Jump to content

tlheyman

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Merged 4 post We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped My computer freezes up right after start up. I have been able to run both chkdsk and chkdsk/r and they found/fixed a ton of files but still freezing up. I can't successfully run a scan to upload for you. What should I do? And I've been trying to run dds and it never finishes. Ah, finally got both malwarebytes and dds to run. malwarebytes didn't find anything. dds reports shown below. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Gene at 19:41:47 on 2012-05-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6105 [GMT -4:00] . AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Backblaze\bzserv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\WinMsgBalloonServer.exe C:\Windows\SysWOW64\WinMsgBalloonClient.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\notepad.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Google Update] "C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{F78A3A08-EC59-452C-93A9-F7239DBC2CB8} : DhcpNameServer = 68.87.75.198 68.87.64.150 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll AppInit_DLLs: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File mRun-x64: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" AppInit_DLLs-X64: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\xo3cwgs6.default\ FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll FF - plugin: C:\Users\Gene\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?] R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880] R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2011-8-30 211240] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256] R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\sophos\AutoUpdate\ALsvc.exe [2012-4-11 232472] R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-2-21 1543704] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696] S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?] S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976] S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512] S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2012-05-29 21:19:16 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{639920FE-914A-4F9C-A8E2-6FF08ED599D0}\mpengine.dll 2012-05-29 14:55:32 -------- d-sh--w- C:\found.003 2012-05-28 17:46:31 -------- d-----w- C:\ProgramData\Recovery 2012-05-14 03:28:58 -------- d-sh--w- C:\found.002 2012-05-11 23:57:42 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-11 23:57:42 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 23:57:38 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-11 23:57:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 23:57:36 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-11 23:57:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 23:56:55 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-11 23:56:48 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-11 23:56:24 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 23:56:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 23:56:23 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 23:56:23 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 23:56:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-07 14:49:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-07 14:49:12 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-07 14:49:12 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-06 23:55:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 23:55:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 23:55:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll . ============= FINISH: 19:42:53.98 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/1/2009 10:09:40 PM System Uptime: 5/29/2012 7:19:09 PM (0 hours ago) . Motherboard: FOXCONN | | ALOE Processor: AMD Phenom™ II X4 910 Processor | CPU 1 | 2600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 298.285 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.231 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP377: 5/22/2012 4:02:17 PM - Windows Update RP378: 5/29/2012 5:17:30 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ACDSee Photo Manager 2009 ActiveCheck component for HP Active Support Library Adobe AIR Adobe Community Help Adobe Extension Manager CS5 Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.3) AirPort Amazon MP3 Downloader 1.0.9 AMD USB Filter Driver Apple Application Support Apple Software Update AVS Image Converter 1.3.2.141 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Backblaze Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite Deluxe DirectX for Managed Code Update (Summer 2004) Eye-One Match 3.6.2 eZsuite Google Chrome Google SketchUp 7.1 Google SketchUp 8 Google Toolbar for Internet Explorer Google Update Helper Homepage Protection HP Advisor HP Customer Experience Enhancements HP Easy Backup HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HPAsset component for HP Active Support Library HydraVision i1_driver_installer_utility_i1Match version 1.0 iPhone Backup Extractor Java Auto Updater Java™ 6 Update 31 LabelPrint LeapFrog Connect LeapFrog Leapster2 Plugin LeapFrog Tag Plugin LightScribe System Software Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Live Search Toolbar Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK PDF Settings CS5 Photodex Presenter PictureMover Power2Go PowerDirector PowerRecover QuickBooks QuickBooks Pro 2012 QuickTime RAIDXpert Realtek High Definition Audio Driver Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Click to Call Skype™ 5.5 Sophos Anti-Virus Sophos AutoUpdate StudioCloud 3.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 5/29/2012 7:19:50 PM, Error: Service Control Manager [7000] - The PDIHWCTL service failed to start due to the following error: The system cannot find the file specified. 