleted on reboot

18:21:00.0656 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ - will be deleted on reboot

18:21:00.0656 3592 C:\Windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@ - will be deleted on reboot

18:21:00.0664 3592 C:\Windows\system32\services.exe - will be cured on reboot

18:21:00.0664 3592 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

18:21:05.0033 3592 \Device\Harddisk0\DR0\# - copied to quarantine

18:21:05.0036 3592 \Device\Harddisk0\DR0 - copied to quarantine

18:21:05.0153 3592 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

18:21:05.0158 3592 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:21:05.0171 3592 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:21:05.0178 3592 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:21:05.0201 3592 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:21:05.0213 3592 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:21:05.0215 3592 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:21:05.0216 3592 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:21:05.0218 3592 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:21:05.0221 3592 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:21:05.0224 3592 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:21:05.0226 3592 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:21:05.0228 3592 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:21:05.0230 3592 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:21:05.0350 3592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

18:21:05.0356 3592 \Device\Harddisk0\DR0 - ok

18:21:05.0361 3592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

18:21:17.0294 2956 Deinitialize success

[paphofo]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Greg at 2012-08-20 18:35:38

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 155 GB (54%) free of 286 GB

Total RAM: 8103 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:35:51 PM, on 8/20/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\gPadServer\gPadServer.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\Greg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.creighton.edu/students/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files (x86)\Songbird\songbirditunesagent.exe

O4 - Startup: Dropbox.lnk = Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O4 - Startup: gPadServer.lnk = C:\Program Files (x86)\gPadServer\gPadServer.exe

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

O4 - Global Startup: FancyStart daemon.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: BFE - Unknown owner - C:\Windows\.

O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14717 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\FBAgent.exe"

C:\Windows\system32\WLANExt.exe 29038112

\??\C:\Windows\system32\conhost.exe "809145581-162835197-8012001613602878292060880527618512567-20428385151343828222

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"

taskeng.exe {35B4E8F5-6C57-415C-A9A2-E6E756A7025D}

C:\Windows\System32\spoolsv.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c

taskeng.exe {F4C34468-09F2-40C7-9765-69A07F36D218}

"taskhost.exe"

"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"

"C:\Program Files\P4G\BatteryLife.exe"

"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"

"C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"

"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"

"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Windows\system32\svchost.exe -k bthsvcs

"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

ATKOSD.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

KBFiltr.exe

"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"

WLIDSvcM.exe 1972

WDC.exe

"C:\Windows\AsScrPro.exe"

"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3

"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"

"C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

"C:\Program Files (x86)\gPadServer\gPadServer.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

"C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"

"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"

"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4100 series#1319325732" -Startup

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Users\Greg\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\w8lfpb9n.default

prefs.js - "browser.startup.homepage" - "www.dyingscene.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.271 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0]

"Description"=

"Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.271 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

npdeployJava1.dll

npMeetingJoinPluginOC.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]

Lync Browser Helper - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22 211720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-03 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-04-01 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-09 167960]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-09 391704]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-09 418328]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-07-13 2264168]

"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-05-02 324096]

"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-12-13 2587944]

"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]

"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30 10372368]

"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

"Setwallpaper"=c:\programdata\SetWallpaper.cmd []

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 2417032]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"sbitunesagent"=C:\Program Files (x86)\Songbird\songbirditunesagent.exe [2012-01-19 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

C:\Windows\AsScrPro.exe [2011-07-15 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-01 12661352]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]

"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]

"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-09 984400]

"FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-04-08 43008]

"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]

"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]

"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

"Communicator"=C:\Program Files (x86)\Microsoft Lync\communicator.exe [2012-06-11 12099672]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]

"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2011-06-10 2255360]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

gPadServer.lnk - C:\Program Files (x86)\gPadServer\gPadServer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2011-01-26 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-03-28 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71288519.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\71288519.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-08-20 18:35:39 ----D---- C:\Program Files\trend micro

