Jump to content

Cpu at 0% , possible virus.


Recommended Posts

Computer ran fine yesterday, windows did an auto update, but since I was using the computer I put off the restart. I finished using it then shut it down. When I went to restart this morning it first took forever to finish startup, cpu was around 30-40% then dropped to like 3-8% then 0%, at this point I couldn't do anything but move the mouse around. Memory usage was normal. Resarted and it finish the startup process faster, but after a couple minutes same thing, had to do a hard shutdown/restart both times. Now running in safe mode and everything is fine. Ran malware on a flash and quick scan and it found 2 things each time which I had removed. Running a full scan now. Don't know what to do next system still doing the same thing when system started normally, freezes up after a couple minutes. Tried to do a system restore but there are no restore points. Any help would be appreciated.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Gabe at 10:28:12 on 2012-12-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2750 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

ustart page = hxxp://www.yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: BHOImpl Class: {e1499fe7-129d-4b6e-b681-ddf21e14172c} - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\HP\KBD\KbdStub.EXE

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Gabe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\Gabe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{08091957-9E01-4E53-BC46-58B1512E09AA} : DhcpNameServer = 68.87.76.178 68.87.66.196

TCP: Interfaces\{609B0F00-9BE9-411A-A0BE-97FFF44B72FA} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9960855F-E35C-4EE9-824E-3A7ACE4E8FE1} : DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1

TCP: Interfaces\{9E943C9C-E904-475D-A33D-237E82F9A2A2} : DhcpNameServer = 68.87.76.178 68.87.66.196

TCP: Interfaces\{A8408455-213E-4B24-9A40-41C81F79FCC0} : DhcpNameServer = 68.87.76.178 68.87.66.196 192.168.0.1

TCP: Interfaces\{DAAA46B2-1052-4BD0-AEFD-8773A70CF0DF} : DhcpNameServer = 68.87.76.178 68.87.66.196

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO-X64: NCO 2.0 IE BHO - No File

BHO-X64: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll

BHO-X64: iToolsBHO - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppInit_DLLs-X64: c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\

FF - prefs.js: browser.search.selectedEngine - appbario7 Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&q=

FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\Gabe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Users\Gabe\Documents\iTools\Plugin\npiTools.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate1c9869ed01db30;Google Update Service (gupdate1c9869ed01db30);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-3 133104]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-16 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250808]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-3 133104]

S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-20 52832]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 115168]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\WUSB54GCx64.sys --> C:\Windows\system32\DRIVERS\WUSB54GCx64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-12-22 23:47:04 -------- d-----w- C:\Users\Gabe\AppData\Roaming\JawboneUpdater

2012-12-22 23:47:03 -------- d-----w- C:\Program Files (x86)\Jawbone

2012-12-22 23:42:42 48128 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 23:42:42 368128 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 23:42:42 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 23:42:42 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-21 17:05:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BE9F8F4-3AE1-496F-9125-B63FF0E170F8}\mpengine.dll

2012-12-21 05:06:24 -------- d-----w- C:\Program Files (x86)\Temp

2012-12-21 05:05:14 -------- d-----w- C:\Users\Gabe\AppData\Local\Wondershare

2012-12-21 05:05:14 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-12-21 05:05:11 52832 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys

2012-12-21 05:05:09 -------- d--h--w- C:\Program Files (x86)\Dr.Fone_Temp

2012-12-21 05:05:09 -------- d-----w- C:\Program Files (x86)\Wondershare

2012-12-20 08:05:37 -------- d-----w- C:\ProgramData\ClubSanDisk

2012-12-20 07:41:12 -------- d-----w- C:\Users\Gabe\AppData\Local\Wide_Angle_Software_Ltd

2012-12-20 07:39:41 -------- d-----w- C:\Users\Gabe\AppData\Local\Wide Angle Software

2012-12-20 07:39:02 -------- d-----w- C:\Program Files (x86)\Wide Angle Software

2012-12-20 07:22:17 -------- d-----w- C:\Users\Gabe\AppData\Roaming\PerformerSoft

2012-12-20 07:22:15 19000 ----a-w- C:\Windows\System32\roboot64.exe

2012-12-20 07:21:58 -------- d-----w- C:\Program Files (x86)\Reincubate

2012-12-14 15:48:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-14 04:40:38 -------- d-----w- C:\Program Files\iPod

2012-12-14 04:40:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-14 04:40:35 -------- d-----w- C:\Program Files\iTunes

2012-12-14 04:40:35 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-13 17:02:29 267648 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2012-12-13 17:02:24 2770432 ----a-w- C:\Windows\System32\win32k.sys

2012-12-13 17:02:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 17:02:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 17:02:09 68096 ----a-w- C:\Windows\System32\dpnathlp.dll

2012-12-13 17:02:09 477696 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 17:02:08 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-13 17:02:08 26112 ----a-w- C:\Windows\System32\dpnsvr.exe

2012-12-13 17:02:08 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe

2012-12-06 22:06:19 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-11-29 20:20:48 -------- d-----w- C:\Users\Gabe\NabiSync

2012-11-29 20:20:44 -------- d-----w- C:\Users\Gabe\AppData\Roaming\NabiSync

2012-11-29 20:20:43 -------- d-----w- C:\Users\Gabe\.junique

2012-11-29 20:19:21 -------- d-----w- C:\Program Files (x86)\nabi

2012-11-29 19:54:54 76384 ----a-w- C:\Windows\System32\libusb0.dll

2012-11-29 19:54:54 67680 ----a-w- C:\Windows\SysWow64\libusb0.dll

2012-11-29 19:54:54 52320 ----a-w- C:\Windows\System32\drivers\libusb0.sys

2012-11-28 18:36:23 -------- d-----w- C:\Users\Gabe\AppData\Roaming\YourFileDownloader

2012-11-28 18:36:23 -------- d-----w- C:\Program Files (x86)\YourFileDownloader

2012-11-28 18:33:42 -------- d-----w- C:\Users\Gabe\AppData\Local\MediaGet2

2012-11-28 18:33:42 -------- d-----w- C:\Users\Gabe\AppData\Local\Media Get LLC

.

==================== Find3M ====================

.

2012-12-12 02:25:12 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 02:25:12 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-06 22:06:06 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-12-06 22:06:06 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 18:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

.

============= FINISH: 10:28:32.10 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/23/2008 7:33:52 PM

System Uptime: 12/24/2012 9:59:44 AM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2499/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 227.036 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.753 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is Removable

M: is FIXED (NTFS) - 932 GiB total, 313.941 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

A-PDF Restrictions Remover 1.6

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Media Player

Adobe Photoshop CS2

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

Adobe Stock Photos 1.0

AIO_Scan

Apple Application Support

Apple Software Update

ArcSoft Magic-i 3

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

AVI ReComp 1.4.5

AviSynth 2.5

Azkend

BufferChm

C4200

c4200_Help

Cards_Calendar_OrderGift_DoMorePlugout

CDBurnerXP

Compatibility Pack for the 2007 Office system

ConvertHelper 2.2

ConvertXtoDVD 3.3.4.107

Copy

Coupon Printer for Windows

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

Destination Component

Dev-C++ 5 beta 9 release (4.9.9.2)

DeviceDiscovery

DeviceManagementQFolder

DivX Converter

DivX Player

DivX Setup

DocProc

DocProcQFolder

DVDFab 8.0.0.5 (25/08/2010)

DVDFab 8.2.0.8 (29/08/2012) Qt

Enhanced Multimedia Keyboard Solution

eReg

erLT

eSupportQFolder

Freelang Dictionary (wordlist)

Freelang Dictionary 3.74 beta

GoldWave v5.25

Google Chrome

Google Earth

Google Update Helper

Google Updater

Hardware Diagnostic Tools

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Button Manager

HP Customer Experience Enhancements

HP Customer Feedback

HP Demo

HP Games

HP Photosmart Essential

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Assistant

HP Recovery Manager RSS

HP Total Care Advisor

HP Update

HP USB Disk Storage Format Tool

HP Webcam User's Guide

HPAsset component for HP Active Support Library

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

HPTCSSetup

iTunes DB Cloner

Java 7 Update 7

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

JavaFX 2.1.1

Jawbone Updater

KC Softwares VideoInspector

LabelPrint

LightScribe System Software

LightScribeTemplateLabeler

Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

nabi Sync 1.0

neroxml

PDF Settings CS5

Photo Viewer 2.3

Plants vs. Zombies

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

PxMergeModule

Python 2.5.2

QuickTime

Realtek High Definition Audio Driver

Save Flash 4.1

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Skype™ 5.10

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 8

Status

swMSM

System Requirements Lab

System Requirements Lab CYRI

Toolbox

TrayApp

TreeSize Personal 5.2.3

Trine

UltraISO Premium V9.33

Unity Web Player

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.4

VobSub 2.23

WebEx

WebReg

Windows 7 Upgrade Advisor

Windows Live OneCare safety scanner

Windows Media Player Firefox Plugin

WinRAR archiver

WinZip 16.0

Wondershare Dr.Fone(Build 1.0.2.5)

Xilisoft Video Converter Ultimate

XP Codec Pack

Xvid 1.2.1

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

12/24/2012 9:53:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

12/24/2012 9:53:45 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

12/24/2012 9:36:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:06 AM on 12/24/2012 was unexpected.

12/24/2012 9:22:20 AM, Error: EventLog [6008] - The previous system shutdown at 9:08:45 AM on 12/24/2012 was unexpected.

12/24/2012 9:01:02 AM, Error: EventLog [6008] - The previous system shutdown at 8:51:42 AM on 12/24/2012 was unexpected.

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2698023).

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2656370).

12/24/2012 8:32:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/24/2012 8:30:41 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/24/2012 8:14:51 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

12/24/2012 8:12:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

12/24/2012 8:12:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

12/24/2012 8:11:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.

12/24/2012 8:11:16 AM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:11:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:01:28 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

12/24/2012 10:24:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/24/2012 10:01:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep MpFilter spldr vmm Wanarpv6

12/24/2012 10:01:58 AM, Error: Service Control Manager [7023] -

12/24/2012 10:01:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/24/2012 10:01:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/24/2012 10:01:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/24/2012 10:01:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/24/2012 10:00:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/24/2012 10:00:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:57:30 AM on 12/24/2012 was unexpected.

12/22/2012 10:25:11 PM, Error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.

12/20/2012 7:52:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/19/2012 9:24:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/19/2012 9:16:15 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

Do not try any further "restores. Do not do any "fixes" on your own.

As much as we may dislike it, allowing a very prompt Restart when a Windows Update or Automatic Update has finished is "highly recommended" and IS the best practice. As many knowledgeable colleagues will attest. A healthy respect for Windows Updates will serve well.

You have at least 1 issue of failing Windows Updates.

Have you used any sort of registry cleaner? tweaker? I need to know the name & when used.

And Stop using any registry tool, of whatever kind.

You must deinstall (remove) µTorrent before we get going much further.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

xmas.gif

Link to post
Share on other sites

Utorrent was removed yesterday before I posted. I haven't run any registry cleaners or tweakers. I did run roguekiller, combofix and adwcleaner after posting to the forum , here are the new dds logs.

dds:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Gabe at 8:22:54 on 2012-12-25

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.3022 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

ustart page = hxxp://www.yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: BHOImpl Class: {e1499fe7-129d-4b6e-b681-ddf21e14172c} - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\HP\KBD\KbdStub.EXE

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Gabe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\Gabe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{08091957-9E01-4E53-BC46-58B1512E09AA} : DhcpNameServer = 68.87.76.178 68.87.66.196

TCP: Interfaces\{609B0F00-9BE9-411A-A0BE-97FFF44B72FA} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9960855F-E35C-4EE9-824E-3A7ACE4E8FE1} : DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1

TCP: Interfaces\{9E943C9C-E904-475D-A33D-237E82F9A2A2} : DhcpNameServer = 68.87.76.178 68.87.66.196

TCP: Interfaces\{A8408455-213E-4B24-9A40-41C81F79FCC0} : DhcpNameServer = 68.87.76.178 68.87.66.196 192.168.0.1

TCP: Interfaces\{DAAA46B2-1052-4BD0-AEFD-8773A70CF0DF} : DhcpNameServer = 68.87.76.178 68.87.66.196

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO-X64: NCO 2.0 IE BHO - No File

BHO-X64: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll

BHO-X64: iToolsBHO - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppInit_DLLs-X64: c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com

FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\Gabe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Users\Gabe\Documents\iTools\Plugin\npiTools.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate1c9869ed01db30;Google Update Service (gupdate1c9869ed01db30);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-3 133104]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-16 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250808]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-3 133104]

S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-20 52832]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 115168]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\WUSB54GCx64.sys --> C:\Windows\system32\DRIVERS\WUSB54GCx64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-12-24 21:04:51 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-24 20:34:47 -------- d-----w- C:\Users\Gabe\AppData\Local\temp

2012-12-22 23:47:04 -------- d-----w- C:\Users\Gabe\AppData\Roaming\JawboneUpdater

2012-12-22 23:47:03 -------- d-----w- C:\Program Files (x86)\Jawbone

2012-12-22 23:42:42 48128 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 23:42:42 368128 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 23:42:42 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 23:42:42 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-21 17:05:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BE9F8F4-3AE1-496F-9125-B63FF0E170F8}\mpengine.dll

2012-12-21 05:06:24 -------- d-----w- C:\Program Files (x86)\Temp

2012-12-21 05:05:14 -------- d-----w- C:\Users\Gabe\AppData\Local\Wondershare

2012-12-21 05:05:14 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-12-21 05:05:11 52832 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys

2012-12-21 05:05:09 -------- d--h--w- C:\Program Files (x86)\Dr.Fone_Temp

2012-12-21 05:05:09 -------- d-----w- C:\Program Files (x86)\Wondershare

2012-12-20 08:05:37 -------- d-----w- C:\ProgramData\ClubSanDisk

2012-12-20 07:41:12 -------- d-----w- C:\Users\Gabe\AppData\Local\Wide_Angle_Software_Ltd

2012-12-20 07:39:41 -------- d-----w- C:\Users\Gabe\AppData\Local\Wide Angle Software

2012-12-20 07:39:02 -------- d-----w- C:\Program Files (x86)\Wide Angle Software

2012-12-20 07:22:15 19000 ----a-w- C:\Windows\System32\roboot64.exe

2012-12-20 07:21:58 -------- d-----w- C:\Program Files (x86)\Reincubate

2012-12-14 15:48:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-14 04:40:38 -------- d-----w- C:\Program Files\iPod

2012-12-14 04:40:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-14 04:40:35 -------- d-----w- C:\Program Files\iTunes

2012-12-14 04:40:35 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-13 17:02:29 267648 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2012-12-13 17:02:24 2770432 ----a-w- C:\Windows\System32\win32k.sys

2012-12-13 17:02:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 17:02:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 17:02:09 68096 ----a-w- C:\Windows\System32\dpnathlp.dll

2012-12-13 17:02:09 477696 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 17:02:08 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-13 17:02:08 26112 ----a-w- C:\Windows\System32\dpnsvr.exe

2012-12-13 17:02:08 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe

2012-12-06 22:06:19 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-29 21:14:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-11-29 20:20:48 -------- d-----w- C:\Users\Gabe\NabiSync

2012-11-29 20:20:44 -------- d-----w- C:\Users\Gabe\AppData\Roaming\NabiSync

2012-11-29 20:20:43 -------- d-----w- C:\Users\Gabe\.junique

2012-11-29 20:19:21 -------- d-----w- C:\Program Files (x86)\nabi

2012-11-29 19:54:54 76384 ----a-w- C:\Windows\System32\libusb0.dll

2012-11-29 19:54:54 67680 ----a-w- C:\Windows\SysWow64\libusb0.dll

2012-11-29 19:54:54 52320 ----a-w- C:\Windows\System32\drivers\libusb0.sys

2012-11-28 18:33:42 -------- d-----w- C:\Users\Gabe\AppData\Local\MediaGet2

2012-11-28 18:33:42 -------- d-----w- C:\Users\Gabe\AppData\Local\Media Get LLC

.