5/29/2012 6:47:47 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center cval] by process svchost.exe. 5/29/2012 6:47:47 PM, Error: SAVOnAccess [563] - Communication error between on-access driver and service for access of registry key [\REGISTRY\MACHINE SOFTWARE\Microsoft\Security Center\Svc\Vol] by process svchost.exe. 5/29/2012 6:46:14 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point. 5/29/2012 6:46:13 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again 5/29/2012 6:46:13 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3deb6be05fdf]) filename continues: "...skMachineUA" 5/29/2012 6:46:13 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3deb37c9832b]) filename continues: "...Image (2).jpg" 5/29/2012 6:46:13 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3deb37aa9147]) filename continues: "...SystemCertificates\My\Certificates\16CB1B4B6C5C8D6F1135D0B681C29C74F1AB2EB3" 5/29/2012 6:46:13 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3deb37a10bc6]) filename continues: "....tmp\SWREG.DAT" 5/29/2012 6:46:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...skVolume2\Users\Gene\AppData\Local\Temp\nsv42DB.tmp\SWREG.DAT" (process cmd.exe, start check timestamp [ 1cd3decd9d00acf]). 5/29/2012 6:46:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...iskVolume2\Users\Gene\Pictures\scans\2012-01-03\Image (2).jpg" (process wmpnetwk.exe, start check timestamp [ 1cd3decd9d00acf]). 5/29/2012 6:46:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll" (process mbamservice.ex, start check timestamp [ 1cd3decd9d00acf]). 5/29/2012 6:46:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\CRYPTBASE.dll" (process mbamservice.ex, start check timestamp [ 1cd3decd9d00acf]). 5/29/2012 6:46:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\APISETSCHEMA.DLL" (process mbamservice.ex, start check timestamp [ 1cd3decd9d00acf]). 5/29/2012 6:46:13 PM, Error: SAVOnAccess [565] - Communication error between on-access driver and service for parent process cmd.exe creating target process SWREG.DAT. 5/29/2012 6:46:09 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\System32\Tasks\GoogleUpdateTa ..." of process taskeng.exe, start check timestamp [ 1cd3deb6be05fdf] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3deb378b9f64]) filename continues: "...\retailer.dll" 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3deb37a10bc6] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\APISETSCHEMA.DLL ..." of process mbamservice.ex, start check timestamp [ 1cd3deb37a10bc6] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\system32\SensApi.dll ..." of process wermgr.exe, start check timestamp [ 1cd3deb379eaa66] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Gene\Pictures\scans\2012-01-03\ ..." of process wmpnetwk.exe, start check timestamp [ 1cd3deb37c9832b] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Gene\AppData\Roaming\Microsoft\ ..." of process AdobeARM.exe, start check timestamp [ 1cd3deb37aa9147] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Gene\AppData\Local\Temp\nsv42DB ..." of process cmd.exe, start check timestamp [ 1cd3deb37a10bc6] did not complete in time: file was not scanned. 5/29/2012 6:44:40 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Sophos\AutoUpdate ..." of process ALsvc.exe, start check timestamp [ 1cd3deb378b9f64] did not complete in time: file was not scanned. 5/29/2012 6:41:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 5/29/2012 6:41:06 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\dllhost.exe ..." of process mbamservice.ex, start check timestamp [ 1cd3deab74fde1d] did not complete in time: file was not scanned. 5/29/2012 6:41:05 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\NaturalLanguage6.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3deab762e91f] did not complete in time: file was not scanned. 5/29/2012 6:39:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service. 5/29/2012 6:39:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 5/29/2012 6:38:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 5/29/2012 6:38:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 5/29/2012 6:37:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service. 5/29/2012 6:37:36 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 5/29/2012 6:37:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. 5/29/2012 6:35:32 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting. 5/29/2012 6:34:32 PM, Error: SAVOnAccess [85] - File [...ddiskVolume2\Users\Gene\AppData\Local\Temp\nsv42DB.tmp\temp00]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SED.DAT, (start check timestamp [ 1cd3deb379eaa66]). 5/29/2012 6:34:32 PM, Error: SAVOnAccess [85] - File [...cf1df_5.82.7600.16385_en-us_020378a8991bbcc2\comctl32.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3deabeb44415]). 5/29/2012 6:33:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect. 5/29/2012 6:33:27 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/29/2012 6:33:18 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\SysWOW64\NapaSet.txt" by process RAIDXpert.exe . 5/29/2012 6:33:07 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf" by process svchost.exe . 5/29/2012 6:33:07 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf" by process svchost.exe . 5/29/2012 6:32:57 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de95ea67f9b]) filename continues: "....dll" 5/29/2012 6:32:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...skVolume2\Users\Gene\AppData\Local\Temp\nsv42DB.tmp\SWREG.DAT" (process mbamservice.ex, start check timestamp [ 1cd3deafee19daa]). 5/29/2012 6:32:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...skVolume2\Users\Gene\AppData\Local\Temp\nsv42DB.tmp\SWREG.DAT" (process cmd.exe, start check timestamp [ 1cd3deafee3ff0b]). 