2012-08-20 18:35:38 ----D---- C:\rsit

2012-08-20 18:20:31 ----D---- C:\TDSSKiller_Quarantine

2012-08-20 18:19:49 ----A---- C:\TDSSKiller.2.8.7.0_20.08.2012_18.19.49_log.txt

2012-08-18 11:28:17 ----D---- C:\FRST

2012-08-15 18:11:54 ----SHD---- C:\Config.Msi

2012-08-15 18:08:20 ----D---- C:\Qoobox

2012-08-15 18:08:15 ----SD---- C:\32788R22FWJFW

2012-08-15 17:21:59 ----SHD---- C:\found.000

2012-08-14 04:01:25 ----D---- C:\Windows\Minidump

2012-08-13 19:44:46 ----A---- C:\Windows\svchost.exe

2012-08-13 19:25:18 ----D---- C:\Program Files (x86)\ERUNT

2012-08-01 18:20:21 ----D---- C:\Program Files\iTunes

2012-08-01 18:20:21 ----D---- C:\Program Files\iPod

2012-08-01 18:20:21 ----D---- C:\Program Files (x86)\iTunes

2012-08-01 18:16:55 ----D---- C:\Program Files (x86)\QuickTime

2012-07-23 06:49:48 ----SHD---- C:\$RECYCLE.BIN

======List of files/folders modified in the last 1 month======

2012-08-20 18:35:51 ----D---- C:\Windows\Prefetch

2012-08-20 18:35:39 ----RD---- C:\Program Files

2012-08-20 18:33:32 ----D---- C:\Windows\system32\config

2012-08-20 18:27:41 ----D---- C:\Windows\System32

2012-08-20 18:27:41 ----D---- C:\Windows\inf

2012-08-20 18:27:41 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-08-20 18:24:26 ----D---- C:\Users\Greg\AppData\Roaming\Dropbox

2012-08-20 18:24:10 ----HD---- C:\ASUS.DAT

2012-08-20 18:23:32 ----D---- C:\Windows\temp

2012-08-20 18:23:16 ----A---- C:\Windows\system32\acovcnt.exe

2012-08-20 18:21:51 ----A---- C:\Windows\system32\services.exe

2012-08-20 18:21:05 ----D---- C:\Windows\system32\drivers

2012-08-19 22:09:33 ----D---- C:\Windows

2012-08-18 14:40:46 ----SHD---- C:\System Volume Information

2012-08-15 18:12:30 ----SHD---- C:\Windows\Installer

2012-08-15 18:10:47 ----D---- C:\Windows\SysWOW64

2012-08-15 18:08:33 ----D---- C:\Windows\erdnt

2012-08-14 21:35:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-08-14 21:09:13 ----D---- C:\Windows\registration

2012-08-14 20:14:27 ----D---- C:\Windows\system32\wbem

2012-08-14 20:14:19 ----D---- C:\Windows\Tasks

2012-08-13 19:44:36 ----A---- C:\Windows\system32\AutoRunFilter.ini

2012-08-13 19:44:12 ----D---- C:\Windows\system32\Tasks

2012-08-13 19:25:18 ----RD---- C:\Program Files (x86)

2012-08-08 18:47:29 ----A---- C:\Windows\system32\ServiceFilter.ini

2012-08-08 18:45:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-08 18:45:55 ----A---- C:\Windows\ntbtlog.txt

2012-08-08 18:41:58 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-08-08 18:41:21 ----D---- C:\Windows\system32\catroot

2012-08-01 18:18:27 ----D---- C:\Windows\system32\DriverStore

2012-08-01 18:18:27 ----D---- C:\Windows\system32\catroot2

2012-07-30 20:21:15 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-07-22 11:54:16 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 assd;assd; C:\Windows\system32\drivers\assd.sys [2010-04-28 27264]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]

R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]

R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]

R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-26 12273408]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-02 3048040]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]

R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-20 56344]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-08-01 23960]

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]

S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-03-22 261632]

S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-04 1542656]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]

S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-03-24 34200]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-03 379520]

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]

R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2010-03-25 34216]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-23 134928]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-01 182768]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-10 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-30 47128]

S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[paphofo]

info.txt logfile of random's system information tool 1.09 2012-08-20 18:35:54

======Uninstall list======

64 Bit HP CIO Components Installer-->MsiExec.exe /I{9F560BEB-021F-43AC-825F-AA60442D8DE4}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -maintain plugin

Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}\setup.exe -runfromtemp -l0x0409

Amazon MP3 Downloader 1.0.15-->C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe

Amazon MP3 Uploader-->msiexec /qb /x {9E051993-7665-FE91-148D-3B0855E57F70}

Amazon MP3 Uploader-->MsiExec.exe /I{9E051993-7665-FE91-148D-3B0855E57F70}

Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}

Apple Mobile Device Support-->MsiExec.exe /I{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}

Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}

ASUS AI Recovery-->MsiExec.exe /I{D39F0676-163E-4595-A917-E28F99BBD4D2}

ASUS FancyStart-->MsiExec.exe /I{2B81872B-A054-48DA-BE3B-FA5C164C303A}

ASUS FancyStart-->MsiExec.exe /I{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}

ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}

ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9

ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}

ASUS Secure Delete-->MsiExec.exe /I{761C6783-D3BC-48AB-8E7C-61CE918A8436}

ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}

ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}

ASUS U Series ScreenSaver-->C:\Windows\ASUS U Series ScreenSaver Uninstaller.exe

ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}

ASUS WebStorage-->C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe

AsusVibe2.0-->C:\Program Files (x86)\Asus\AsusVibe\unins000.exe

ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Business Contact Manager for Microsoft Outlook 2010-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {29F41953-2103-4EF2-8328-AD0EA7480D80}

Business Contact Manager for Microsoft Outlook 2010-->MsiExec.exe /X{29F41953-2103-4EF2-8328-AD0EA7480D80}

Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544}

Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}

Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}

CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{A78ECBF0-BA6F-49DC-A12E-188875F8B0A4}" "1033" "0"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

ETDWare PS/2-X64 8.0.5.0_WHQL-->%ProgramFiles%\Elantech\ETDUn_inst.exe

Fast Boot-->MsiExec.exe /I{13F4A7F3-EABC-4261-AF6B-1317777F0755}

Free Mp3 Wma Converter V 2.2-->"C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe"

Fresco Logic USB3.0 Host Controller-->MsiExec.exe /X{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}

Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}

Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}

Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

gPad Server 2.0 2.0.0-->C:\Program Files (x86)\gPadServer\uninstall.exe

HP Customer Participation Program 8.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr40.exe -datfile hpqhsc01.dat

HP Deskjet All-In-One Software 8.0-->C:\Program Files (x86)\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr40.exe -datfile hposcr12.dat

HP Imaging Device Functions 8.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr40.exe -datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Solution Center 8.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr40.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Intel PROSet Wireless-->Intel PROSet Wireless

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall

Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed-->MsiExec.exe /I{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}

Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{3C41721F-AF0F-4086-AA1C-4C7F29076228}

Intel® Turbo Boost Technology Monitor-->MsiExec.exe /X{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}

Intel® WiDi-->MsiExec.exe /X{25680C01-6753-4FE9-A891-7857F26457C1}

iTunes-->MsiExec.exe /I{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}

Microsoft IntelliPoint 8.2-->msiexec.exe /I {624C7F0A-89B2-4C49-9CAB-9D69613EC95A}

Microsoft IntelliPoint 8.2-->MsiExec.exe /X{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}

Microsoft Lync 2010-->MsiExec.exe /X{81BE0B17-563B-45D4-B198-5721E6C665CD}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-1000-0000000FF1CE}" "{B51389C8-2890-4633-81D8-47D2A7402274}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-1000-0000000FF1CE}" "{1779650B-2E44-4A19-8DF6-3866D645764A}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-1000-0000000FF1CE}" "{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0409-1000-0000000FF1CE}" "{FCD1C311-8B02-4DBD-BA46-1079C629577E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-1000-0000000FF1CE}" "{516CA4A9-98E6-4F77-A863-CBD8487368E4}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1033" "0"

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-1000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-1000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-1000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-1000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-1000-0000000FF1CE}

Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-1000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-1000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-1000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-1000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-1000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-1000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-1000-0000000FF1CE}

Microsoft Office Shared 32-bit MUI (English) 2010-->MsiExec.exe /X{90140000-0043-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-1000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-1000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-1000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}

Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}

Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}

Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{BA4DA261-CB60-4690-B202-44998DFC6986}