==================== Find3M ====================

.

2012-12-12 02:25:12 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 02:25:12 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-06 22:06:06 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-12-06 22:06:06 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 18:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

.

============= FINISH: 8:25:07.02 ===============

attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/23/2008 7:33:52 PM

System Uptime: 12/25/2012 8:07:41 AM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2499/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 227.276 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.753 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is Removable

M: is FIXED (NTFS) - 932 GiB total, 313.941 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

A-PDF Restrictions Remover 1.6

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Media Player

Adobe Photoshop CS2

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

Adobe Stock Photos 1.0

AIO_Scan

Apple Application Support

Apple Software Update

ArcSoft Magic-i 3

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

AVI ReComp 1.4.5

AviSynth 2.5

Azkend

BufferChm

C4200

c4200_Help

Cards_Calendar_OrderGift_DoMorePlugout

CDBurnerXP

Compatibility Pack for the 2007 Office system

ConvertHelper 2.2

ConvertXtoDVD 3.3.4.107

Copy

Coupon Printer for Windows

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

Destination Component

Dev-C++ 5 beta 9 release (4.9.9.2)

DeviceDiscovery

DeviceManagementQFolder

DivX Converter

DivX Player

DivX Setup

DocProc

DocProcQFolder

DVDFab 8.0.0.5 (25/08/2010)

DVDFab 8.2.0.8 (29/08/2012) Qt

Enhanced Multimedia Keyboard Solution

eReg

erLT

eSupportQFolder

Freelang Dictionary (wordlist)

Freelang Dictionary 3.74 beta

GoldWave v5.25

Google Chrome

Google Earth

Google Update Helper

Google Updater

Hardware Diagnostic Tools

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Button Manager

HP Customer Experience Enhancements

HP Customer Feedback

HP Demo

HP Games

HP Photosmart Essential

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Assistant

HP Recovery Manager RSS

HP Total Care Advisor

HP Update

HP USB Disk Storage Format Tool

HP Webcam User's Guide

HPAsset component for HP Active Support Library

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

HPTCSSetup

iTunes DB Cloner

Java 7 Update 7

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

JavaFX 2.1.1

Jawbone Updater

KC Softwares VideoInspector

LabelPrint

LightScribe System Software

LightScribeTemplateLabeler

Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

nabi Sync 1.0

neroxml

PDF Settings CS5

Photo Viewer 2.3

Plants vs. Zombies

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

PxMergeModule

Python 2.5.2

QuickTime

Realtek High Definition Audio Driver

Save Flash 4.1

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Skype™ 5.10

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 8

Status

swMSM

System Requirements Lab

System Requirements Lab CYRI

Toolbox

TrayApp

TreeSize Personal 5.2.3

Trine

UltraISO Premium V9.33

Unity Web Player

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.4

VobSub 2.23

WebEx

WebReg

Windows 7 Upgrade Advisor

Windows Live OneCare safety scanner

Windows Media Player Firefox Plugin

WinRAR archiver

WinZip 16.0

Wondershare Dr.Fone(Build 1.0.2.5)

Xilisoft Video Converter Ultimate

XP Codec Pack

Xvid 1.2.1

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

12/25/2012 8:10:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep MpFilter spldr vmm Wanarpv6

12/25/2012 8:10:04 AM, Error: Service Control Manager [7023] -

12/25/2012 8:10:04 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2012 8:09:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/25/2012 8:09:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/25/2012 8:09:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/25/2012 8:09:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/25/2012 8:08:43 AM, Error: EventLog [6008] - The previous system shutdown at 1:46:42 PM on 12/24/2012 was unexpected.

12/24/2012 9:36:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:06 AM on 12/24/2012 was unexpected.

12/24/2012 9:22:20 AM, Error: EventLog [6008] - The previous system shutdown at 9:08:45 AM on 12/24/2012 was unexpected.

12/24/2012 9:01:02 AM, Error: EventLog [6008] - The previous system shutdown at 8:51:42 AM on 12/24/2012 was unexpected.

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2698023).

12/24/2012 8:33:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2656370).

12/24/2012 8:32:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/24/2012 8:30:41 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/24/2012 8:14:51 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

12/24/2012 8:12:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

12/24/2012 8:12:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

12/24/2012 8:11:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.

12/24/2012 8:11:16 AM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:11:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:08:08 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/24/2012 8:01:28 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

12/24/2012 12:32:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/24/2012 12:31:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/24/2012 10:24:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/24/2012 10:00:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:57:30 AM on 12/24/2012 was unexpected.

12/24/2012 1:36:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

12/24/2012 1:36:21 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

12/24/2012 1:26:27 PM, Error: EventLog [6008] - The previous system shutdown at 1:18:11 PM on 12/24/2012 was unexpected.

12/22/2012 10:25:11 PM, Error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.

12/20/2012 7:52:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/19/2012 9:24:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/19/2012 9:16:15 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to post
Share on other sites

These are the logs from combofix and roguekiller.

Combofix:

ComboFix 12-12-23.01 - Gabe 12/24/2012 12:20:54.2.2 - x64 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2568 [GMT -8:00]

Running from: c:\users\Gabe\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Gabe\AppData\Roaming\vso_ts_preview.xml

.

.

((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))

.

.

2012-12-24 20:32 . 2012-12-24 20:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-12-24 20:32 . 2012-12-24 20:32 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-12-24 20:32 . 2012-12-24 20:32 -------- d-----w- c:\users\Gabe\AppData\Local\temp

2012-12-24 20:32 . 2012-12-24 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-24 20:32 . 2012-12-24 20:32 -------- d-----w- c:\users\AppData\AppData\Local\temp

2012-12-22 23:47 . 2012-12-22 23:48 -------- d-----w- c:\users\Gabe\AppData\Roaming\JawboneUpdater

2012-12-22 23:47 . 2012-12-22 23:48 -------- d-----w- c:\program files (x86)\Jawbone

2012-12-22 23:42 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 23:42 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 23:42 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 23:42 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-21 17:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE9F8F4-3AE1-496F-9125-B63FF0E170F8}\mpengine.dll

2012-12-21 05:06 . 2012-12-21 05:06 -------- d-----w- c:\program files (x86)\Temp

2012-12-21 05:05 . 2012-12-21 05:05 -------- d-----w- c:\users\Gabe\AppData\Local\Wondershare

2012-12-21 05:05 . 2012-12-21 05:05 -------- d-----w- c:\program files (x86)\Common Files\Wondershare

2012-12-21 05:05 . 2012-09-22 01:50 52832 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys

2012-12-21 05:05 . 2012-12-21 05:05 -------- d--h--w- c:\program files (x86)\Dr.Fone_Temp

2012-12-21 05:05 . 2012-12-21 05:05 -------- d-----w- c:\program files (x86)\Wondershare

2012-12-20 08:05 . 2012-12-20 08:05 -------- d-----w- c:\programdata\ClubSanDisk

2012-12-20 07:41 . 2012-12-20 07:41 -------- d-----w- c:\users\Gabe\AppData\Local\Wide_Angle_Software_Ltd

2012-12-20 07:39 . 2012-12-20 08:01 -------- d-----w- c:\users\Gabe\AppData\Local\Wide Angle Software

2012-12-20 07:39 . 2012-12-20 07:39 -------- d-----w- c:\program files (x86)\Wide Angle Software

2012-12-20 07:22 . 2012-12-20 08:00 -------- d-----w- c:\users\Gabe\AppData\Roaming\PerformerSoft

2012-12-20 07:22 . 2012-03-14 23:47 19000 ----a-w- c:\windows\system32\roboot64.exe

2012-12-20 07:21 . 2012-12-20 15:48 -------- d-----w- c:\program files (x86)\Reincubate

2012-12-14 15:48 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-14 15:47 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-12-14 15:47 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-12-14 04:40 . 2012-12-14 04:40 -------- d-----w- c:\program files\iPod

2012-12-14 04:40 . 2012-12-14 04:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-14 04:40 . 2012-12-14 04:41 -------- d-----w- c:\program files\iTunes

2012-12-14 04:40 . 2012-12-14 04:41 -------- d-----w- c:\program files (x86)\iTunes

2012-12-13 17:02 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll

2012-12-13 17:02 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 17:02 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys

2012-12-13 17:02 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-13 17:02 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-13 17:02 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 17:02 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll

2012-12-13 17:02 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-13 17:02 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-13 17:02 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe

2012-12-06 22:06 . 2012-12-06 22:06 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-06 22:04 . 2012-12-06 22:04 -------- d-----w- c:\programdata\McAfee

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-29 21:14 . 2012-11-29 21:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-11-29 21:13 . 2012-11-29 21:14 -------- d-----w- c:\program files (x86)\QuickTime

2012-11-29 20:20 . 2012-11-29 20:20 -------- d-----w- c:\users\Gabe\NabiSync

2012-11-29 20:20 . 2012-11-29 20:20 -------- d-----w- c:\users\Gabe\AppData\Roaming\NabiSync

2012-11-29 20:20 . 2012-11-29 20:56 -------- d-----w- c:\users\Gabe\.junique

2012-11-29 20:19 . 2012-11-29 20:19 -------- d-----w- c:\program files (x86)\nabi

2012-11-29 19:54 . 2012-11-29 19:54 76384 ----a-w- c:\windows\system32\libusb0.dll

2012-11-29 19:54 . 2012-11-29 19:54 67680 ----a-w- c:\windows\SysWow64\libusb0.dll

2012-11-29 19:54 . 2012-11-29 19:54 52320 ----a-w- c:\windows\system32\drivers\libusb0.sys

2012-11-28 18:36 . 2012-11-28 18:37 -------- d-----w- c:\program files (x86)\YourFileDownloader

2012-11-28 18:36 . 2012-11-28 18:36 -------- d-----w- c:\users\Gabe\AppData\Roaming\YourFileDownloader

2012-11-28 18:33 . 2012-11-28 18:33 -------- d-----w- c:\users\Gabe\AppData\Local\MediaGet2

2012-11-28 18:33 . 2012-11-28 18:33 -------- d-----w- c:\users\Gabe\AppData\Local\Media Get LLC

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 15:57 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe

2012-12-12 02:25 . 2012-03-29 15:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 02:25 . 2011-05-15 14:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-06 22:06 . 2012-06-13 21:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-06 22:06 . 2010-05-04 07:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-09-30 02:54 . 2011-12-16 22:24 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 18:32 . 2012-09-28 18:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 18:32 . 2012-09-28 18:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:25]

.

2012-12-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 15:38]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-04 07:56]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-04 07:56]

.

2012-12-02 c:\windows\Tasks\HPCeeScheduleForGabe.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2002-08-27 03:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-04 182808]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 202264]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

ustart page = hxxp://www.yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\

FF - prefs.js: browser.search.selectedEngine - appbario7 Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&q=

FF - ExtSQL: 2012-12-19 23:56; {6926c7f7-6006-42d1-b046-eba1b3010315}; c:\users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\extensions\{6926c7f7-6006-42d1-b046-eba1b3010315}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe

AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\544039282\Files (x86)\Common Files\Adobe\AGL;c:\windows\System32\WindowsPowerShell\v1.0;c:\program files (x86)\QuickTime\QTSystem;c:\program files (x86)\QuickTime\QTSystem\*PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC*PCBRAND=Pavilion*Platform=HPD*P]

"JoinUserExperience"=dword:00000001

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-12-24 12:34:45

ComboFix-quarantined-files.txt 2012-12-24 20:34

ComboFix2.txt 2012-09-20 21:01

.

Pre-Run: 243,781,234,688 bytes free

Post-Run: 243,868,553,216 bytes free

.

- - End Of File - - 76C34E3654482CC7ADA607DA36FFEBB8

roguekiller:

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Gabe [Admin rights]

Mode : Scan -- Date : 12/24/2012 13:08:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500620AS +++++

--- User ---

[MBR] 4022022e0e1dbda7e682e78ec22d07d6

[bSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463853 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949971645 | Size: 13084 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++

--- User ---

[MBR] 172557970584aa248ba2ff9d57981e32

[bSP] 611b473803c75b455fb775401791d7a0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_12242012_02d1308.txt >>

RKreport[1]_S_12242012_02d1308.txt

Link to post
Share on other sites

Do NOT run any other tools on your own. In the same spirit, make no changes or additions on software or hardware without first checking with me !!

Follow my guidance.....please, and only my guidance. We have to stay in-sync.

As much as possible, I must ask that you keep your Windows in normal mode ----not in safe mode.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

next:

Do this batch run and advise me after it is completed.

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc config bfe start= auto
    sc start mpsdrv
    sc start mpssvc
    sc start bfe
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

NEXT:

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
    See this reference http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-anti-malware-on-infected-systems and start Malwarebytes Anti-Malware Chameleon
  2. Once the Help file opens, click on a Chameleon button (starting with #1)
  3. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  4. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. at the top
  5. Press any key to continue as it says in the window {space-bar will do}
  6. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  7. Have infinite patience during this process
  8. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  9. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  10. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  11. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  12. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  13. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  14. If prompted to restart your computer to complete the removal process, click Yes :excl:
  15. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  16. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

xmas.gif

Link to post
Share on other sites

Ok, ran rkill, here is the log:

rkill.txt

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/26/2012 01:19:12 PM in x64 mode.

Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.

Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (AFD) is not Running.

Startup Type set to: Automatic (Delayed Start)

* iphlpsvc [Missing Service]

* msiserver => %systemroot%\system32\msiexec.exe /V [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/26/2012 01:19:17 PM

Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

Link to post
Share on other sites

I ran the fix.bat as an admin and it ran and restarted windows. I then ran the chameleon and it ran from the first link and said no updates were needed. Ran a quickscan and found nothing. It resarted and came to the updating 1 of 3 screen and hung for an hour doing nothing else, so I did a hard reset and windows started up normally, no issues so far. Ran another quick scan and nothing.

I did start up in safe mode when I got the email with all your directions on my phone so that I could download all the files I needed, prepare the bat file and disable firewall and anti-malware. When I opened up malware bytes there were about 5 files in the quarantine tab. A couple were pups ( no idea what that is) So I deleted them and restarted normally and then followed your instructions. I ran a scan when it first started to slow and freeze up, but had to restart because it completely froze, i'm guessing that's when malwarebytes found those files.