5/29/2012 6:32:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WMIADAP.exe" (process mbamservice.ex, start check timestamp [ 1cd3deafee8c1cb]). 5/29/2012 6:32:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WMIADAP.exe" (process mbamservice.ex, start check timestamp [ 1cd3deafee6606b]). 5/29/2012 6:32:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WMIADAP.exe" (process mbamservice.ex, start check timestamp [ 1cd3deafee3ff0b]). 5/29/2012 6:31:27 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\system32\PhotoMetadataHandler ..." of process wmpnetwk.exe, start check timestamp [ 1cd3de95ea67f9b] did not complete in time: file was not scanned. 5/29/2012 6:31:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 5/29/2012 6:31:23 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/29/2012 6:31:23 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de95cb03d41]) filename continues: "....tmp\SWREG.DAT" 5/29/2012 6:31:23 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Gene\AppData\Local\Temp\nsv42DB ..." of process mbamservice.ex, start check timestamp [ 1cd3de95cb03d41] did not complete in time: file was not scanned. 5/29/2012 6:31:09 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de9544d240c]) filename continues: "...c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_020378a8991bbcc2" 5/29/2012 6:31:09 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de9544d240c]) filename continues: "...\comctl32.dll.mui" 5/29/2012 6:31:09 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft.windows. ..." of process mbamservice.ex, start check timestamp [ 1cd3de9544d240c] did not complete in time: file was not scanned. 5/29/2012 6:30:57 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de94cf70655]) filename continues: "...ui" 5/29/2012 6:30:57 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\syswow64\en-US\kernel32.dll.m ..." of process mbamservice.ex, start check timestamp [ 1cd3de94cf70655] did not complete in time: file was not scanned. 5/29/2012 6:30:57 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\dllhost.exe ..." of process mbamservice.ex, start check timestamp [ 1cd3de94ce8be14] did not complete in time: file was not scanned. 5/29/2012 6:30:53 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\system32\sppsvc.exe ..." of process services.exe, start check timestamp [ 1cd3de94aedb8fa] did not complete in time: file was not scanned. 5/29/2012 6:17:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 5/29/2012 6:17:58 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/29/2012 5:43:29 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de28c7120f7]) filename continues: "...P Advisor\MessagingServer.dll" 5/29/2012 5:43:29 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll" (process mbamservice.ex, start check timestamp [ 1cd3de416118dd2]). 5/29/2012 5:43:29 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\authz.dll" (process mbamservice.ex, start check timestamp [ 1cd3de416118dd2]). 5/29/2012 5:43:29 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [indows Media Player NSS\3.0\Servers\B5B46AFA-83C1-4CEF-AD17-EA3AD8C73173 Alive] by process wmpnetwk.exe. 5/29/2012 5:43:29 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [DD6-8A13-47EF-9431-BD4A3583DCDA}\{9A37047E-7B24-447F-A0A0-D67A5FEDB190} Reason] by process wmpnetwk.exe. 5/29/2012 5:43:29 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [572DDD6-8A13-47EF-9431-BD4A3583DCDA}\{9A37047E-7B24-447F-A0A0-D67A5FEDB190} ID] by process wmpnetwk.exe. 5/29/2012 5:43:29 PM, Error: SAVOnAccess [563] - Communication error between on-access driver and service for access of registry key [ {2572DDD6-8A13-47EF-9431-BD4A3583DCDA}\{9A37047E-7B24-447F-A0A0-D67A5FEDB190}] by process wmpnetwk.exe. 5/29/2012 5:42:38 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Hewlett-Packard\H ..." of process HPAdvisor.exe, start check timestamp [ 1cd3de28c7120f7] did not complete in time: file was not scanned. 5/29/2012 5:42:03 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\authz.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3de27837d008] did not complete in time: file was not scanned. 5/29/2012 5:41:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 5/29/2012 5:41:57 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\EJ & Olivia\Videos\desktop.ini ..." of process wmpnetwk.exe, start check timestamp [ 1cd3de27499d8be] did not complete in time: file was not scanned. 5/29/2012 5:41:55 PM, Error: SAVOnAccess [85] - File [...Volume2\Windows\system32\Microsoft\Protect\S-1-5-19\Preferred]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process lsass.exe, (start check timestamp [ 1cd3de273e4f029]). 5/29/2012 5:41:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3de272fba94f]) filename continues: "...ui" 5/29/2012 5:41:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe ..." of process mbamservice.ex, start check timestamp [ 1cd3de272f6e68e] did not complete in time: file was not scanned. 5/29/2012 5:41:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3de273e02d69] did not complete in time: file was not scanned. 5/29/2012 5:41:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\syswow64\en-US\kernel32.dll.m ..." of process mbamservice.ex, start check timestamp [ 1cd3de272fba94f] did not complete in time: file was not scanned. 5/29/2012 5:41:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\system32\drivers\spsys.sys ..." of process System, start check timestamp [ 1cd3de272e3db8c] did not complete in time: file was not scanned. 5/29/2012 5:41:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 5/29/2012 5:40:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 5/29/2012 5:40:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service. 5/29/2012 5:39:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. 