Microsoft SQL Server 2008-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86

Microsoft SQL Server 2008-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)-->MsiExec.exe /X{79CC7D89-6A9B-4193-99D5-1A967D2C19EE}

Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nuance PDF Reader-->MsiExec.exe /X{B480904D-F73F-4673-B034-8A5F492C9184}

QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

SceneSwitch-->MsiExec.exe /I{5172E572-C175-4F80-A6D5-5CB45826AD61}

Secure Download Manager-->MsiExec.exe /I{C28422FB-F2CD-427A-ADED-9F281745CDB2}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{B8512624-C19C-49C0-ABFB-572ADF5F4972}" "1033" "0"

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{741FC2CB-0725-4040-AC28-FC52F8EAF279}" "1033" "0"

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{60D36F66-083C-4966-B7AC-A8DD0E5558C5}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{0F6C4F72-6084-437B-9B35-F59B09E3C1B0}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7C04E5C7-C747-43DE-B648-09B97811D93E}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{297E6E47-5F6E-4DD8-B880-75944B5C1C7C}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{2B4B504B-6620-4FFD-94CB-3D640AB3FCD2}" "1033" "0"

Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{3E112FB8-14E5-4088-80AC-574FC376BCFE}" "1033" "0"

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1033" "0"

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1033" "0"

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{C37E7477-0E37-465F-81B8-6085454CFEE2}" "1033" "0"

Service Pack 1 for SQL Server 2008 (KB968369)-->"C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances /x86

Songbird 1.10.2 (Build 2199)-->"C:\Program Files (x86)\Songbird\Songbird-Uninstall.exe"

Sonic Focus-->MsiExec.exe /I{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}

Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}

syncables desktop SE-->MsiExec.exe /X{341697D8-9923-445E-B42A-529E5A99CB7A}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1033" "0"

Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1033" "0"

Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1033" "0"

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1033" "0"

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1033" "0"

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{4EB7D2FF-CC3E-4FC1-B4DB-CE3DCCCC8559}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-1000-0000000FF1CE}" "{DC366AAD-10AA-4FB2-9D17-5DA0A4E76477}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-1000-0000000FF1CE}" "{CC54F5F1-51C0-4038-B3B0-42F1DCA806C4}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-1000-0000000FF1CE}" "{D9CF6D64-9342-4C83-A9C1-F45DE139F2A7}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1033" "0"

Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1033" "0"

Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1033" "0"

Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-1000-0000000FF1CE}" "{8D07F876-D93A-4CF7-B801-1D41AB2BF60B}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{B807DD44-0A98-4CAA-98E5-93DAB3B84703}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{ABC643B5-0ADF-4511-B521-D99D9A822AD2}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-1000-0000000FF1CE}" "{4C975BB2-B3EE-4F66-A8E7-5C917B7C439D}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-1000-0000000FF1CE}" "{7861C766-2AA2-4A50-AB75-A57D451CEA76}" "1033" "0"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}

Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live Family Safety-->MsiExec.exe /I{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}

Windows Live Family Safety-->MsiExec.exe /I{289809B1-078A-49F3-83D0-7E51715B3915}

Windows Live Family Safety-->MsiExec.exe /I{3946328A-5B3A-434C-A22B-64CF6652FBAD}

Windows Live Family Safety-->MsiExec.exe /I{401C50F6-B443-43EE-8F27-A80DB19B03FD}

Windows Live Family Safety-->MsiExec.exe /I{911519EB-BD75-4B3B-BD17-BA3747C9B854}

Windows Live Family Safety-->MsiExec.exe /I{FE4BE0BD-1EDB-4D24-9614-847B3C472887}

Windows Live Family Safety-->MsiExec.exe /X{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}

Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}

Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}

Windows Live Mail-->MsiExec.exe /I{753F0A72-59C3-41CE-A36A-F2DF2079275C}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

Windows Live Mail-->MsiExec.exe /I{A0B91308-6666-4249-8FF6-1E11AFD75FE1}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{2C865FB0-051E-4D22-AC62-428E035AEAF0}

Windows Live Mesh-->MsiExec.exe /I{588CE0C0-860B-49A8-AFCF-3C69465B345F}

Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}

Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}

Windows Live Messenger-->MsiExec.exe /X{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}

Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}

Windows Live Messenger-->MsiExec.exe /X{4A275FD1-2F24-4274-8C01-813F5AD1A92D}

Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660}

Windows Live Messenger-->MsiExec.exe /X{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}

Windows Live Movie Maker-->MsiExec.exe /X{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}

Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

Windows Live Movie Maker-->MsiExec.exe /X{903EDF14-4E28-4463-AA5E-4AEE71C0263B}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}

Windows Live Photo Common-->MsiExec.exe /X{000F2A10-9CDF-47BF-9CF2-9AC87567B433}

Windows Live Photo Common-->MsiExec.exe /X{29373E24-AC72-424E-8F2A-FB0F9436F21F}

Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}

Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}

Windows Live Remote Client Resources-->MsiExec.exe /I{692CCE55-9EAE-4F57-A834-092882E7FE0B}

Windows Live Remote Client Resources-->MsiExec.exe /I{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client Resources-->MsiExec.exe /I{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}

Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}

Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service Resources-->MsiExec.exe /I{A679FBE4-BA2D-4514-8834-030982C8B31A}

Windows Live Remote Service Resources-->MsiExec.exe /I{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}

Windows Live Remote Service Resources-->MsiExec.exe /I{FAA3933C-6F0D-4350-B66B-9D7F7031343E}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{368BEC2C-B7A2-4762-9213-2D8465D533CA}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{D299197D-CDEA-41A6-A363-F532DE4114FD}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}

Windows Live Writer Resources-->MsiExec.exe /X{6807427D-8D68-4D30-AF5B-0B38F8F948C8}

Windows Live Writer Resources-->MsiExec.exe /X{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}

Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}

Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}

Windows Live Writer-->MsiExec.exe /X{317D56AC-0DB3-48F5-929A-42032DAC9AD7}

Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}

Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Live Writer-->MsiExec.exe /X{E62E0550-C098-43A2-B54B-03FB1E634483}

Windows Live 影像中心-->MsiExec.exe /X{EEF99142-3357-402C-B298-DEC303E12D92}

Windows Live 照片库-->MsiExec.exe /X{7B982EBD-D017-4527-BF1A-FC489EC6B100}

Windows Live 程式集-->MsiExec.exe /I{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}

Windows Live 软件包-->MsiExec.exe /I{03241D8D-2217-42F7-9FCB-6A68D141C14D}

Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}

Wireless Console 3-->MsiExec.exe /I{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}

用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)-->MsiExec.exe /I{F992409C-9D10-4AE2-BAEB-B5409AD3785E}

適用遠端連線的 Windows Live Mesh ActiveX 控制項-->MsiExec.exe /I{622DE1BE-9EDE-49D3-B349-29D64760342A}

======System event log======

Computer Name: Bob

Event Code: 37

Message: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Record Number: 35239

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120416173041.335016-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Bob

Event Code: 37

Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Record Number: 35238

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120416173041.225816-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Bob

Event Code: 37

Message: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Record Number: 35237

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120416173041.116616-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Bob

Event Code: 37

Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Record Number: 35236

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120416173041.007416-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Bob

Event Code: 3002

Message:

Record Number: 35225

Source Name: Microsoft Antimalware

Time Written: 20120416172936.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Frank

Event Code: 10005

Message: Product: iTunes -- This iTunes installer is intended for 32-bit versions of Windows. Please download and install the 64-bit iTunes installer instead.

Record Number: 1710

Source Name: MsiInstaller

Time Written: 20111010021031.000000-000

Event Type: Error

User: BOB\Greg

Computer Name: Frank

Event Code: 513

Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Trend Micro TDI Driver.

System Error:

The system cannot find the file specified.

.