Everything semms to be running fine so far in normal mode. There are 3 updates available, 2 are security updates for microsoft .net framework and the other is a security update for microsoft works. Should I update these.

Thanks for the help so far, it is much appreciated, especially around the holidays, your awesome.

Link to post
Share on other sites

Tried to install all the updates, but system froze up before it could finish, was not running anything else. Started up system, opened windows update, installed the updates and let it run. Ran for about 5 minutes before it got stuck on the 2nd update. Restarted and decided to download and install one at a time. Downloaded 1st update for microsoft framework and came up with an error when trying to install. error 0000064 , I think it was.

Link to post
Share on other sites

Let's put Windows Update issue aside for now, until after we insure there's no malware.

If you have a previous copy of TDSSKILLER.exe then delete it now.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Ok, here's the log

TDSSKiller:

07:56:18.0363 2472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:56:18.0940 2472 ============================================================

07:56:18.0940 2472 Current date / time: 2012/12/29 07:56:18.0940

07:56:18.0940 2472 SystemInfo:

07:56:18.0940 2472

07:56:18.0940 2472 OS Version: 6.0.6002 ServicePack: 2.0

07:56:18.0940 2472 Product type: Workstation

07:56:18.0940 2472 ComputerName: GABES-PC

07:56:18.0940 2472 UserName: Gabe

07:56:18.0940 2472 Windows directory: C:\Windows

07:56:18.0940 2472 System windows directory: C:\Windows

07:56:18.0940 2472 Running under WOW64

07:56:18.0940 2472 Processor architecture: Intel x64

07:56:18.0940 2472 Number of processors: 2

07:56:18.0940 2472 Page size: 0x1000

07:56:18.0940 2472 Boot type: Normal boot

07:56:18.0940 2472 ============================================================

07:56:20.0157 2472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:56:20.0172 2472 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:56:20.0188 2472 Drive \Device\Harddisk2\DR2 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:56:20.0250 2472 ============================================================

07:56:20.0250 2472 \Device\Harddisk0\DR0:

07:56:20.0266 2472 MBR partitions:

07:56:20.0266 2472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389F6A7E

07:56:20.0266 2472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x389F6ABD, BlocksNum 0x198E184

07:56:20.0266 2472 \Device\Harddisk1\DR1:

07:56:20.0266 2472 MBR partitions:

07:56:20.0266 2472 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

07:56:20.0266 2472 \Device\Harddisk2\DR2:

07:56:20.0266 2472 MBR partitions:

07:56:20.0266 2472 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

07:56:20.0266 2472 ============================================================

07:56:20.0359 2472 C: <-> \Device\Harddisk0\DR0\Partition1

07:56:20.0609 2472 D: <-> \Device\Harddisk0\DR0\Partition2

07:56:20.0874 2472 J: <-> \Device\Harddisk2\DR2\Partition1

07:56:20.0890 2472 M: <-> \Device\Harddisk1\DR1\Partition1

07:56:20.0890 2472 ============================================================

07:56:20.0890 2472 Initialize success

07:56:20.0890 2472 ============================================================

07:56:26.0833 3248 ============================================================

07:56:26.0833 3248 Scan started

07:56:26.0833 3248 Mode: Manual;

07:56:26.0833 3248 ============================================================

07:56:28.0799 3248 ================ Scan system memory ========================

07:56:28.0799 3248 System memory - ok

07:56:28.0799 3248 ================ Scan services =============================

07:56:29.0033 3248 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

07:56:29.0033 3248 ACDaemon - ok

07:56:29.0454 3248 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

07:56:29.0470 3248 ACPI - ok

07:56:29.0532 3248 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

07:56:29.0548 3248 Adobe LM Service - ok

07:56:29.0751 3248 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

07:56:29.0797 3248 AdobeFlashPlayerUpdateSvc - ok

07:56:29.0875 3248 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

07:56:29.0891 3248 adp94xx - ok

07:56:29.0938 3248 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

07:56:29.0938 3248 adpahci - ok

07:56:29.0969 3248 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

07:56:29.0969 3248 adpu160m - ok

07:56:30.0000 3248 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

07:56:30.0000 3248 adpu320 - ok

07:56:30.0031 3248 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

07:56:30.0031 3248 AeLookupSvc - ok

07:56:30.0172 3248 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys

07:56:30.0187 3248 Afc - ok

07:56:30.0281 3248 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

07:56:30.0312 3248 AFD - ok

07:56:30.0375 3248 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

07:56:30.0375 3248 agp440 - ok

07:56:30.0390 3248 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

07:56:30.0406 3248 aic78xx - ok

07:56:30.0421 3248 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

07:56:30.0437 3248 ALG - ok

07:56:30.0453 3248 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

07:56:30.0453 3248 aliide - ok

07:56:30.0468 3248 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

07:56:30.0468 3248 amdide - ok

07:56:30.0484 3248 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

07:56:30.0484 3248 AmdK8 - ok

07:56:30.0531 3248 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

07:56:30.0546 3248 Appinfo - ok

07:56:30.0687 3248 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:56:30.0702 3248 Apple Mobile Device - ok

07:56:30.0827 3248 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

07:56:30.0827 3248 arc - ok

07:56:30.0874 3248 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

07:56:30.0874 3248 arcsas - ok

07:56:30.0921 3248 [ 49F9005ADFBF19D09D9C465099271E7E ] ARCSOFTVIRTUALCAPTURE C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys

07:56:30.0921 3248 ARCSOFTVIRTUALCAPTURE - ok

07:56:31.0045 3248 aspnet_state - ok

07:56:31.0092 3248 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

07:56:31.0108 3248 AsyncMac - ok

07:56:31.0155 3248 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys

07:56:31.0155 3248 atapi - ok

07:56:31.0233 3248 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

07:56:31.0233 3248 AudioEndpointBuilder - ok

07:56:31.0248 3248 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

07:56:31.0248 3248 AudioSrv - ok

07:56:31.0248 3248 Beep - ok

07:56:31.0357 3248 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

07:56:31.0404 3248 BFE - ok

07:56:31.0482 3248 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

07:56:31.0513 3248 BITS - ok

07:56:31.0529 3248 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

07:56:31.0529 3248 blbdrive - ok

07:56:31.0607 3248 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

07:56:31.0623 3248 Bonjour Service - ok

07:56:31.0685 3248 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

07:56:31.0685 3248 bowser - ok

07:56:31.0732 3248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

07:56:31.0732 3248 BrFiltLo - ok

07:56:31.0747 3248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

07:56:31.0747 3248 BrFiltUp - ok

07:56:31.0779 3248 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

07:56:31.0779 3248 Browser - ok

07:56:31.0825 3248 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

07:56:31.0825 3248 Brserid - ok

07:56:31.0841 3248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

07:56:31.0841 3248 BrSerWdm - ok

07:56:31.0857 3248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

07:56:31.0857 3248 BrUsbMdm - ok

07:56:31.0872 3248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

07:56:31.0872 3248 BrUsbSer - ok

07:56:31.0919 3248 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

07:56:31.0919 3248 BTHMODEM - ok

07:56:32.0013 3248 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS

07:56:32.0013 3248 BVRPMPR5a64 - ok

07:56:32.0028 3248 catchme - ok

07:56:32.0075 3248 [ ACBADAB44C65E96983DBF5633318C355 ] CAXHWBS3 C:\Windows\system32\DRIVERS\CAXHWBS3.sys

07:56:32.0106 3248 CAXHWBS3 - ok

07:56:32.0153 3248 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

07:56:32.0169 3248 cdfs - ok

07:56:32.0215 3248 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

07:56:32.0215 3248 cdrom - ok

07:56:32.0278 3248 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

07:56:32.0278 3248 CertPropSvc - ok

07:56:32.0293 3248 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

07:56:32.0293 3248 circlass - ok

07:56:32.0371 3248 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

07:56:32.0387 3248 CLFS - ok

07:56:32.0434 3248 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:56:32.0449 3248 clr_optimization_v2.0.50727_32 - ok

07:56:32.0496 3248 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:56:32.0512 3248 clr_optimization_v2.0.50727_64 - ok

07:56:32.0621 3248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:56:32.0668 3248 clr_optimization_v4.0.30319_32 - ok

07:56:32.0699 3248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:56:32.0730 3248 clr_optimization_v4.0.30319_64 - ok

07:56:32.0761 3248 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

07:56:32.0761 3248 cmdide - ok

07:56:32.0777 3248 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

07:56:32.0777 3248 Compbatt - ok

07:56:32.0777 3248 COMSysApp - ok

07:56:32.0808 3248 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

07:56:32.0808 3248 crcdisk - ok

07:56:32.0902 3248 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll

07:56:32.0902 3248 CryptSvc - ok

07:56:33.0042 3248 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

07:56:33.0073 3248 DcomLaunch - ok

07:56:33.0120 3248 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

07:56:33.0136 3248 DfsC - ok

07:56:33.0276 3248 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

07:56:33.0354 3248 DFSR - ok

07:56:33.0417 3248 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

07:56:33.0417 3248 Dhcp - ok

07:56:33.0479 3248 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

07:56:33.0479 3248 disk - ok

07:56:33.0541 3248 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

07:56:33.0541 3248 Dnscache - ok

07:56:33.0604 3248 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

07:56:33.0604 3248 dot3svc - ok

07:56:33.0682 3248 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

07:56:33.0682 3248 Dot4 - ok

07:56:33.0729 3248 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

07:56:33.0729 3248 Dot4Print - ok

07:56:33.0760 3248 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

07:56:33.0760 3248 dot4usb - ok

07:56:33.0822 3248 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

07:56:33.0822 3248 DPS - ok

07:56:33.0885 3248 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

07:56:33.0885 3248 drmkaud - ok

07:56:34.0072 3248 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

07:56:34.0072 3248 DXGKrnl - ok

07:56:34.0119 3248 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

07:56:34.0119 3248 E1G60 - ok

07:56:34.0197 3248 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

07:56:34.0197 3248 EapHost - ok

07:56:34.0259 3248 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

07:56:34.0259 3248 Ecache - ok

07:56:34.0337 3248 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

07:56:34.0353 3248 ehRecvr - ok

07:56:34.0368 3248 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

07:56:34.0368 3248 ehSched - ok

07:56:34.0399 3248 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

07:56:34.0399 3248 ehstart - ok

07:56:34.0446 3248 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

07:56:34.0446 3248 elxstor - ok

07:56:34.0571 3248 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

07:56:34.0587 3248 EMDMgmt - ok

07:56:34.0602 3248 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

07:56:34.0602 3248 ErrDev - ok

07:56:34.0680 3248 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

07:56:34.0680 3248 EventSystem - ok

07:56:34.0743 3248 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

07:56:34.0743 3248 exfat - ok

07:56:34.0805 3248 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

07:56:34.0805 3248 fastfat - ok

07:56:34.0852 3248 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

07:56:34.0852 3248 fdc - ok

07:56:34.0867 3248 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

07:56:34.0867 3248 fdPHost - ok

07:56:34.0883 3248 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

07:56:34.0883 3248 FDResPub - ok

07:56:34.0899 3248 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

07:56:34.0914 3248 FileInfo - ok

07:56:34.0930 3248 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

07:56:34.0930 3248 Filetrace - ok

07:56:34.0945 3248 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

07:56:34.0945 3248 flpydisk - ok

07:56:34.0992 3248 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

07:56:35.0008 3248 FltMgr - ok

07:56:35.0164 3248 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

07:56:35.0195 3248 FontCache - ok

07:56:35.0273 3248 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:56:35.0273 3248 FontCache3.0.0.0 - ok

07:56:35.0304 3248 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

07:56:35.0304 3248 Fs_Rec - ok

07:56:35.0335 3248 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

07:56:35.0335 3248 gagp30kx - ok

07:56:35.0382 3248 [ 67CF4C2E7477B9A01DF07E38AF293414 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

07:56:35.0398 3248 GameConsoleService - ok

07:56:35.0445 3248 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:56:35.0445 3248 GEARAspiWDM - ok

07:56:35.0523 3248 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

07:56:35.0538 3248 gpsvc - ok

07:56:35.0632 3248 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9869ed01db30 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:56:35.0632 3248 gupdate1c9869ed01db30 - ok

07:56:35.0663 3248 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:56:35.0663 3248 gupdatem - ok

07:56:35.0725 3248 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

07:56:35.0725 3248 gusvc - ok

07:56:35.0803 3248 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

07:56:35.0835 3248 HDAudBus - ok

07:56:35.0866 3248 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

07:56:35.0866 3248 HidBth - ok

07:56:35.0881 3248 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

07:56:35.0897 3248 HidIr - ok

07:56:35.0928 3248 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll

07:56:35.0944 3248 hidserv - ok

07:56:35.0991 3248 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

07:56:35.0991 3248 HidUsb - ok

07:56:36.0006 3248 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

07:56:36.0006 3248 hkmsvc - ok

07:56:36.0084 3248 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

07:56:36.0084 3248 HP Health Check Service - ok

07:56:36.0147 3248 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

07:56:36.0147 3248 HpCISSs - ok

07:56:36.0240 3248 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

07:56:36.0256 3248 hpqcxs08 - ok

07:56:36.0271 3248 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

07:56:36.0271 3248 hpqddsvc - ok

07:56:36.0334 3248 [ C0A9096A732B912BFE1504D17C6B2385 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys

07:56:36.0381 3248 HSF_DP - ok

07:56:36.0412 3248 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

07:56:36.0412 3248 HTTP - ok

07:56:36.0443 3248 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

07:56:36.0443 3248 i2omp - ok

07:56:36.0490 3248 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

07:56:36.0490 3248 i8042prt - ok

07:56:36.0583 3248 [ 1117AF8C53AA278A4C5B7EF1B00E08F4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

07:56:36.0615 3248 IAANTMON - ok

07:56:36.0677 3248 [ 5979854E6FDA990107E3170327022117 ] iaStor C:\Windows\system32\drivers\iastor.sys

07:56:36.0693 3248 iaStor - ok

07:56:36.0864 3248 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

07:56:36.0942 3248 iaStorV - ok

07:56:37.0176 3248 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:56:37.0239 3248 idsvc - ok

07:56:37.0551 3248 [ A124C87CD0B39C9E510E138534468383 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

07:56:37.0769 3248 igfx - ok

07:56:37.0785 3248 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

07:56:37.0785 3248 iirsp - ok

07:56:37.0863 3248 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

07:56:37.0878 3248 IKEEXT - ok

07:56:38.0877 3248 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

07:56:38.0892 3248 IntcAzAudAddService - ok

07:56:38.0923 3248 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

07:56:38.0923 3248 intelide - ok

07:56:38.0939 3248 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

07:56:38.0939 3248 intelppm - ok

07:56:38.0986 3248 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

07:56:38.0986 3248 IPBusEnum - ok

07:56:39.0017 3248 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:56:39.0033 3248 IpFilterDriver - ok