5/29/2012 11:57:28 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s). 5/29/2012 11:55:44 AM, Error: Service Control Manager [7023] - The Sophos AutoUpdate Service service terminated with the following error: %%-2147467243 5/29/2012 11:49:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 5/29/2012 11:49:16 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/29/2012 11:48:32 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting. 5/29/2012 11:35:36 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243 5/29/2012 11:24:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SAVOnAccess spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/29/2012 11:24:14 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...gram Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3daa2d7ebd3d]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...gram Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3daa2d79fa7d]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...e2\Program Files (x86)\sophos\Sophos Anti-Virus\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cd3daa2d79fa7d]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1cd3daa2d7c5bdd]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1cd3daa2d79fa7d]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\wscisvif.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3daa2de779c9]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\wscisvif.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3daa2d85e15e]). 5/29/2012 10:48:58 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\wscisvif.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3daa2d837ffe]). 5/29/2012 10:48:57 AM, Error: SAVOnAccess [85] - File [...\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3ce5d7bd393f]). 5/29/2012 10:48:51 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\apss.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1cd3ce5d4ae1485]). 5/29/2012 10:46:27 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3ce57ca71156]) filename continues: "...twareUpdate" 5/29/2012 10:44:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP. 5/29/2012 10:44:21 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3ce531644f7d]) filename continues: "...r\Scans\History\Results\Quick\{1A72360D-EF20-4B81-BA64-3EEB88DBEFE0}" 5/28/2012 11:25:38 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3ce47fb819af]) filename continues: "...ows Defender\MP Scheduled Scan" 5/28/2012 11:25:38 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...pdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1006UA" (process taskeng.exe, start check timestamp [ 1cd3ce62281d22a]). 5/28/2012 11:25:38 AM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "kVolume2\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan" by process svchost.exe . 5/28/2012 11:25:38 AM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "aze\bzdata\bzfilelists\v000b000e2a408911fc0332c0417_c____filelist.dat.future" by process bzfilelist.exe . 5/28/2012 11:25:38 AM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [on\Schedule\TaskCache\Tasks\{9D50C01C-8270-464D-82CB-336B5D0862FF} DynamicInfo] by process svchost.exe. 5/28/2012 11:25:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 5/28/2012 11:25:24 AM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [4079445-1791342672-1006\Software\CyberLink\Common\CLML\TouchSmart ITunesStatus] by process CLMLSvc.exe. 5/28/2012 11:25:22 AM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "Volume2\ProgramData\Backblaze\bzdata\bzfilelists\completefilelist.dat.future" by process bzfilelist.exe . 5/28/2012 11:25:22 AM, Error: SAVOnAccess [565] - Communication error between on-access driver and service for parent process mbam.exe creating target process regsvr32.exe. 5/28/2012 11:25:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service. 5/28/2012 11:24:04 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\System32\Tasks\Microsoft\Wind ..." of process svchost.exe, start check timestamp [ 1cd3ce47fb819af] did not complete in time: file was not scanned. 5/28/2012 11:23:48 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\regsvr32.exe ..." of process mbam.exe, start check timestamp [ 1cd3ce4762dd5d8] did not complete in time: file was not scanned. 5/28/2012 11:23:32 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3ce46d515675]) filename continues: "...rms.ni.dll" 5/28/2012 11:23:32 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1cd3ce46d515675]) filename continues: "...727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Fo" 5/28/2012 11:23:32 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\NativeImages_v2.0.50 ..." of process mbamservice.ex, start check timestamp [ 1cd3ce46d515675] did not complete in time: file was not scanned. 5/28/2012 11:23:27 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\apss.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3ce46a41ea81] did not complete in time: file was not scanned. 5/28/2012 11:23:23 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll ..." of process mbamservice.ex, start check timestamp [ 1cd3ce467bf36f7] did not complete in time: file was not scanned. 5/27/2012 11:44:18 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\Prefetch\WSCCLIENT.EXE-0D8B4679.pf" by process svchost.exe . 5/25/2012 9:54:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit QuickBooks FCS service to connect. 5/25/2012 9:54:34 PM, Error: Service Control Manager [7000] - The Intuit QuickBooks FCS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/25/2012 9:54:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service QBFCService with arguments "" in order to run the server: {E2F551B5-D7E4-351C-A975-2E8EEE4D1917} 5/25/2012 5:00:02 PM, Error: SAVOnAccess [10] - The on-access driver failed to scan the boot sector of drive F:. . ==== End Of File =========================== Anybody? Please?