Record Number: 1700

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111010014043.636087-000

Event Type: Error

User:

Computer Name: Frank

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

6 user registry handles leaked from \Registry\User\S-1-5-21-361652323-931365113-2029874430-1000:

Process 600 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000

Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000

Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000

Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000

Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Process 1868 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-361652323-931365113-2029874430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 1605

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20111009234726.179167-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Frank

Event Code: 11

Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 380) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 1562

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20111009234446.693060-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Frank

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 1559

Source Name: Microsoft-Windows-Search

Time Written: 20111009234432.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: Bob

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: BOB$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: Greg

Account Domain: BOB

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2d8

Process Name: C:\Windows\System32\winlogon.exe

Network Information:

Network Address: 127.0.0.1

Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 11044

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111201180113.758308-000

Event Type: Audit Success

User:

Computer Name: Bob

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: BOB$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {1C658B3C-ADF5-4C1B-91CE-1560F02ABC58}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 11043

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111201180040.015448-000

Event Type: Audit Success

User:

Computer Name: Bob

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-18

Account Name: BOB$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: {1C658B3C-ADF5-4C1B-91CE-1560F02ABC58}

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\Keys\024cf6b01063ff1a03efc7240ce6326a_206ef902-b43e-4037-95a8-c7489ffb6d95

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 11042

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111201180040.015448-000

Event Type: Audit Success

User:

Computer Name: Bob

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: 6b6fe468-9e4d-4678-afe5-e9f73a496cce

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 11041

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111201180025.258022-000

Event Type: Audit Success

User:

Computer Name: Bob

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: 6b6fe468-9e4d-4678-afe5-e9f73a496cce

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bc7d0e686c80dba8ec35905bf709301_206ef902-b43e-4037-95a8-c7489ffb6d95

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 11040

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111201180025.258022-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"configsetroot"=%SystemRoot%\ConfigSetRoot

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[Maurice Naggar]

That was a good run of TDSSKILLER. There's still a lot of work to do. Make sure you do NO websurfing, no online games, no online shopping, no online banking.

Only go to this forum and the websites I guide you to for tools.

Do NOT run any other tools on your own, nor make any changes without checking with me first.

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  Link 2
  Link 3
  Link 4
  
• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• If the tool does not run from any of the links provided, please let me know.
  
• If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  
• If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
  

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member paphofo only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy/Paste the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[paphofo]

Combofix ran successfully! Below is the log, and below that is the Rkill log.

ComboFix 12-08-21.02 - Greg 08/21/2012 17:18:31.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6149 [GMT -7:00]

Running from: C:\Users\Greg\Desktop\ComboFix.exe

Command switches used :: C:\Users\Greg\Desktop\ComboFix.exe

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\svchost.exe

((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))

2012-08-22 00:29:45 . 2012-08-22 00:29:45 -------- d-----w- C:\Users\Public\AppData\Local\temp

2012-08-22 00:29:45 . 2012-08-22 00:29:45 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-08-21 01:35:39 . 2012-08-21 01:35:51 -------- d-----w- C:\Program Files\trend micro

2012-08-21 01:35:38 . 2012-08-21 01:35:54 -------- d-----w- C:\rsit

2012-08-21 01:20:31 . 2012-08-21 01:20:31 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-18 18:28:17 . 2012-08-18 18:28:26 -------- d-----w- C:\FRST

2012-08-16 00:21:59 . 2012-08-16 00:21:59 -------- d-----w- C:\found.000

2012-08-15 03:14:27 . 2012-08-22 00:32:29 -------- d-----w- C:\Windows\system32\wbem\repository

2012-08-14 02:25:18 . 2012-08-14 02:25:30 -------- d-----w- C:\Program Files (x86)\ERUNT

2012-08-02 01:20:21 . 2012-08-02 01:20:35 -------- d-----w- C:\Program Files\iTunes

2012-08-02 01:20:21 . 2012-08-02 01:20:35 -------- d-----w- C:\Program Files (x86)\iTunes

2012-08-02 01:20:21 . 2012-08-02 01:20:21 -------- d-----w- C:\Program Files\iPod

2012-07-27 20:51:30 . 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 . 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

-----------------------------------------------------------------------------------------------------------------

Rkill 2.3.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 05:08:11 PM in x64 mode.

Windows Version: Windows 7 Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 2084) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = dword:00000000

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* BFE (BFE) is not Running.

Startup Type set to: Manual

* Windows Firewall Authorization Driver (mpsdrv) is not Running.