07:56:39.0033 3248 IpInIp - ok

07:56:39.0079 3248 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

07:56:39.0079 3248 IPMIDRV - ok

07:56:39.0111 3248 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

07:56:39.0111 3248 IPNAT - ok

07:56:39.0313 3248 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

07:56:39.0407 3248 iPod Service - ok

07:56:39.0438 3248 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

07:56:39.0438 3248 IRENUM - ok

07:56:39.0485 3248 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

07:56:39.0485 3248 isapnp - ok

07:56:39.0532 3248 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

07:56:39.0532 3248 iScsiPrt - ok

07:56:39.0594 3248 [ 88BB5280137DC9A7E9989C475763CD08 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys

07:56:39.0594 3248 ISODrive - ok

07:56:39.0625 3248 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

07:56:39.0625 3248 iteatapi - ok

07:56:39.0657 3248 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

07:56:39.0657 3248 iteraid - ok

07:56:39.0672 3248 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

07:56:39.0672 3248 kbdclass - ok

07:56:39.0735 3248 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

07:56:39.0735 3248 kbdhid - ok

07:56:39.0797 3248 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

07:56:39.0797 3248 KeyIso - ok

07:56:39.0922 3248 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

07:56:39.0984 3248 KSecDD - ok

07:56:39.0984 3248 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

07:56:40.0000 3248 ksthunk - ok

07:56:40.0062 3248 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

07:56:40.0078 3248 KtmRm - ok

07:56:40.0109 3248 [ 7D80A55B6D0C2A54728158E846F4696D ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys

07:56:40.0109 3248 L8042Kbd - ok

07:56:40.0234 3248 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll

07:56:40.0234 3248 LanmanServer - ok

07:56:40.0312 3248 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

07:56:40.0327 3248 LanmanWorkstation - ok

07:56:40.0530 3248 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

07:56:40.0608 3248 LBTServ - ok

07:56:40.0624 3248 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

07:56:40.0624 3248 LEqdUsb - ok

07:56:40.0686 3248 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

07:56:40.0686 3248 LHidEqd - ok

07:56:40.0717 3248 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

07:56:40.0717 3248 LHidFilt - ok

07:56:40.0936 3248 [ C7D21310EA0A644AA6394DE1E46E3D31 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys

07:56:40.0936 3248 libusb0 - ok

07:56:41.0092 3248 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

07:56:41.0092 3248 LightScribeService - ok

07:56:41.0139 3248 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

07:56:41.0139 3248 lltdio - ok

07:56:41.0185 3248 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

07:56:41.0201 3248 lltdsvc - ok

07:56:41.0232 3248 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

07:56:41.0232 3248 lmhosts - ok

07:56:41.0263 3248 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

07:56:41.0263 3248 LMouFilt - ok

07:56:41.0295 3248 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

07:56:41.0295 3248 LSI_FC - ok

07:56:41.0341 3248 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

07:56:41.0341 3248 LSI_SAS - ok

07:56:41.0404 3248 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

07:56:41.0404 3248 LSI_SCSI - ok

07:56:41.0419 3248 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

07:56:41.0419 3248 luafv - ok

07:56:41.0497 3248 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

07:56:41.0497 3248 MBAMProtector - ok

07:56:41.0622 3248 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

07:56:41.0622 3248 MBAMScheduler - ok

07:56:41.0747 3248 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

07:56:41.0809 3248 MBAMService - ok

07:56:41.0872 3248 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

07:56:41.0887 3248 Mcx2Svc - ok

07:56:41.0919 3248 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

07:56:41.0919 3248 mdmxsdk - ok

07:56:41.0997 3248 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

07:56:42.0012 3248 megasas - ok

07:56:42.0106 3248 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

07:56:42.0153 3248 MegaSR - ok

07:56:42.0262 3248 [ DB330D9BDAEAE4A198D6EF4D15FA5101 ] MgiSvr C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe

07:56:42.0277 3248 MgiSvr - ok

07:56:42.0309 3248 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

07:56:42.0309 3248 MMCSS - ok

07:56:42.0340 3248 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

07:56:42.0340 3248 Modem - ok

07:56:42.0355 3248 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

07:56:42.0355 3248 monitor - ok

07:56:42.0387 3248 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

07:56:42.0387 3248 mouclass - ok

07:56:42.0449 3248 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

07:56:42.0449 3248 mouhid - ok

07:56:42.0511 3248 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

07:56:42.0511 3248 MountMgr - ok

07:56:42.0714 3248 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

07:56:42.0730 3248 MozillaMaintenance - ok

07:56:42.0808 3248 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

07:56:42.0808 3248 MpFilter - ok

07:56:42.0855 3248 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

07:56:42.0855 3248 mpio - ok

07:56:42.0886 3248 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys

07:56:42.0886 3248 MpNWMon - ok

07:56:42.0901 3248 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

07:56:42.0901 3248 mpsdrv - ok

07:56:42.0964 3248 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

07:56:42.0979 3248 MpsSvc - ok

07:56:43.0011 3248 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

07:56:43.0011 3248 Mraid35x - ok

07:56:43.0057 3248 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

07:56:43.0057 3248 MRxDAV - ok

07:56:43.0135 3248 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

07:56:43.0151 3248 mrxsmb - ok

07:56:43.0213 3248 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:56:43.0213 3248 mrxsmb10 - ok

07:56:43.0229 3248 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:56:43.0229 3248 mrxsmb20 - ok

07:56:43.0291 3248 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys

07:56:43.0291 3248 msahci - ok

07:56:43.0432 3248 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

07:56:43.0432 3248 msdsm - ok

07:56:43.0525 3248 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

07:56:43.0525 3248 MSDTC - ok

07:56:43.0557 3248 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

07:56:43.0588 3248 Msfs - ok

07:56:43.0635 3248 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

07:56:43.0635 3248 msisadrv - ok

07:56:43.0666 3248 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

07:56:43.0681 3248 MSiSCSI - ok

07:56:43.0681 3248 msiserver - ok

07:56:43.0728 3248 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

07:56:43.0728 3248 MSKSSRV - ok

07:56:43.0884 3248 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

07:56:43.0884 3248 MsMpSvc - ok

07:56:43.0931 3248 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

07:56:43.0931 3248 MSPCLOCK - ok

07:56:43.0947 3248 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

07:56:43.0962 3248 MSPQM - ok

07:56:44.0056 3248 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

07:56:44.0071 3248 MsRPC - ok

07:56:44.0087 3248 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

07:56:44.0103 3248 mssmbios - ok

07:56:44.0118 3248 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

07:56:44.0118 3248 MSTEE - ok

07:56:44.0118 3248 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

07:56:44.0118 3248 Mup - ok

07:56:44.0181 3248 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

07:56:44.0181 3248 napagent - ok

07:56:44.0368 3248 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

07:56:44.0368 3248 NativeWifiP - ok

07:56:44.0477 3248 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

07:56:44.0539 3248 NDIS - ok

07:56:44.0555 3248 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

07:56:44.0571 3248 NdisTapi - ok

07:56:44.0571 3248 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

07:56:44.0571 3248 Ndisuio - ok

07:56:44.0633 3248 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

07:56:44.0633 3248 NdisWan - ok

07:56:44.0649 3248 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

07:56:44.0649 3248 NDProxy - ok

07:56:44.0695 3248 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

07:56:44.0695 3248 Net Driver HPZ12 - ok

07:56:44.0727 3248 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

07:56:44.0727 3248 NetBIOS - ok

07:56:44.0789 3248 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

07:56:44.0789 3248 netbt - ok

07:56:44.0789 3248 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

07:56:44.0789 3248 Netlogon - ok

07:56:44.0820 3248 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

07:56:44.0820 3248 Netman - ok

07:56:44.0851 3248 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

07:56:44.0851 3248 netprofm - ok

07:56:44.0929 3248 [ 4D457321124EF6031875DA01E9C402B3 ] netr7364 C:\Windows\system32\DRIVERS\WUSB54GCx64.sys

07:56:44.0929 3248 netr7364 - ok

07:56:44.0976 3248 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:56:44.0976 3248 NetTcpPortSharing - ok

07:56:45.0007 3248 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

07:56:45.0007 3248 nfrd960 - ok

07:56:45.0070 3248 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

07:56:45.0070 3248 NisDrv - ok

07:56:45.0132 3248 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

07:56:45.0148 3248 NisSrv - ok

07:56:45.0179 3248 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

07:56:45.0179 3248 NlaSvc - ok

07:56:45.0226 3248 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

07:56:45.0257 3248 NMSAccessU - ok

07:56:45.0288 3248 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

07:56:45.0288 3248 Npfs - ok

07:56:45.0351 3248 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

07:56:45.0351 3248 nsi - ok

07:56:45.0382 3248 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

07:56:45.0382 3248 nsiproxy - ok

07:56:45.0491 3248 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

07:56:45.0507 3248 Ntfs - ok

07:56:45.0522 3248 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

07:56:45.0522 3248 Null - ok

07:56:45.0553 3248 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

07:56:45.0553 3248 nvraid - ok

07:56:45.0569 3248 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

07:56:45.0569 3248 nvstor - ok

07:56:45.0600 3248 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

07:56:45.0600 3248 nv_agp - ok

07:56:45.0600 3248 NwlnkFlt - ok

07:56:45.0600 3248 NwlnkFwd - ok

07:56:45.0912 3248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

07:56:46.0177 3248 odserv - ok

07:56:46.0599 3248 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

07:56:46.0614 3248 ohci1394 - ok

07:56:46.0708 3248 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:56:46.0708 3248 ose - ok

07:56:46.0801 3248 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

07:56:46.0833 3248 p2pimsvc - ok

07:56:46.0911 3248 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

07:56:46.0926 3248 p2psvc - ok

07:56:46.0957 3248 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

07:56:46.0957 3248 Parport - ok

07:56:47.0020 3248 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

07:56:47.0098 3248 partmgr - ok

07:56:47.0160 3248 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

07:56:47.0160 3248 PcaSvc - ok

07:56:47.0238 3248 PcdrNdisuio - ok

07:56:47.0254 3248 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

07:56:47.0254 3248 pci - ok

07:56:47.0269 3248 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys

07:56:47.0269 3248 pciide - ok

07:56:47.0285 3248 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

07:56:47.0301 3248 pcmcia - ok

07:56:47.0347 3248 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys

07:56:47.0347 3248 pcouffin - ok

07:56:47.0379 3248 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

07:56:47.0394 3248 PEAUTH - ok

07:56:47.0410 3248 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

07:56:47.0425 3248 PerfHost - ok

07:56:47.0457 3248 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

07:56:47.0566 3248 pla - ok

07:56:47.0613 3248 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

07:56:47.0613 3248 PlugPlay - ok

07:56:47.0628 3248 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

07:56:47.0644 3248 Pml Driver HPZ12 - ok

07:56:47.0659 3248 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

07:56:47.0675 3248 PNRPAutoReg - ok

07:56:47.0691 3248 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

07:56:47.0691 3248 PNRPsvc - ok

07:56:47.0769 3248 [ 24C4A668C1B574EBAF7126AB68F96012 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys

07:56:47.0769 3248 Point64 - ok

07:56:47.0784 3248 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

07:56:47.0800 3248 PolicyAgent - ok

07:56:47.0847 3248 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

07:56:47.0847 3248 PptpMiniport - ok

07:56:47.0878 3248 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

07:56:47.0878 3248 Processor - ok

07:56:47.0925 3248 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

07:56:47.0940 3248 ProfSvc - ok

07:56:47.0956 3248 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

07:56:47.0956 3248 ProtectedStorage - ok

07:56:48.0034 3248 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys

07:56:48.0034 3248 Ps2 - ok

07:56:48.0081 3248 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

07:56:48.0096 3248 PSched - ok

07:56:48.0143 3248 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

07:56:48.0159 3248 PxHlpa64 - ok

07:56:48.0205 3248 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

07:56:48.0283 3248 ql2300 - ok

07:56:48.0299 3248 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

07:56:48.0315 3248 ql40xx - ok

07:56:48.0361 3248 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

07:56:48.0377 3248 QWAVE - ok

07:56:48.0393 3248 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

07:56:48.0393 3248 QWAVEdrv - ok

07:56:48.0439 3248 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

07:56:48.0455 3248 RasAcd - ok

07:56:48.0455 3248 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

07:56:48.0455 3248 RasAuto - ok

07:56:48.0486 3248 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

07:56:48.0486 3248 Rasl2tp - ok

07:56:48.0502 3248 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

07:56:48.0517 3248 RasMan - ok

07:56:48.0627 3248 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

07:56:48.0627 3248 RasPppoe - ok

07:56:48.0720 3248 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

07:56:48.0720 3248 RasSstp - ok

07:56:48.0798 3248 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

07:56:48.0798 3248 rdbss - ok

07:56:48.0829 3248 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

07:56:48.0845 3248 RDPCDD - ok

07:56:48.0892 3248 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

07:56:48.0892 3248 rdpdr - ok

07:56:48.0923 3248 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

07:56:48.0923 3248 RDPENCDD - ok

07:56:48.0970 3248 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

07:56:48.0970 3248 RDPWD - ok

07:56:48.0985 3248 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

07:56:49.0001 3248 RemoteAccess - ok

07:56:49.0032 3248 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

07:56:49.0079 3248 RemoteRegistry - ok

07:56:49.0095 3248 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

07:56:49.0095 3248 RpcLocator - ok

07:56:49.0219 3248 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

07:56:49.0235 3248 RpcSs - ok

07:56:49.0251 3248 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

07:56:49.0251 3248 rspndr - ok

07:56:49.0266 3248 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

07:56:49.0282 3248 RTL8169 - ok

07:56:49.0282 3248 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

07:56:49.0282 3248 SamSs - ok

07:56:49.0297 3248 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

07:56:49.0297 3248 sbp2port - ok

07:56:49.0360 3248 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

07:56:49.0360 3248 SCardSvr - ok

07:56:49.0563 3248 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

07:56:49.0578 3248 Schedule - ok

07:56:49.0656 3248 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

07:56:49.0656 3248 SCPolicySvc - ok

07:56:49.0672 3248 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

07:56:49.0687 3248 SDRSVC - ok

07:56:49.0703 3248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

07:56:49.0703 3248 secdrv - ok

07:56:49.0750 3248 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

07:56:49.0750 3248 seclogon - ok

07:56:49.0875 3248 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll

07:56:49.0875 3248 SENS - ok

07:56:49.0921 3248 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

07:56:49.0921 3248 Serenum - ok

07:56:49.0968 3248 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

07:56:49.0968 3248 Serial - ok

07:56:49.0984 3248 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

07:56:49.0984 3248 sermouse - ok

07:56:49.0999 3248 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

07:56:50.0015 3248 SessionEnv - ok

07:56:50.0031 3248 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

07:56:50.0031 3248 sffdisk - ok

07:56:50.0046 3248 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

07:56:50.0046 3248 sffp_mmc - ok

07:56:50.0062 3248 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

07:56:50.0062 3248 sffp_sd - ok

07:56:50.0077 3248 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

07:56:50.0077 3248 sfloppy - ok

07:56:50.0155 3248 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

07:56:50.0155 3248 SharedAccess - ok

07:56:50.0218 3248 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

07:56:50.0218 3248 ShellHWDetection - ok

07:56:50.0233 3248 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

07:56:50.0233 3248 SiSRaid2 - ok

07:56:50.0265 3248 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

07:56:50.0265 3248 SiSRaid4 - ok

07:56:50.0499 3248 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

07:56:50.0499 3248 SkypeUpdate - ok

07:56:50.0701 3248 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

07:56:50.0795 3248 slsvc - ok

07:56:50.0857 3248 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

07:56:50.0857 3248 SLUINotify - ok

07:56:50.0904 3248 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

07:56:50.0920 3248 Smb - ok

07:56:50.0982 3248 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

07:56:50.0982 3248 SNMPTRAP - ok

07:56:51.0045 3248 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

07:56:51.0060 3248 spldr - ok

07:56:51.0091 3248 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

07:56:51.0091 3248 Spooler - ok

07:56:51.0247 3248 [ EE037BD2E873D209DD4D49467ED965A3 ] sptd C:\Windows\system32\Drivers\sptd.sys