  2. Hi Elise. Yes, same one. It was working great for a couple of days but then slowed WAY down. No, nothing happened that I know of, anyway.
  3. My PC has been giving me trouble again all this week. It's freezing up on me constantly and I wasn't even able to run a simple Malwarebytes quick scan without it freezing partway through. Here are my logs... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Tracy at 13:54:00 on 2012-02-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6084 [GMT -5:00] . AV: Sophos Anti-Virus *Disabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Backblaze\bzbui.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Backblaze\bzserv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Backblaze\bzfilelist.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\WinMsgBalloonServer.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavMain.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\TEMP\sophos_autoupdate1.dir\alupdate.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized mRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup dRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{F78A3A08-EC59-452C-93A9-F7239DBC2CB8} : DhcpNameServer = 68.87.75.198 68.87.64.150 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll AppInit_DLLs: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup AppInit_DLLs-X64: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?] R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880] R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2011-8-30 211240] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-23 652360] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256] R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640] R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?] S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512] S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2012-02-24 14:10:50 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F387DAF-6A4D-4883-A618-8F67BF8C67CE}\mpengine.dll 2012-02-20 03:40:26 -------- d-----w- C:\Program Files\Common Files\Intuit 2012-02-19 20:59:39 -------- d-----w- C:\Users\Tracy\AppData\Local\Intuit 2012-02-19 20:56:26 -------- d-----w- C:\ProgramData\Nuance 2012-02-19 20:56:26 -------- d-----w- C:\ProgramData\Intuit 2012-02-19 20:56:26 -------- d-----w- C:\Program Files (x86)\Intuit 2012-02-19 20:56:26 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit 2012-02-19 20:56:10 -------- d-----w- C:\ProgramData\SQL Anywhere 11 2012-02-19 20:56:10 -------- d-----w- C:\ProgramData\COMMON FILES 2012-02-19 20:16:01 -------- d-----w- C:\Windows\Intuit 2012-02-15 08:01:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-15 08:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-14 18:57:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-14 18:57:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-14 18:57:37 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-14 18:57:37 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-14 18:57:35 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-14 18:57:34 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-14 18:57:30 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-14 18:57:30 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-11 16:14:05 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-10 21:28:02 -------- d-----w- C:\Windows\SysWow64\syncdb 2012-02-10 21:14:48 -------- d-----w- C:\ComboFix 2012-02-10 20:47:46 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-10 20:06:21 208896 ----a-w- C:\Windows\MBR.exe 2012-02-10 20:06:20 256000 ----a-w- C:\Windows\PEV.exe 2012-02-10 20:06:19 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-10 20:06:18 98816 ----a-w- C:\Windows\sed.exe 2012-02-10 19:48:45 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-10 03:56:08 -------- d-----w- C:\Users\Tracy\Print Labs 2012-02-10 02:52:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys 2012-02-10 02:52:13 142328 ----a-w- C:\Windows\System32\drivers\savonaccess.sys 2012-02-07 19:42:51 -------- d-----w- C:\Program Files\iPod 2012-02-07 19:42:50 -------- d-----w- C:\Program Files\iTunes 2012-02-07 19:42:50 -------- d-----w- C:\Program Files (x86)\iTunes 2012-01-31 08:25:20 -------- d-----w- C:\found.000 . ==================== Find3M ==================== . 2012-02-19 21:33:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 16:02:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 13:55:49.49 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/1/2009 10:09:40 PM System Uptime: 2/24/2012 1:46:00 PM (0 hours ago) . Motherboard: FOXCONN | | ALOE Processor: AMD Phenom II X4 910 Processor | CPU 1 | 2600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 408.379 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.231 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP351: 2/15/2012 3:00:24 AM - Windows Update RP352: 2/16/2012 11:01:47 AM - Installed Java 6 Update 31 RP353: 2/20/2012 3:00:17 AM - Windows Update RP354: 2/21/2012 3:00:32 AM - Windows Update RP355: 2/24/2012 9:09:40 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ACDSee Photo Manager 2009 ActiveCheck component for HP Active Support Library Adobe AIR Adobe Community Help Adobe Extension Manager CS5 Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.2) AirPort Amazon MP3 Downloader 1.0.9 AMD USB Filter Driver Apple Application Support Apple Software Update AVS Image Converter 1.3.2.141 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Backblaze Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite Deluxe DirectX for Managed Code Update (Summer 2004) Eye-One Match 3.6.2 eZsuite Facebook Plug-In FileZilla Client 3.5.3 Google Chrome Google SketchUp 7.1 Google SketchUp 8 Google Toolbar for Internet Explorer Google Update Helper Homepage Protection HP Advisor HP Customer Experience Enhancements HP Easy Backup HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HPAsset component for HP Active Support Library HydraVision i1_driver_installer_utility_i1Match version 1.0 iPhone Backup Extractor Java Auto Updater Java 6 Update 31 LabelPrint LeapFrog Connect LeapFrog Leapster2 Plugin LeapFrog Tag Plugin LightScribe System Software Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft Live Search Toolbar Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Thunderbird 10.