Startup Type set to: Manual

* BITS [Missing Service]

* CscService [Missing Service]

* iphlpsvc [Missing Service]

* MpsSvc [Missing Service]

* PeerDistSvc [Missing Service]

* UmRdpService [Missing Service]

* WinDefend [Missing Service]

* wscsvc [Missing Service]

* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

* BFE => . [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 05:08:25 PM

Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

[Maurice Naggar]

What you posted of Combofix.txt is NOT looking like the whole-entire contents.

If you cannot Copy all of it, then start a new reply by pressing More Reply Options button, and then use the Attach option to Upload the file C:\Combofix.txt

Post that and Tell me, How is the system now

[paphofo]

Recently when I've been rebooting, I've been receiving a screen (I've attached a photo). I have been hitting spacebar to skip the process because the times that I have not, My computer has invariably frozen and has not booted up.

I ran combofix, it wen through all of it's processes and rebooted. I received the message like always and skipped. Upon reboot, the combofix window came up again, but no processes ran and no text file was created. I remained infinitely patient, but after about a half hour, nothing had changed. Since combofix had failed for me multiple times, I closed the window. I then went through start>computer, and "searched computer" for combofix, where I located the combofix.txt file. I apologize if I did anything wrong, but combofix said that it should take ten to twenty minutes. I've attached the combofix.txt file.

Other than the screen at reboot, my computer is running alright. I use firefox to come here only and have not done any web browsing, but I have not received any more popups recently. I used to get popup tabs even when just coming here. Thank you for your work thus far.

Please let me know how to proceed.

ComboFix.txt

[Maurice Naggar]

Combofix can take as much as 40 to 50 minutes (or less), all depending on how fast your system is, and how many files are stored.

Looks like we are stuck with the short report.

For now, focus on the CHKDSK issue, which must be fixed.

You'll need to allow CHKDSK to run and to finish at the next Windows startup

Press Windows-key (or Start Orb), in the search box, type in

cmd.exe

and press Enter.

Then in command-prompt-window, type in

CHKDSK C: /F

and press Enter.

When prompted for run at next bootup, allow that. Logoff and Restart system and let Chkdsk run & finish

Advise me after this is completed, and then, also Tell me How is the system ?

Edited August 23, 2012 by Maurice Naggar

[paphofo]

I restarted, and DSKCHK ran what seemed like twice. Since then, my computer has not had many symptoms. The only issue is that I am not able to access this website via Firefox. The malwarebytes.org address will not load, and when I attempted to respond by coming directly to this thread's URL, I was not able to type anything in the text box. I am currently responding via Internet Explorer. Otherwise, I have no symptoms from the system.

[Maurice Naggar]

Make sure to delete temporary files in Firefox. FF >> press & hold Shift+CTRL+Delete keys >> delete temporary files.

Make sure your version of Firefox is fully up-to-date.

I can't tell what has happened to your FF. You may need to troubleshoot on your own.

Meantime, use Internet Explorer for our work.

Close and exit any open work documents or program windows you opened.

1a. Open Internet Explorer (only!) to http://support.microsoft.com/kb/910336 [ignore the title & Symptoms].

1b. Dismiss/close the "automated troubleshooter" pop-up! - then...

1c. Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT and then AGGRESSIVE modes. [1]

2. Reboot & then run a manual check for updates at Windows Update, etc., etc...

When you reach Windows Update, do a Custom scan for updates. Take (accept) the ones marked Critical or Important.

Decline any that are marked as "optional".

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that. Allow it to restart.

IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description (if you see it).

Please have good patience, this is not very complicated. Ask me if you have questions.

~~~~~~~~~~~~~~~

[1] Running the Fixit in aggressive mode will result in your history of installed MS updates to be "empty" when viewed online at Windows Updates.

What is actually installed on your system will not be affected.

[paphofo]

I attempted deleting temporary firefox files, and receieved a BSOD for about 1 second before my computer restarted, so I was unable to write down anything.

I then ran Fixit 50202 default and received the message "Service BITS failed to start. Verify that you have sufficient priveleges to start system service." I hit try again, and the same outcome repeated. I then ran Fixit 50202 aggressive and received the same message.

When I ran windows update there wer 16 important updates that I tried to install, and I received an error (code 80246008- unknown error).