07:56:51.0247 3248 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: EE037BD2E873D209DD4D49467ED965A3

07:56:51.0247 3248 sptd ( LockedFile.Multi.Generic ) - warning

07:56:51.0247 3248 sptd - detected LockedFile.Multi.Generic (1)

07:56:51.0341 3248 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

07:56:51.0341 3248 srv - ok

07:56:51.0435 3248 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

07:56:51.0435 3248 srv2 - ok

07:56:51.0497 3248 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

07:56:51.0497 3248 srvnet - ok

07:56:51.0528 3248 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

07:56:51.0528 3248 SSDPSRV - ok

07:56:51.0591 3248 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

07:56:51.0591 3248 SstpSvc - ok

07:56:51.0669 3248 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

07:56:51.0684 3248 stisvc - ok

07:56:51.0700 3248 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

07:56:51.0700 3248 swenum - ok

07:56:51.0825 3248 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

07:56:51.0856 3248 SwitchBoard - ok

07:56:51.0918 3248 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

07:56:51.0918 3248 swprv - ok

07:56:51.0949 3248 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

07:56:51.0965 3248 Symc8xx - ok

07:56:51.0996 3248 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

07:56:51.0996 3248 Sym_hi - ok

07:56:51.0996 3248 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

07:56:52.0012 3248 Sym_u3 - ok

07:56:52.0152 3248 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

07:56:52.0246 3248 SysMain - ok

07:56:52.0261 3248 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

07:56:52.0261 3248 TabletInputService - ok

07:56:52.0355 3248 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

07:56:52.0355 3248 TapiSrv - ok

07:56:52.0417 3248 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

07:56:52.0417 3248 TBS - ok

07:56:52.0542 3248 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys

07:56:52.0589 3248 Tcpip - ok

07:56:52.0667 3248 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

07:56:52.0667 3248 Tcpip6 - ok

07:56:52.0823 3248 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

07:56:52.0823 3248 tcpipreg - ok

07:56:52.0854 3248 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

07:56:52.0854 3248 TDPIPE - ok

07:56:52.0870 3248 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

07:56:52.0870 3248 TDTCP - ok

07:56:52.0917 3248 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

07:56:52.0932 3248 tdx - ok

07:56:52.0948 3248 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

07:56:52.0948 3248 TermDD - ok

07:56:53.0026 3248 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

07:56:53.0041 3248 TermService - ok

07:56:53.0057 3248 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

07:56:53.0057 3248 Themes - ok

07:56:53.0073 3248 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

07:56:53.0073 3248 THREADORDER - ok

07:56:53.0104 3248 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

07:56:53.0104 3248 TrkWks - ok

07:56:53.0166 3248 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

07:56:53.0182 3248 TrustedInstaller - ok

07:56:53.0213 3248 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

07:56:53.0213 3248 tssecsrv - ok

07:56:53.0260 3248 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

07:56:53.0260 3248 tunmp - ok

07:56:53.0307 3248 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

07:56:53.0307 3248 tunnel - ok

07:56:53.0322 3248 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

07:56:53.0322 3248 uagp35 - ok

07:56:53.0400 3248 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

07:56:53.0431 3248 udfs - ok

07:56:53.0463 3248 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

07:56:53.0463 3248 UI0Detect - ok

07:56:53.0478 3248 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

07:56:53.0478 3248 uliagpkx - ok

07:56:53.0509 3248 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

07:56:53.0509 3248 uliahci - ok

07:56:53.0541 3248 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

07:56:53.0541 3248 UlSata - ok

07:56:53.0572 3248 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

07:56:53.0572 3248 ulsata2 - ok

07:56:53.0587 3248 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

07:56:53.0587 3248 umbus - ok

07:56:53.0603 3248 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

07:56:53.0619 3248 upnphost - ok

07:56:53.0681 3248 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

07:56:53.0681 3248 USBAAPL64 - ok

07:56:53.0759 3248 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

07:56:53.0759 3248 usbaudio - ok

07:56:53.0821 3248 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

07:56:53.0821 3248 usbccgp - ok

07:56:53.0853 3248 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

07:56:53.0853 3248 usbcir - ok

07:56:53.0868 3248 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

07:56:53.0868 3248 usbehci - ok

07:56:53.0931 3248 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

07:56:53.0946 3248 usbhub - ok

07:56:53.0962 3248 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

07:56:53.0962 3248 usbohci - ok

07:56:53.0993 3248 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

07:56:53.0993 3248 usbprint - ok

07:56:54.0024 3248 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

07:56:54.0024 3248 usbscan - ok

07:56:54.0055 3248 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:56:54.0055 3248 USBSTOR - ok

07:56:54.0071 3248 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

07:56:54.0071 3248 usbuhci - ok

07:56:54.0133 3248 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

07:56:54.0133 3248 usbvideo - ok

07:56:54.0180 3248 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

07:56:54.0196 3248 UxSms - ok

07:56:54.0274 3248 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

07:56:54.0305 3248 vds - ok

07:56:54.0321 3248 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

07:56:54.0321 3248 vga - ok

07:56:54.0321 3248 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

07:56:54.0321 3248 VgaSave - ok

07:56:54.0336 3248 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

07:56:54.0336 3248 viaide - ok

07:56:54.0367 3248 [ B2E25DB5A6A178C056342ABD747B7326 ] vmm C:\Windows\system32\Drivers\vmm.sys

07:56:54.0367 3248 vmm - ok

07:56:54.0399 3248 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

07:56:54.0399 3248 volmgr - ok

07:56:54.0477 3248 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

07:56:54.0477 3248 volmgrx - ok

07:56:54.0523 3248 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys

07:56:54.0523 3248 volsnap - ok

07:56:54.0555 3248 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys

07:56:54.0555 3248 VPCNetS2 - ok

07:56:54.0648 3248 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

07:56:54.0711 3248 vsmraid - ok

07:56:54.0867 3248 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

07:56:55.0054 3248 VSS - ok

07:56:55.0225 3248 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

07:56:55.0257 3248 W32Time - ok

07:56:55.0272 3248 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

07:56:55.0288 3248 WacomPen - ok

07:56:55.0335 3248 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

07:56:55.0335 3248 Wanarp - ok

07:56:55.0335 3248 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

07:56:55.0335 3248 Wanarpv6 - ok

07:56:55.0381 3248 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

07:56:55.0397 3248 wcncsvc - ok

07:56:55.0413 3248 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

07:56:55.0444 3248 WcsPlugInService - ok

07:56:55.0459 3248 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

07:56:55.0459 3248 Wd - ok

07:56:55.0522 3248 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

07:56:55.0522 3248 Wdf01000 - ok

07:56:55.0537 3248 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

07:56:55.0537 3248 WdiServiceHost - ok

07:56:55.0537 3248 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

07:56:55.0537 3248 WdiSystemHost - ok

07:56:55.0600 3248 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

07:56:55.0600 3248 WebClient - ok

07:56:55.0662 3248 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

07:56:55.0662 3248 Wecsvc - ok

07:56:55.0709 3248 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

07:56:55.0709 3248 wercplsupport - ok

07:56:55.0725 3248 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

07:56:55.0725 3248 WerSvc - ok

07:56:55.0740 3248 [ 0208B357535431071193A7B534F5CFEF ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

07:56:55.0771 3248 winachsf - ok

07:56:55.0818 3248 WinDefend - ok

07:56:55.0818 3248 WinHttpAutoProxySvc - ok

07:56:55.0896 3248 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

07:56:55.0927 3248 Winmgmt - ok

07:56:56.0161 3248 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

07:56:56.0255 3248 WinRM - ok

07:56:56.0317 3248 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS

07:56:56.0317 3248 winusb - ok

07:56:56.0427 3248 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

07:56:56.0505 3248 Wlansvc - ok

07:56:56.0551 3248 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

07:56:56.0551 3248 WmiAcpi - ok

07:56:56.0614 3248 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

07:56:56.0614 3248 wmiApSrv - ok

07:56:56.0629 3248 WMPNetworkSvc - ok

07:56:56.0661 3248 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

07:56:56.0661 3248 WPCSvc - ok

07:56:56.0676 3248 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

07:56:56.0692 3248 WPDBusEnum - ok

07:56:56.0723 3248 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

07:56:56.0723 3248 WpdUsb - ok

07:56:56.0957 3248 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:56:57.0019 3248 WPFFontCache_v0400 - ok

07:56:57.0035 3248 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

07:56:57.0035 3248 ws2ifsl - ok

07:56:57.0082 3248 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll

07:56:57.0082 3248 wscsvc - ok

07:56:57.0082 3248 WSearch - ok

07:56:57.0253 3248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

07:56:57.0331 3248 wuauserv - ok

07:56:57.0394 3248 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

07:56:57.0394 3248 WudfPf - ok

07:56:57.0472 3248 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

07:56:57.0472 3248 WUDFRd - ok

07:56:57.0581 3248 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

07:56:57.0581 3248 wudfsvc - ok

07:56:57.0612 3248 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys

07:56:57.0628 3248 XAudio - ok

07:56:57.0690 3248 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe

07:56:57.0706 3248 XAudioService - ok

07:56:57.0862 3248 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

07:56:57.0924 3248 YahooAUService - ok

07:56:57.0971 3248 ================ Scan global ===============================

07:56:58.0002 3248 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

07:56:58.0033 3248 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

07:56:58.0049 3248 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

07:56:58.0111 3248 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

07:56:58.0158 3248 [Global] - ok

07:56:58.0158 3248 ================ Scan MBR ==================================

07:56:58.0158 3248 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0

07:56:58.0751 3248 \Device\Harddisk0\DR0 - ok

07:56:58.0767 3248 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1

07:56:58.0767 3248 \Device\Harddisk1\DR1 - ok

07:56:59.0001 3248 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2

07:56:59.0063 3248 \Device\Harddisk2\DR2 - ok

07:56:59.0063 3248 ================ Scan VBR ==================================

07:56:59.0063 3248 [ C3EF832A43C9205B2647214F31154B93 ] \Device\Harddisk0\DR0\Partition1

07:56:59.0063 3248 \Device\Harddisk0\DR0\Partition1 - ok

07:56:59.0079 3248 [ AC04DC382666FF6AF56BECBE19B11429 ] \Device\Harddisk0\DR0\Partition2

07:56:59.0079 3248 \Device\Harddisk0\DR0\Partition2 - ok

07:56:59.0079 3248 [ BB82BDF599DC9847E4DC11D0F71D71DB ] \Device\Harddisk1\DR1\Partition1

07:56:59.0079 3248 \Device\Harddisk1\DR1\Partition1 - ok

07:56:59.0079 3248 [ 9656EFF4B74C82FADC1590A2A2F74017 ] \Device\Harddisk2\DR2\Partition1

07:56:59.0094 3248 \Device\Harddisk2\DR2\Partition1 - ok

07:56:59.0094 3248 ============================================================

07:56:59.0094 3248 Scan finished

07:56:59.0094 3248 ============================================================

07:56:59.0110 3240 Detected object count: 1

07:56:59.0110 3240 Actual detected object count: 1

07:57:14.0835 3240 sptd ( LockedFile.Multi.Generic ) - skipped by user

07:57:14.0835 3240 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

TDSSKILLER report is good.

NEXT:

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

Step 2

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in a new post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    ( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Online scan

Turn off your antivirus so that it does not interfere. Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into a new reply.

Re-enable your antivirus.

As much as possible, put your system into Windows normal mode (not Network or safe mode).

new report

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • RIGHT click on RSITx64.exe & seleclt Run As Administrator to start RSITx64.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

And tell me, How is the system now?

Link to post
Share on other sites

I have done everything but delete the Temp java files and do the online system scan. Every time I start up or restart the computer, I immediately go to the control panel to delete the temp java files and it always hangs and them freezes up. I tried to delete them from safe mode since safe mode runs fine, but java isnt available in the control panel in safe mode. I will do the online system scan tomorrow. I'm starting to think maybe I should just do a clean install and restore to factory.

Link to post
Share on other sites

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.2 (12.29.2012:3)