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK PDF Settings CS5 Photodex Presenter PictureMover Power2Go PowerDirector PowerRecover QuickBooks QuickBooks Pro 2012 QuickTime RAIDXpert Realtek High Definition Audio Driver Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Click to Call Skype™ 5.5 Sophos Anti-Virus Sophos AutoUpdate StudioCloud 3.0 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 2/24/2012 8:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 2/24/2012 8:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 2/24/2012 8:29:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 2/24/2012 1:47:47 PM, Error: Service Control Manager [7000] - The PDIHWCTL service failed to start due to the following error: The system cannot find the file specified. 2/24/2012 1:47:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 2/24/2012 1:47:14 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/24/2012 1:30:08 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again 2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "Volume2\ProgramData\Backblaze\bzdata\bzfilelists\completefilelist.dat.future" by process bzfilelist.exe . 2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "aze\bzdata\bzfilelists\v000b000e2a408911fc0332c0417_c____filelist.dat.future" by process bzfilelist.exe . 2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\SysWOW64\NapaSet.txt" by process RAIDXpert.exe . 2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "iskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\filestats.xml.future.tmp" by process bzfilelist.exe . 2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "ddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\topdirs.xml.future.tmp" by process bzfilelist.exe . 2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "arddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\filestats.xml.future" by process bzfilelist.exe . 2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\HarddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\topdirs.xml.future" by process bzfilelist.exe . 2/24/2012 1:17:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 2/24/2012 1:17:37 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/23/2012 9:59:08 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf29ee13339b5] did not complete in time: file was not scanned. 2/23/2012 9:59:03 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf29ede0daafa]) filename continues: "...efox\Profiles\stcifpvd.default\Cache\0\2A\B5101d01" 2/23/2012 9:59:03 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Tracy\AppData\Local\Mozilla\Fir ..." of process firefox.exe, start check timestamp [ 1ccf29ede0daafa] did not complete in time: file was not scanned. 2/23/2012 9:57:49 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\mf.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf29eb1f13681] did not complete in time: file was not scanned. 2/23/2012 9:57:44 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\wuapp.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf29eaf5f375e] did not complete in time: file was not scanned. 2/23/2012 9:57:44 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf29eaf42d554] did not complete in time: file was not scanned. 2/23/2012 9:42:50 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting. 2/23/2012 9:11:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 2/23/2012 9:00:56 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process SearchFilterHo. 2/23/2012 9:00:56 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "diskVolume2\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm" by process svchost.exe . 2/23/2012 9:00:56 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\Prefetch\AgCx_SC1.db" by process svchost.exe . 2/23/2012 9:00:55 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process SearchProtocol. 2/23/2012 8:59:58 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process mbam.exe. 2/23/2012 8:59:56 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [unt {7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Znyjnerolgrf' Nagv-Znyjner\zonz.rkr] by process explorer.exe. 2/23/2012 8:59:54 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [arameters\Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} DhcpDefaultGateway] by process svchost.exe. 2/23/2012 11:43:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service. 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Videos\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed441a2e3]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Pictures\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed4465de4]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Music\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44154c1]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Libraries\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44e9b63]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44154c1]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aeb07b3eb9]). 