OS: Windows Vista Home Premium x64

Ran by Gabe on Sun 12/30/2012 at 10:58:58.01

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

Successfully deleted: [File] C:\Users\Gabe\appdata\local\{8E62249A-79B3-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Folder] C:\Users\Gabe\appdata\local\{8E62249A-79B3-11E1-826D-B8AC6F996F26} [Trojan:JS/Medfos.A]

~~~ FireFox

Successfully deleted: [File] C:\Users\Gabe\AppData\Roaming\mozilla\firefox\profiles\q2kcmqve.default\invalidprefs.js

Successfully deleted: [File] C:\Users\Gabe\AppData\Roaming\mozilla\firefox\profiles\q2kcmqve.default\extensions\browserprotect@browserprotect.com.xpi

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/30/2012 at 11:07:10.88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Adwcleaner log:

# AdwCleaner v2.104 - Logfile created 12/30/2012 at 11:11:40

# Updated 29/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Gabe - GABES-PC

# Boot Mode : Normal

# Running from : C:\Users\Gabe\Desktop\malware forum\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

***** [Registry] *****

Key Found : HKCU\Software\5b2da8dbd6dec40

Key Found : HKLM\SOFTWARE\Wow6432Node\5b2da8dbd6dec40

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\q2kcmqve.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1070 octets] - [30/12/2012 11:11:40]

########## EOF - C:\AdwCleaner[R1].txt - [1190 octets] ##########

Link to post
Share on other sites

I have done everything but delete the Temp java files and do the online system scan. Every time I start up or restart the computer, I immediately go to the control panel to delete the temp java files and it always hangs and them freezes up. I tried to delete them from safe mode since safe mode runs fine, but java isnt available in the control panel in safe mode. I will do the online system scan tomorrow. I'm starting to think maybe I should just do a clean install and restore to factory.

Do not be concerned about clearing the Java cache. That is not a show-stopper.

A factory restore run -is- effectively a clean install and -is- the safest thing to do for the long term. But that entails installing all your application programs fresh, restoring your personal files from previous backups, and also doing Windows updates to insure your Vista is completely current with all security updates .

Do tell me if that is what you decide to do. Or if you wish to continue the chase for malware & cleaning.

If the latter, did you manage to do the online scan at F-Secure ?

Link to post
Share on other sites

I had tried yesterday and it wouldn't run because it said I didn't have java installed. Even though I had installed it the day before. I installed it again right now and am running the online scan. Hasn't frozen up so far, but I did notice that when it froze before I had the control panel open and was trying to delete the temp java files and had my browser open to try to do the online scanner. Now I only have my browser open and it's not freezing up. Maybe java didn't install right the last time?

I'd rather not do a clean install, I'll save that as a last resort.

Hopefully the online scan goes good and i'll post the report and the log from the RSIT soon.

Link to post
Share on other sites

Ok, had to run it twice. The first time it found I think twelve things and when I clicked to clean them it said cleaning files for about half an hour. I closed it out and ran the scan again. It found nine items this time and when I clicked to clean the files it was pretty much instant.

Here is the log:

Scanning Report

Friday, January 4, 2013 12:01:54 - 16:55:55

Computer name: GABES-PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\ M:\

9 malware found

Trojan.Packed.7546 (virus)

  • C:\USERS\GABE\PROGRAMS\PROTECTIONID_V5.2C\PROTECTION_ID.EXE (Not cleaned)

Trojan.Generic.7308233 (virus)

  • C:\USERS\GABE\PROGRAMS\AHEAD.NERO.V8.3.6.0\KEYGEN.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

  • C:\USERS\GABE\DOCUMENTS\MONICA'S DOCUMENTS\MY DOWNLOADS\WINMX331.EXE (Not cleaned)

Exploit:Java/CVE-2012-4681.H (virus)

  • C:\USERS\GABE\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\41\2D6C0BE9-1EB6732E (Renamed & Submitted)

Trojan.Generic.KDV.529970 (virus)

  • C:\USERS\GABE\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\37\5A93E5E5-4ED08109 (Renamed & Submitted)

Exploit.Java.CVE-2012-1723.K (virus)

  • C:\USERS\GABE\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\33\61BE3861-6CEA256F (Renamed & Submitted)

Gen:Variant.Symmi.6057 (virus)

  • C:\QOOBOX\QUARANTINE\C\USERS\GABE\APPDATA\ROAMING\MDMPL.DLL.VIR (Renamed & Submitted)

Gen:Variant.Symmi.2010 (virus)

  • C:\QOOBOX\QUARANTINE\C\USERS\GABE\APPDATA\ROAMING\NPANDM.DLL.VIR (Renamed & Submitted)

Trojan.Generic.8191752 (virus)

  • C:\QOOBOX\QUARANTINE\C\USERS\GABE\WEVTAPI.DLL.VIR (Renamed & Submitted)

Statistics

Scanned:

  • Files: 391491
  • System: 5509
  • Not scanned: 262

Actions:

  • Disinfected: 0
  • Renamed: 6
  • Deleted: 0
  • Not cleaned: 3
  • Submitted: 6

Files not scanned:

  • C:\PAGEFILE.SYS
  • C:\WINDOWS\TEMP\TMP0000002A34160B79B9D83026
  • C:\WINDOWS\SYSTEM32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-0.C7483456-A289-439D-8115-601632D005A0
  • C:\WINDOWS\SYSTEM32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-1.C7483456-A289-439D-8115-601632D005A0
  • C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
  • C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
  • C:\USERS\GABE\NTUSER.DAT
  • C:\USERS\GABE\NTUSER.DAT.LOG1
  • C:\USERS\GABE\NTUSER.DAT.LOG2
  • C:\USERS\GABE\PICTURES\MOM'S CAMERA PICTURES\DSCF0298.JPG
  • C:\USERS\GABE\PICTURES\MOM'S CAMERA PICTURES\DSCF0299.JPG
  • C:\USERS\GABE\DOCUMENTS\MY STUFF\PHONE MEMORY\MEMSTICK.IND
  • C:\USERS\GABE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2KCMQVE.DEFAULT\PARENT.LOCK
  • C:\USERS\GABE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\USERS\GABE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
  • C:\USERS\GABE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{7BBB56CB-535B-11E2-ADC8-00235454E3BA}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{80B747C3-52AB-11E2-9291-00235454E3BA}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A9C9F25C-52A7-11E2-91D6-00235454E3BA}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{EB961309-567F-11E2-BA22-00235454E3BA}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{EB96130D-567F-11E2-BA22-00235454E3BA}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.67
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.7E
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.80
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.87
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.A0
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.VE0
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.VE1
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\MPCACHE-CB69AC8130B2CAFE0EF43148E4D3FF0CE26B0BD0.BIN.VF
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\011AA7DB5FBD2597B04FB22A87F6152F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\025D4A36741EA858F73FC6A7CE30D8C2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03D38B3E1F8AA0BA79857DCC7E5AE96E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0227C5CE92ACFAF646BC4DEC369F1C97_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057E1E6C78AF0E2B8F163CDD032BE712_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08CF02713FECE51E326D1D341BFC2EE5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C04D281FC8B34843C89C7012C7CC330_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C4A02BAACE80EA9AFA4910B78F1C985_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DC43721C3E63EFFF5DABEDC367E9782_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DE3D5AE3864A849894E1A912BEE4305_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E55B881024C7B292E631C5587C81966_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\107F9056A543980C6727266F2454FA18_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13C0F3DC72DC49180FAFD82CE3B76046_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\141E7557A44B39931F947775E563C84B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1652C8EF21151F1EBB4B5C3997DC18A7_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16E22023571408F2816F12F35A38DE16_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\169C718374BB30707C45B9373358E588_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\183AA276178D44FFC27BF4739D1A65D9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1895A01BB0436EDE85FC4572CF843DFE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AE3A7CE0855D513FC71A304FDEA9A90_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B5FCD3FE2A26EE6BC2F9675ED7D399C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BB5A4BD4644248F3CC91DCAFC88F2B2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BC395BF8D15A533955B10F249465712_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CE2B9597A0007856AA94B8AA7DACEC3_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E6C288C6399345A9A9D2C4C6A13D9C2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F3014B2F39A7B3C050A0FF036D76AFC_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\223FF98BD41A34CCDA26DD086BB13285_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C4F3BCE5C87A1A33444960ECFB17161_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\245516739D9965364C79EE34D838E1B2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\252FCBAC95D97C5E4CB27C87049D882B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24BF9744D9CE74AC207397D7314888E6_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\256311620A6668FF1977289E71FDDB54_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D832D6E08CD3310B0EA1BA25596B5D6_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\250870D8E09BD799DCC11BD9F0223B06_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CC680BFAF212C29E9974BA42F63D19C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28F3C3359E04CDE19734B0213AD5C032_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CF45A5409D9C351DB8BE02877D6A319_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C20E55E678F8D33ABE2C45E18F472FB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26D3CD52F4C8CCE8C3257738F36134F9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C7F506CCBCC4660D16BB2D18FE9F6E1_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D84C1358C9058385140D6F6E31E29FF_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2ED6EE9FA8D508A0B9F5EF58DE98178E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FE1E4F70EFACFDF8E3147B81C4E6BB6_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3289B9D793604361EE75EF11E5A0537A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33E8EF95DA08E8383AE321CE226FCEDF_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31745FF643B9274E8AD50C123C017C2C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\363205658F617152F941E7C4AAD4D0B4_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35BF906D3CEBB49EAA0B4F6FAF008EAD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32F6594E3804989F12E00DFA707A7262_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\397A3C6ECE139F80551E8DA1700AEE0D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B32F4A6374C1BACC735686E6B762CF9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F1518C802BC65B4ACCF61F7ED4119CE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37679493DA167A9809BDD3745114F6FB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\272D8F79A0A2F129F533639640847FFE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F9A59282A0CC569B1A1FCE7D307A1DB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3518FE8F8B43917AEAA4517A9D9C28E3_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\406CC802649C4A02BFECB6C8F94E3EC2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\452157065AE671C6B20E321CB43E4B39_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36C3DEAED5BC0346082AB4805626925C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41E70B04259112918E556440E6439A23_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\453EDC80423A0CAD78ADD02DFDC8AF6E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\430FE770966E1BC22A8D023BD595F637_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AA0D9AE46DCA5DAFE22DD22758EAA83_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B06798FCFD0F3B706FAA34C41E0325A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51A9DE5CBC7695076EF328877FEB5C01_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C948FE34BC950B6DCB8A4A215588C5F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\466FF8413D890AF3694BE6B68173611B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AFC43B3A14BD7D9FA3857F1535B5DA0_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A512B6232CFC740A7696D1B411BC775_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53C6691395B926AF2E959BF7C71D6C54_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BC351480C285D6C422D085B4A03CBDE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5632E8E2375AA3C78D4020B95CBE00E6_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E16C40A44262E6C7C52F5F66FC9AC72_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BBF75FEB6C3E218C90DF3FA6AA395FF_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F1C397526A1814AA4C951F8B34BF54B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE0ECD78B6946DA17F8362C0D8F0B73_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6144CFDD9797331D01D0137D98802A13_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6108FFB4725F437AF7A92AFFBEA37DB1_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6349B016FE76A43A3C6831E389A41303_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63ADBCF3BA24F41DC78A50B0B9A81059_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65FDE3FC2B969B73216526CF457BA85A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C8A4B0B8D3E05C8130EFC72FB62B5A2_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58F429DAF0DE824C30E643A9EEF62856_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E876350BB29CE4118675363D4BAED1B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\646FE91345F4E5BEE7AB53A61B7BD60B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66326B61AA9AFFB9D659B18906AA500F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B0F012D9879FD8654F4E98B772B4240_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C536AB6048A6ACDDF9D7BEA5DFE05AD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F7975BC6D788BF232A3FDC16A13590C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BC0B66618399CA0F44264CB3AD6DE0_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F5B7070F537B431001B32D26943CB95_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70196377601B90D311458851E409EF6A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\703ECC9C737645DE991CF4B8B90B9505_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DF85F7990A30341AB5E3577E50CE286_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70D006BD554D7A122975880C0487B028_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7279B9CC6AFBAA02F3CE3FFE5E7B821E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71DDC7DC3D5BA2978399D33D61F2BD00_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7209AB74462C5565C2859E725134DD7D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74C6B8638C89FE4E6540F964BC9628FA_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\735676709181284393CC6B3725C47AD5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73D8071B9231D929EEDA790799D197E5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7093357EF7F2279C2E3CE12CDFF98748_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\762DBEAD829B4542196F518D4306F636_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77A7A34A15DCE902E9266D4D1F6125A1_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A886D6025D7423F94F360C98643C7A0_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B11DF37236F124481E02B763DE180E9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76CC5109B86CACA8AA1DDCCB9B7BAD8D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80761BA6E500D3A6F01431D785B4D53D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E14D3B1F1252BB4192B84D245D68CA6_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\842FEBE6AFE0C689D444A9063C3527C9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AC8665A854075C5BBF265CD48DAAEB5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86A10AB7A1EAC52DAB6E3D1CA1F8E015_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80BDAF30A3084447157F3B04756E91DE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85FE7849D2D47AC7D82699A1EEF0F7FD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83FD9417C0D20A8D24903741FD4E02C7_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E119288FFB2798D30508B34F54820EE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D0151F02D7C9F116EDE4A3CE032C0BB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E95AC60EB5CE8BE06B7A9CC608DE45C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\877E4ED20AAABA2EF19CBFC2323F4B3F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93EA17463BF43FC55D4FEC8109844A93_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96DEB5048E26390C78B746EA5E70AE23_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\995753C40C5FB0DF3730D2FFA9C2C8A1_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EE5CC0A66E820192756700AD01EC5A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A77F3FD2460D0FE6291384C26FD4AA8_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B4A40D50DFE262E3BAA628F0905679B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9BB3B23C99520E7A725AF4125C698082_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C3ED9C9BD4655866478AA106C5F916B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F9A10F69B528AE266D9FB1100FD2241_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1B1545FCDA207FF2F78FD184B71A714_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3CB3D80A027058B565E1037D279236A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8B540804397B3D1A4200706EB45FF96_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A93FA8608D395B2CAC74EFEDEB65F5A7_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FDDF0CB233387271CDDEDB42321799A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9956F452A5C5128FD58DBF05F1D9F948_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9923F931CF6C40C2B0C912EA516ABCD5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A95811A8E955BF02E676818C99882A8E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC4795633F1B61010015BD5D268BD9AC_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2A9A6CE065E1321B2FA12097CA1CC42_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B928CFEA1EE6ED5DCF080A4AA0876374_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94A8743A62AC0B576921AE037261259_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBA7880689385507A7226D6000A75E50_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBD143B295D2EEEB904D364AB8FE987C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF807B1D706A9F45EA5E9FD05DCBEF55_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C08AF139AE942879CEAE54ED6D488E3D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B918022EA5A6E0DAB5AF144C9355C5CA_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFD8B382DE26ECE1CCB18DF0BCEB5E94_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C29813DBC87269211112