2/23/2012 11:43:18 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [Nla\Cache\Intranet\hsd1.pa.comcast.net. {8AFC352A-3B53-4A5B-9257-7B0134F9DEEB}] by process svchost.exe. 2/23/2012 11:43:18 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [CPIP6\Parameters\Interfaces\{e2cd7987-a9c0-4b3c-a9f8-9e14be2152a5} Dhcpv6State] by process svchost.exe. 2/23/2012 11:42:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ccf2a17cee4349]). 2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SYSTEM32\sechost.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17cf59664]). 2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\rpcss.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d13a625]). 2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\IMM32.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d11aa4e]). 2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\CRYPTBASE.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d15c90d]). 2/23/2012 10:07:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\mf.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a17a874c68]). 2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...Mozilla\Firefox\Profiles\stcifpvd.default\Cache\B\97\B0A5Dd01]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process firefox.exe, (start check timestamp [ 1ccf2a043ae7366]). 2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\wuapp.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a014ffffcb]). 2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a046d40222]). 2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\mf.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a0179ad8ae]). 2/23/2012 10:07:44 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point. 2/23/2012 10:05:09 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf29fb898eddd]) filename continues: "...r\Scans\History\Results\Quick\{0883C8F6-528F-46A1-BA8A-85D00BE77D85}" 2/23/2012 10:02:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 2/23/2012 10:00:21 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [4079445-1791342672-1006\Software\CyberLink\Common\CLML\TouchSmart ITunesStatus] by process CLMLSvc.exe. 2/19/2012 3:58:05 PM, Error: Service Control Manager [7030] - The QBIDPService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File ===========================
  4. Thanks so much, Elise. Donation sent. Do I need to uninstall the other software used? TDSS and ESET?
  5. Absolutely. Here it is... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Tracy at 12:27:27 on 2012-02-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5303 [GMT -5:00] . AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Backblaze\bzserv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Backblaze\bzbui.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\SysWOW64\WinMsgBalloonServer.exe C:\Windows\SysWOW64\WinMsgBalloonClient.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized mRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{F78A3A08-EC59-452C-93A9-F7239DBC2CB8} : DhcpNameServer = 68.87.75.198 68.87.64.150 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll AppInit_DLLs: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" AppInit_DLLs-X64: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?] R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880] R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2011-8-30 211240] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-10 652360] R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640] R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?] S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664] S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512] S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2012-02-11 16:14:05 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-10 21:28:02 -------- d-----w- C:\Windows\SysWow64\syncdb 2012-02-10 21:14:48 -------- d-----w- C:\ComboFix 2012-02-10 20:47:46 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-10 20:06:21 208896 ----a-w- C:\Windows\MBR.exe 2012-02-10 20:06:20 256000 ----a-w- C:\Windows\PEV.exe 2012-02-10 20:06:19 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-10 20:06:18 98816 ----a-w- C:\Windows\sed.exe 2012-02-10 19:48:45 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-10 09:43:06 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17B84BD7-1728-433D-B047-92DCE7C0AD3E}\mpengine.dll 2012-02-10 03:56:08 -------- d-----w- C:\Users\Tracy\Print Labs 2012-02-10 02:52:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys 2012-02-10 02:52:13 142328 ----a-w- C:\Windows\System32\drivers\savonaccess.sys 2012-02-07 19:42:51 -------- d-----w- C:\Program Files\iPod 2012-02-07 19:42:50 -------- d-----w- C:\Program Files\iTunes 2012-02-07 19:42:50 -------- d-----w- C:\Program Files (x86)\iTunes 2012-01-31 08:25:20 -------- d-----w- C:\found.000 . ==================== Find3M ==================== . 2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-12-04 03:54:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 12:27:59.88 ===============
  6. It finished before I could stop it, although it said stopped by user in the status. I didn't stop it so I'm not sure what that means. It ran for 38 minutes so I'm assuming it scanned everything. It said there were no threats found and but I didn't see an option to produce a log. Does it automatically save one somewhere that I could post for you to take a peek? I guess it's good news that it didn't find anything. My PC is no longer giving message that sophos isn't on and it hasn't frozen up on me either. Hopefully those are all good signs.