D0B9FFE01279_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3C2DF57BE23E65D6BE6B9588984F484_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4E487B20A3EC196DC23C9DC9E1A637C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC88D97010D5C8783D38C49A259431FB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7FBDDFD4D61E27E56414190E8AA95AE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C980C4E7EE7B149C91147E409914CE73_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA72770343B3C546992B9FE32CF834F4_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE1B42829A7D38397707F4112D62B8A9_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC34917DF177A8224F544BAAF17F714A_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CEF7310D26FAEF83C59F498F509A9BD8_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D21D14A535EA2A4A191E9B7B390D3BFD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2A595061551D3AE957524092D14EDFF_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\989569D0F970BFDFA58C1C6AED1E868E_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4A5E57BBBC8AEA3DC6879D3A3A356BC_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4AC00E77D187243E4F816361F1651BB_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A993E6E59344FBDE1F7A0AD567DEB016_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D92D614C1E5B19004EA1DC05F0EFABCD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D77A70246574531F3E7BCEE78B3A59A5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D8BC1CB2B84FB6B0D0850618CA8C68A0_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA55EEFCF6B5F6735F133C14A6B98DD5_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C171C0EEDDBD1C8F9E62146BA550AC61_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB880B731FB8B75D27E58C599082D9F8_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA5F40C95CCFFB5BFD7BE5542C397B6D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D07AD1E03C6B2692F956791D9F0AF8D8_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB9684C013340780734DF060DF16AC74_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD6677C89695C9D4080A1329D057D210_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEF27DB86FC728AADE22CACBB8066A19_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCA8A086E4F15B0F462C31AF0BA4CB7_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCE4CD319E466538E61C0F3487CC4128_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4B8233D495715A9CB9D73441D3A9913_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E76DAA2C88CC58595843F0816DA855AE_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7F081533972A331AFF4D8C93426AA10_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC1612BF36C8148F4ECEC85A095F185B_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E96CD9F7B3E39786F36AB2024B808B01_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEBA8DA328A344D11C4239BF5336F1FD_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF9B0AE16EFC0BDC76F9DF73B50CF1B8_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F300740CAE1C837F788C1EED77E77B0D_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E80B9455BF5000716735F592793F9E9C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F97D2397AD96D977A182A650E9B9C923_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC4741BCF1C23AA697F5AAFAFA032530_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F455CA838E52E6582D01D87F6F08C37F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9E84DDEBBB842119859AC37CCD128E3_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB83F3C7F7CF079FA26EA38C3CBA30F1_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC891F2A680BA19E63A55565DC001E70_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDF0A7AB754B5CC32ECB0F3587515B8C_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF24272D3458288E9E98BD81A84B9641_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF52AC1AA014E27AD9DFE4F8D00ED24F_ED9E8620-10E6-4640-ADEE-7409C1AC6AAD

Options

Scanning engines: Scanning options:

  • Scan all files
  • Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Link to post
Share on other sites

RSIT:

Log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gabe at 2013-01-04 17:06:23

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 226 GB (49%) free of 464 GB

Total RAM: 4085 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:06:30 PM, on 1/4/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\trend micro\Gabe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: iToolsBHO - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (file missing)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\Users\Gabe\AppData\Local\Temp\F-Secure\Anti-Virus\fsblsrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6498 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

wininit.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

taskeng.exe {85EAE25D-EFB3-4E4B-AB0B-AB45B4A8453B}

taskeng.exe {0B60246F-45DD-4A7B-9C6A-A6BF8387D87D}

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-bdc7fe5f-0400-490f-b74d-05ed4fbcf244 -SystemEventPortName:HostProcess-913565d7-29e1-413a-be23-fc3dec2cee8e -IoCancelEventPortName:HostProcess-99572bf0-c67d-44a1-9dfe-4a5fb5fa3c94 -NonStateChangingEventPortName:HostProcess-e48a2dd9-1e36-4974-8522-57971b716b2b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:baff3e53-84a3-45b4-9004-49ab13f620c9 -DeviceGroupId:WpdFsGroup

C:\Windows\System32\mobsync.exe -Embedding

"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2832.a70bd00.698813340 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll" - -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 2832 "\\.\pipe\gecko-crash-server-pipe.2832" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe" --proxy-stub-channel=Flash3288.7198B7B8.41 --host-broker-channel=Flash3288.7198B7B8.18467 --host-pid=3288 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe" --channel=3328.001BF91C.2039754779 --proxy-stub-channel=Flash3288.7198B7B8.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll" --host-npapi-version=27 --type=renderer

"C:\Windows\system32\wuauclt.exe"

"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding

C:\Users\Gabe\AppData\Local\Temp\F-Secure\Anti-Virus\fsblsrv.exe

"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" -Embedding

"C:\Users\Gabe\Desktop\malware forum\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe46_ Global\UsGthrCtrlFltPipeMssGthrPipe46 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 652 656 664 65536 660

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HPCeeScheduleForGabe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-30 551400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-09-09 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-30 209384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1499FE7-129D-4B6E-B681-DDF21E14172C}]

BHOImpl Class - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO64.dll [2012-12-20 40424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-04 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-09 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-04 170416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1499FE7-129D-4B6E-B681-DDF21E14172C}]

BHOImpl Class - C:\Users\Gabe\Documents\iTools\Plugin\iToolsBHO.dll [2012-12-20 51176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{4064EA35-578D-4073-A834-C96D82CBCF40} - &Save Flash - C:\Program Files (x86)\Save Flash\SaveFlash.dll [2007-09-06 1179648]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

C:\Windows\ehome\ehTray.exe [2008-01-20 138240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\Windows\system32\hkcmd.exe [2009-02-26 227352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-01-12 972344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-01 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-11-03 182808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\Windows\system32\igfxtray.exe [2009-02-26 154648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 2206280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-12-12 152544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]

C:\Windows\system32\MRT.exe [2012-12-14 67413224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\Windows\system32\igfxpers.exe [2009-02-26 202264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]

C:\Windows\system32\jureg.exe -delete []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]

C:\PROGRA~2\HP\BUTTON~1\BM.exe [2008-11-06 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i.lnk]

C:\PROGRA~2\ArcSoft\MAGIC-~1\Magic-i.exe [2008-05-21 530944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-02-26 230400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\New Key #1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{640167b4-59b0-47a6-b335-a6b3c0695aea}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDriveTypeAutoRun"=60

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.ffds"=ff_vfw.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2013-01-04 17:06:23 ----D---- C:\rsit

2013-01-04 17:06:23 ----D---- C:\Program Files\trend micro

2013-01-04 07:34:45 ----D---- C:\Users\Gabe\AppData\Roaming\f-secure

2013-01-04 07:34:16 ----D---- C:\ProgramData\F-Secure

2013-01-04 07:21:19 ----A---- C:\Windows\SYSWOW64\javaws.exe

2013-01-04 07:20:43 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2013-01-04 07:20:43 ----A---- C:\Windows\SYSWOW64\javaw.exe

2013-01-04 07:20:43 ----A---- C:\Windows\SYSWOW64\java.exe

2012-12-30 11:11:40 ----A---- C:\AdwCleaner[R3].txt

2012-12-30 10:22:09 ----D---- C:\Windows\ERUNT

2012-12-30 10:21:32 ----D---- C:\JRT

2012-12-30 10:15:20 ----A---- C:\Windows\system32\npDeployJava1.dll

2012-12-30 10:15:20 ----A---- C:\Windows\system32\javaws.exe

2012-12-30 10:15:20 ----A---- C:\Windows\system32\deployJava1.dll

2012-12-30 10:14:48 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll

2012-12-30 10:14:48 ----A---- C:\Windows\system32\javaw.exe

2012-12-30 10:14:48 ----A---- C:\Windows\system32\java.exe

2012-12-30 10:13:51 ----D---- C:\Program Files\Java

2012-12-29 07:56:18 ----A---- C:\TDSSKiller.2.8.15.0_29.12.2012_07.56.18_log.txt

2012-12-24 13:46:46 ----SD---- C:\32788R22FWJFW

2012-12-24 13:32:10 ----A---- C:\AdwCleaner[s2].txt

2012-12-24 13:18:23 ----A---- C:\AdwCleaner[R2].txt

2012-12-24 13:17:37 ----A---- C:\AdwCleaner[R1].txt

2012-12-24 13:04:51 ----SHD---- C:\$RECYCLE.BIN

2012-12-24 12:34:47 ----D---- C:\Windows\temp

2012-12-24 12:34:45 ----A---- C:\ComboFix.txt

2012-12-24 09:36:20 ----A---- C:\Windows\ntbtlog.txt

2012-12-22 15:47:04 ----D---- C:\Users\Gabe\AppData\Roaming\JawboneUpdater

2012-12-22 15:47:03 ----D---- C:\Program Files (x86)\Jawbone

2012-12-22 15:42:42 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2012-12-22 15:42:42 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2012-12-22 15:42:42 ----A---- C:\Windows\system32\atmlib.dll

2012-12-22 15:42:42 ----A---- C:\Windows\system32\atmfd.dll

2012-12-20 21:06:24 ----D---- C:\Program Files (x86)\Temp

2012-12-20 21:05:11 ----A---- C:\Windows\SYSWOW64\drivers\libusb0.sys

2012-12-20 21:05:09 ----HD---- C:\Program Files (x86)\Dr.Fone_Temp

2012-12-20 21:05:09 ----D---- C:\Program Files (x86)\Wondershare

2012-12-20 00:05:37 ----D---- C:\ProgramData\ClubSanDisk

2012-12-19 23:39:02 ----D---- C:\Program Files (x86)\Wide Angle Software

2012-12-19 23:22:15 ----A---- C:\Windows\system32\roboot64.exe

2012-12-19 23:21:58 ----D---- C:\Program Files (x86)\Reincubate

2012-12-14 07:55:30 ----A---- C:\Windows\system32\Wdfres.dll

2012-12-14 07:55:30 ----A---- C:\Windows\system32\drivers\WdfLdr.sys

2012-12-14 07:55:26 ----A---- C:\Windows\SYSWOW64\winusb.dll

2012-12-14 07:55:26 ----A---- C:\Windows\system32\winusb.dll

2012-12-14 07:55:26 ----A---- C:\Windows\system32\drivers\WUDFRd.sys

2012-12-14 07:55:26 ----A---- C:\Windows\system32\drivers\WUDFPf.sys

2012-12-14 07:55:25 ----A---- C:\Windows\system32\WUDFSvc.dll

2012-12-14 07:55:25 ----A---- C:\Windows\system32\WUDFPlatform.dll

2012-12-14 07:55:24 ----A---- C:\Windows\system32\WUDFHost.exe

2012-12-14 07:55:24 ----A---- C:\Windows\system32\WUDFCoinstaller.dll

2012-12-14 07:55:24 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2012-12-14 07:55:23 ----A---- C:\Windows\system32\WUDFx.dll

2012-12-14 07:48:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-12-14 07:48:11 ----A---- C:\Windows\system32\mshtmled.dll

2012-12-14 07:48:10 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2012-12-14 07:48:09 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-12-14 07:48:09 ----A---- C:\Windows\system32\ieUnatt.exe

2012-12-14 07:48:09 ----A---- C:\Windows\system32\ieui.dll

2012-12-14 07:48:08 ----A---- C:\Windows\SYSWOW64\url.dll

2012-12-14 07:48:08 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2012-12-14 07:48:08 ----A---- C:\Windows\system32\url.dll

2012-12-14 07:48:08 ----A---- C:\Windows\system32\jsproxy.dll

2012-12-14 07:48:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-12-14 07:48:07 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-12-14 07:48:07 ----A---- C:\Windows\system32\urlmon.dll

2012-12-14 07:48:07 ----A---- C:\Windows\system32\jscript9.dll

2012-12-14 07:48:06 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-12-14 07:48:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2012-12-14 07:48:06 ----A---- C:\Windows\system32\wininet.dll

2012-12-14 07:48:06 ----A---- C:\Windows\system32\msfeeds.dll

2012-12-14 07:48:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-12-14 07:48:05 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-12-14 07:48:05 ----A---- C:\Windows\system32\vbscript.dll

2012-12-14 07:48:05 ----A---- C:\Windows\system32\jscript.dll

2012-12-14 07:48:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-12-14 07:48:04 ----A---- C:\Windows\system32\iertutil.dll

2012-12-14 07:48:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-12-14 07:47:59 ----A---- C:\Windows\system32\mshtml.dll

2012-12-14 07:47:58 ----A---- C:\Windows\system32\ieframe.dll

2012-12-14 07:47:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-12-13 20:40:38 ----D---- C:\Program Files\iPod

2012-12-13 20:40:35 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-13 20:40:35 ----D---- C:\Program Files\iTunes

2012-12-13 20:40:35 ----D---- C:\Program Files (x86)\iTunes

2012-12-13 09:02:32 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2012-12-13 09:02:32 ----A---- C:\Windows\system32\kernel32.dll

2012-12-13 09:02:29 ----A---- C:\Windows\system32\drivers\volsnap.sys

2012-12-13 09:02:24 ----A---- C:\Windows\system32\win32k.sys

2012-12-13 09:02:14 ----A---- C:\Windows\SYSWOW64\tzres.dll

2012-12-13 09:02:14 ----A---- C:\Windows\system32\tzres.dll

2012-12-13 09:02:09 ----A---- C:\Windows\system32\dpnet.dll

2012-12-13 09:02:09 ----A---- C:\Windows\system32\dpnathlp.dll

2012-12-13 09:02:08 ----A---- C:\Windows\SYSWOW64\dpnsvr.exe

2012-12-13 09:02:08 ----A---- C:\Windows\SYSWOW64\dpnet.dll

2012-12-13 09:02:08 ----A---- C:\Windows\system32\dpnsvr.exe

2012-12-06 14:04:26 ----D---- C:\ProgramData\McAfee

2012-12-05 08:21:09 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-11-29 13:13:49 ----D---- C:\Program Files (x86)\QuickTime

2012-11-29 12:20:44 ----D---- C:\Users\Gabe\AppData\Roaming\NabiSync

2012-11-29 12:19:21 ----D---- C:\Program Files (x86)\nabi

2012-11-29 11:54:54 ----A---- C:\Windows\SYSWOW64\libusb0.dll

2012-11-29 11:54:54 ----A---- C:\Windows\system32\libusb0.dll

2012-11-29 11:54:54 ----A---- C:\Windows\system32\drivers\libusb0.sys

2012-11-14 13:22:24 ----A---- C:\Windows\SYSWOW64\synceng.dll

2012-11-14 13:22:24 ----A---- C:\Windows\system32\synceng.dll

2012-11-05 06:43:23 ----D---- C:\DriveKey

2012-11-03 18:13:58 ----A---- C:\Windows\SYSWOW64\drivers\SBKUPNT.SYS

2012-11-03 18:13:58 ----A---- C:\Windows\SYSWOW64\DEVLOAD.EXE

2012-11-03 18:13:45 ----A---- C:\Windows\IsUninst.exe

2012-10-10 11:00:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2012-10-10 11:00:50 ----A---- C:\Windows\system32\wintrust.dll

2012-10-10 11:00:45 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-10-10 11:00:40 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2012-10-10 11:00:40 ----A---- C:\Windows\system32\crypt32.dll

2012-10-10 11:00:39 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll

2012-10-10 11:00:39 ----A---- C:\Windows\SYSWOW64\cryptnet.dll

2012-10-10 11:00:39 ----A---- C:\Windows\system32\cryptsvc.dll

2012-10-10 11:00:39 ----A---- C:\Windows\system32\cryptnet.dll

======List of files/folders modified in the last 3 months======

2013-01-04 17:06:30 ----D---- C:\Windows\Prefetch

2013-01-04 17:06:23 ----RD---- C:\Program Files

2013-01-04 07:34:16 ----D---- C:\ProgramData

2013-01-04 07:21:19 ----SHD---- C:\Windows\Installer

2013-01-04 07:21:19 ----D---- C:\Windows\SysWOW64

2013-01-04 07:20:28 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

2013-01-04 07:20:07 ----SHD---- C:\System Volume Information

2013-01-04 07:08:54 ----D---- C:\Windows\System32

2013-01-04 07:08:54 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-01-03 07:47:38 ----D---- C:\Windows\inf

2013-01-02 19:35:48 ----D---- C:\Windows\system32\catroot2

2012-12-30 18:40:21 ----D---- C:\Users\Gabe\AppData\Roaming\vlc

2012-12-30 11:01:49 ----RD---- C:\Program Files (x86)

2012-12-30 11:01:46 ----D---- C:\Windows

2012-12-30 10:01:53 ----D---- C:\Program Files (x86)\Java

2012-12-30 10:01:51 ----D---- C:\Program Files (x86)\Common Files

2012-12-29 07:56:19 ----D---- C:\Windows\system32\drivers

2012-12-27 11:39:35 ----D---- C:\ProgramData\Microsoft Help

2012-12-27 11:27:22 ----D---- C:\Windows\SMINST

2012-12-27 09:45:09 ----D---- C:\Windows\pss

2012-12-24 12:34:47 ----D---- C:\Qoobox

2012-12-24 12:32:18 ----A---- C:\Windows\system.ini

2012-12-24 12:32:15 ----D---- C:\Windows\system32\drivers\etc

2012-12-24 12:28:54 ----D---- C:\Windows\SYSWOW64\drivers

2012-12-24 12:28:54 ----D---- C:\Windows\AppPatch

2012-12-24 09:57:36 ----D---- C:\Users\Gabe\AppData\Roaming\uTorrent

2012-12-24 08:34:09 ----D---- C:\Windows\winsxs

2012-12-24 08:09:50 ----D---- C:\Windows\system32\catroot

2012-12-21 00:16:35 ----HD---- C:\Users\Gabe\AppData\Roaming\Vso

2012-12-20 00:00:30 ----D---- C:\Windows\Tasks

2012-12-19 23:56:31 ----D---- C:\Windows\system32\Tasks

2012-12-16 10:51:11 ----D---- C:\Windows\rescache

2012-12-14 18:27:25 ----D---- C:\Windows\system32\en-US

2012-12-14 18:27:25 ----D---- C:\Windows\system32\drivers\en-US

2012-12-14 18:27:24 ----D---- C:\Windows\system32\wbem

2012-12-14 18:27:23 ----D---- C:\Program Files (x86)\Internet Explorer

2012-12-14 18:27:22 ----D---- C:\Windows\SYSWOW64\migration

2012-12-14 18:27:21 ----D---- C:\Windows\system32\migration

2012-12-14 18:27:20 ----D---- C:\Program Files\Internet Explorer

2012-12-14 07:57:11 ----A---- C:\Windows\system32\mrt.exe

2012-12-14 07:45:19 ----D---- C:\Windows\SYSWOW64\en-US

2012-12-11 18:25:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-12-11 08:06:24 ----D---- C:\Program Files (x86)\Yahoo!

2012-12-08 15:45:03 ----HD---- C:\Users\Gabe\AppData\Roaming\AVI ReComp

2012-12-06 14:06:06 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll

2012-12-05 22:34:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-15 19:28:31 ----D---- C:\Windows\Microsoft.NET

2012-11-15 19:27:53 ----RSD---- C:\Windows\assembly

2012-11-15 06:52:20 ----D---- C:\Windows\Debug

2012-11-14 14:44:12 ----D---- C:\Program Files (x86)\Google

2012-11-13 21:03:11 ----D---- C:\ProgramData\HP

2012-11-05 06:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2012-10-21 09:59:00 ----HD---- C:\Users\Gabe\AppData\Roaming\Media Player Classic

2012-10-21 09:58:49 ----D---- C:\Windows\Panther

2012-10-21 09:58:49 ----D---- C:\Windows\ModemLogs

2012-10-21 09:58:49 ----D---- C:\Windows\Logs

2012-10-21 09:58:22 ----D---- C:\Program Files (x86)\CCleaner

2012-10-20 10:36:26 ----D---- C:\ProgramData\WildTangent

2012-10-18 04:45:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-11-03 406040]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-01-17 860656]

R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2009-02-10 115600]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]

R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2012-02-21 294248]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-10-18 10240]

R3 ARCSOFTVIRTUALCAPTURE;Magic-i Virtual Driver; C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys [2007-07-02 18304]

R3 CAXHWBS3;CAXHWBS3; C:\Windows\system32\DRIVERS\CAXHWBS3.sys [2008-02-12 286208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys [2008-02-12 1481216]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-02-26 10276352]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-07-03 1477272]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-01 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-01 15128]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-01 66840]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-01 60696]

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2006-09-07 21504]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2008-02-14 160768]

R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 98944]

R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 168704]

R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2008-02-05 79416]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2008-02-12 740864]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-25 87040]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-25 198656]

S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS [2009-09-27 35840]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 145408]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 42496]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]

S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2011-09-01 32536]

S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0; C:\Windows\system32\DRIVERS\libusb0.sys [2012-11-29 52320]

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]

S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista; C:\Windows\system32\DRIVERS\WUSB54GCx64.sys [2007-03-12 320512]

S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; syswow64\drivers\pcdrndisuio.sys []

S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-01-14 82816]

S3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2008-12-04 33160]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-09-28 53760]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-10 36864]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 27648]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 27648]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 27648]

R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\Users\Gabe\AppData\Local\Temp\F-Secure\Anti-Virus\fsblsrv.exe [2013-01-04 167936]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 27648]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-09 194104]

S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

S4 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-19 72704]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 250808]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

S4 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-16 246520]

S4 gupdate1c9869ed01db30;Google Update Service (gupdate1c9869ed01db30); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

S4 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

S4 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]

S4 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-11-03 354840]

S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504]

S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]

S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S4 MgiSvr;MgiSvr; C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe [2006-11-13 76544]

S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-05 115168]

S4 NMSAccessU;NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]

S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S4 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-10-18 412672]

S4 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

-----------------EOF-----------------

info:

info.txt logfile of random's system information tool 1.09 2013-01-04 17:06:32

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\HP Games\Airstrike 2 - Gulf Thunder\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Ancient Secrets\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Aztec Tribe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Azteca\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bookworm Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bounce Symphony\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Build-a-lot 3\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Cake Mania\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Coconut Queen\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Defense Grid - The Awakening\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Farm Frenzy\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Hidden Relics\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Insaniquarium Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Jane's Realty\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Jewel Quest II\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Jewel Quest\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\JoJo's Fashion Show\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Sea Journey\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Super Granny 4\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Vacation Mogul\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Westward IV - All Aboard\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"

-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC

-->C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL

64 Bit HP CIO Components Installer-->MsiExec.exe /I{9F560BEB-021F-43AC-825F-AA60442D8DE4}

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Creative Suite 5 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{288DB08D-0708-4A94-B055-55B99E39EB62}"

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}

Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 9.5.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

A-PDF Restrictions Remover 1.6-->"C:\Program Files (x86)\A-PDF Restrictions Remover\unins000.exe"

Apple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547}

Apple Mobile Device Support-->MsiExec.exe /I{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ArcSoft Magic-i 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}\setup.exe" -l0x9

ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{719842F9-FF69-4BA6-A6FE-52244575E0B3}\setup.exe" -l0x9

ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}\setup.exe" -l0x9

AVI ReComp 1.4.5-->C:\Program Files (x86)\AVI ReComp\Uninstall.exe

AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"

Azkend-->"C:\Program Files (x86)\HP Games\Azkend\Uninstall.exe"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Program Files (x86)\CDBurnerXP\unins000.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

ConvertHelper 2.2-->"C:\Program Files (x86)\ConvertHelper\unins000.exe"

ConvertXtoDVD 3.3.4.107-->"C:\Program Files (x86)\VSO\ConvertX\3\unins000.exe"

Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"

CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall

Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"

DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall

DVDFab 8.0.0.5 (25/08/2010)-->"C:\Program Files (x86)\DVDFab 8\unins000.exe"

DVDFab 8.2.0.8 (29/08/2012) Qt-->"C:\Program Files (x86)\DVDFab 8 Qt\unins000.exe"

Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u

eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}

Freelang Dictionary (wordlist)-->"C:\Users\Gabe\AppData\Local\Freelang Dictionary\unins001.exe"

Freelang Dictionary 3.74 beta-->"C:\Users\Gabe\AppData\Local\Freelang Dictionary\unins000.exe"

GoldWave v5.25-->"C:\Program Files (x86)\GoldWave\unstall.exe" "GoldWave v5.25" "C:\Program Files (x86)\GoldWave\unstall.log"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall

Hardware Diagnostic Tools-->C:\Program Files (x86)\PC-Doctor for Windows\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409

HP Button Manager-->C:\Program Files (x86)\InstallShield Installation Information\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}\setup.exe -runfromtemp -l0x0009 -removeonly

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly

HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}

HP Customer Participation Program 8.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr40.exe -datfile hpqhsc01.dat

HP Demo-->MsiExec.exe /X{97ABD26A-3249-46CB-B2E2-F66E64B2E480}

HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"

HP Imaging Device Functions 8.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr40.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr40.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 8.0-->C:\Program Files (x86)\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr40.exe -datfile hposcr13.dat

HP Photosmart Essential 3.0-->C:\Program Files (x86)\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}

HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}

HP Solution Center 8.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr40.exe -datfile hpqbud05.dat

HP Total Care Advisor-->MsiExec.exe /X{F31E534B-4199-4552-8154-5C130710D68E}

HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything

HP Webcam User's Guide-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\setup.exe" -l0x9

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly

Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall

Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

iTunes DB Cloner-->"C:\Program Files (x86)\Felipe Corsino\iTunes DB Cloner\uninstall.exe"

iTunes-->MsiExec.exe /I{0E5D76AD-A3FB-48D5-8400-8903B10317D3}

Java 7 Update 10 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417010FF}

Java 7 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217010FF}

Jawbone Updater-->C:\Program Files (x86)\Jawbone\uninstall.exe

KC Softwares VideoInspector-->"C:\Program Files (x86)\KC Softwares\VideoInspector\unins000.exe"

LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}

LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}

Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC-->C:\Program Files (x86)\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe -runfromtemp -l0x0009 -removeonly

Logitech SetPoint 6.32-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe

Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Virtual PC 2007 SP1-->MsiExec.exe /X{AD483998-2E9A-4405-83FF-6E503AF49CBB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Mozilla Firefox 17.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}\muveesetup.exe -removeonly -runfromtemp

nabi Sync 1.0-->"C:\Program Files (x86)\nabi\unins000.exe"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

PCIe Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU64m.exe -U -IHPKIWIy.INF

PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}

Photo Viewer 2.3-->"C:\Program Files (x86)\Photo Viewer\uninstall.exe"

Plants vs. Zombies-->C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\Install.log"

Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}

Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}

QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}

Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m -nrg2709

Save Flash 4.1-->C:\Program Files (x86)\Save Flash\uninst.exe

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {480E8A87-3B8C-3ECE-8CEA-6B2349AE1C1F} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}

Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly

Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly

Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

System Requirements Lab CYRI-->MsiExec.exe /I{53787BFA-B262-4C2E-871E-5D1177D5A860}

System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe

TreeSize Personal 5.2.3-->"C:\Program Files (x86)\JAM Software\TreeSize Personal\unins000.exe"

Trine-->"C:\Program Files (x86)\HP Games\Trine\Uninstall.exe"

UltraISO Premium V9.33-->"C:\Program Files (x86)\UltraISO\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Vista Codec x64 Components-->"C:\Program Files\VistaCodecPack\unins000.exe"

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VLC media player 2.0.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

VobSub 2.23-->C:\Program Files (x86)\Gabest\VobSub\uninstall.exe

Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}

Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"

Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

WinZip 16.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}

Wondershare Dr.Fone(Build 1.0.2.5)-->"C:\Program Files (x86)\Wondershare\Dr.Fone\unins000.exe"

Xilisoft Video Converter Ultimate-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\Uninstall.exe

XP Codec Pack-->C:\Program Files (x86)\XP Codec Pack\Uninstall.exe

Xvid 1.2.1-->C:\Program Files (x86)\Xvid\unins000.exe

Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Gabes-PC

Event Code: 10005

Message: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 389737

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20121230192750.000000-000

Event Type: Error

User:

Computer Name: Gabes-PC

Event Code: 10005

Message: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

Record Number: 389736

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20121230192741.000000-000

Event Type: Error

User:

Computer Name: Gabes-PC

Event Code: 5101

Message: Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

Expiration Reason: Windows Activation Technologies genuine validation failed

Expiration Date (UTC): ‎12/‎30/‎2012 7:27:37 PM

Error Code: 0x80092003

Error Description: An error occurred while reading or writing to a file.

Record Number: 389735

Source Name: Microsoft Antimalware

Time Written: 20121230192737.000000-000

Event Type: Error

User:

Computer Name: Gabes-PC

Event Code: 263

Message: The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Record Number: 389732

Source Name: PlugPlayManager

Time Written: 20121230192727.000000-000

Event Type: Warning

User:

Computer Name: Gabes-PC

Event Code: 6008

Message: The previous system shutdown at 11:15:13 AM on 12/30/2012 was unexpected.

Record Number: 389723

Source Name: EventLog

Time Written: 20121230192724.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Gabes-PC

Event Code: 6000

Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Record Number: 134614

Source Name: Microsoft-Windows-Winlogon

Time Written: 20121231024433.000000-000

Event Type: Warning

User:

Computer Name: Gabes-PC

Event Code: 6000

Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Record Number: 134611

Source Name: Microsoft-Windows-Winlogon

Time Written: 20121231024432.000000-000

Event Type: Warning

User:

Computer Name: Gabes-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 134606

Source Name: Microsoft-Windows-WMI

Time Written: 20121230192845.000000-000

Event Type: Error

User:

Computer Name: Gabes-PC

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 134603

Source Name: Microsoft-Windows-EventSystem

Time Written: 20121230192750.000000-000

Event Type: Error

User:

Computer Name: Gabes-PC

Event Code: 6000

Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Record Number: 134600

Source Name: Microsoft-Windows-Winlogon

Time Written: 20121230192733.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: Gabes-PC

Event Code: 4902

Message: The Per-user audit policy table was created.

Number of Elements: 0

Policy ID: 0xf62e

Record Number: 109612

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121230192716.563908-000

Event Type: Audit Success

User:

Computer Name: Gabes-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 0

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x4

Process Name:

Network Information:

Workstation Name: -

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: -

Authentication Package: -

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 109611

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121230192713.958691-000

Event Type: Audit Success

User:

Computer Name: Gabes-PC

Event Code: 4608

Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.

Record Number: 109610

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121230192713.958691-000

Event Type: Audit Success

User:

Computer Name: Gabes-PC

Event Code: 1101

Message: Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown.

Record Number: 109609

Source Name: Microsoft-Windows-Eventlog

Time Written: 20121230192725.658766-000

Event Type: Audit Success

User:

Computer Name: Gabes-PC

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-70977148-1491363651-1771877356-1000

Account Name: Gabe

Domain Name: Gabes-PC

Logon ID: 0x1b7dc

Record Number: 109608

Source Name: Microsoft-Windows-Eventlog

Time Written: 20121230190710.278603-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"DFSTRACINGON"=FALSE

"FP_NO_HOST_CHECK"=NO

"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

"NUMBER_OF_PROCESSORS"=2

"OnlineServices"=Online Services

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\hp\bin\Python;C:\Program Files (x86)\Common Files\Adobe\AGL;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PCBRAND"=Pavilion

"Platform"=HPD

"PROCESSOR_ARCHITECTURE"=AMD64

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=1706

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"asl.log"=Destination=file

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

See the forum policy on piracy http://forums.malwarebytes.org/index.php?showtopic=97700

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

Your log shows this

Trojan.Generic.7308233 (virus)

  • C:\USERS\GABE\PROGRAMS\AHEAD.NERO.V8.3.6.0\KEYGEN.EXE (Not cleaned)

I cannot help you further unless Nero software/program is Uninstalled.

Link to post
Share on other sites

Since the following were files and I didn't know why the program froze up the first time during cleaning I just deleted them after it was done with the others.

Trojan.Packed.7546 (virus)

  • C:\USERS\GABE\PROGRAMS\PROTECTIONID_V5.2C\PROTECTION_ID.EXE (Not cleaned)

Trojan.Generic.7308233 (virus)

  • C:\USERS\GABE\PROGRAMS\AHEAD.NERO.V8.3.6.0\KEYGEN.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

  • C:\USERS\GABE\DOCUMENTS\MONICA'S DOCUMENTS\MY DOWNLOADS\WINMX331.EXE (Not cleaned)

I can run another scan, to show that I deleted them if you want.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.