  7. Sorry, Elise! It's already running. Should I stop it??
  8. Thanks, Elise! Yes, unfortunately I'm having problems again this morning. My computer is constantly freezing up and I have to power it down. And, I'm getting notices from my pc that Sophos is turned off but it's showing that it's on. I will run the scan you requested above as soon as I can get my computer running again.
  9. Hi and thanks so much for responding, Elise! I just ran TDSSKiller and it found nothing, thankfully. 10:29:09.0085 2420 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 10:29:09.0381 2420 ============================================================ 10:29:09.0381 2420 Current date / time: 2012/02/11 10:29:09.0381 10:29:09.0381 2420 SystemInfo: 10:29:09.0381 2420 10:29:09.0381 2420 OS Version: 6.1.7601 ServicePack: 1.0 10:29:09.0381 2420 Product type: Workstation 10:29:09.0381 2420 ComputerName: HP-PAVILLION 10:29:09.0381 2420 UserName: Tracy 10:29:09.0381 2420 Windows directory: C:\Windows 10:29:09.0381 2420 System windows directory: C:\Windows 10:29:09.0381 2420 Running under WOW64 10:29:09.0381 2420 Processor architecture: Intel x64 10:29:09.0381 2420 Number of processors: 4 10:29:09.0381 2420 Page size: 0x1000 10:29:09.0381 2420 Boot type: Normal boot 10:29:09.0381 2420 ============================================================ 10:29:14.0747 2420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:29:14.0763 2420 Drive \Device\Harddisk1\DR1 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 10:29:14.0794 2420 \Device\Harddisk0\DR0: 10:29:14.0794 2420 MBR used 10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E26000 10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72E58800, BlocksNum 0x18AD800 10:29:14.0794 2420 \Device\Harddisk1\DR1: 10:29:14.0794 2420 MBR used 10:29:14.0794 2420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A1333 10:29:15.0028 2420 Initialize success 10:29:15.0028 2420 ============================================================ 10:29:16.0791 3884 ============================================================ 10:29:16.0791 3884 Scan started 10:29:16.0791 3884 Mode: Manual; 10:29:16.0791 3884 ============================================================ 10:29:21.0034 3884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:29:21.0034 3884 1394ohci - ok 10:29:21.0455 3884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:29:21.0471 3884 ACPI - ok 10:29:21.0658 3884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:29:21.0736 3884 AcpiPmi - ok 10:29:22.0267 3884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:29:22.0594 3884 adp94xx - ok 10:29:23.0140 3884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:29:23.0343 3884 adpahci - ok 10:29:23.0842 3884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:29:24.0029 3884 adpu320 - ok 10:29:24.0357 3884 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 10:29:24.0482 3884 AFD - ok 10:29:24.0607 3884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:29:24.0638 3884 agp440 - ok 10:29:24.0778 3884 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys 10:29:24.0794 3884 ahcix64s - ok 10:29:24.0934 3884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:29:24.0981 3884 aliide - ok 10:29:25.0090 3884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:29:25.0168 3884 amdide - ok 10:29:25.0293 3884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:29:25.0340 3884 AmdK8 - ok 10:29:26.0650 3884 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys 10:29:26.0775 3884 amdkmdag - ok 10:29:26.0884 3884 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys 10:29:26.0900 3884 amdkmdap - ok 10:29:26.0931 3884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:29:26.0931 3884 AmdPPM - ok 10:29:26.0993 3884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:29:27.0009 3884 amdsata - ok 10:29:27.0040 3884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:29:27.0071 3884 amdsbs - ok 10:29:27.0087 3884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:29:27.0087 3884 amdxata - ok 10:29:27.0181 3884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:29:27.0181 3884 AppID - ok 10:29:27.0259 3884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:29:27.0274 3884 arc - ok 10:29:27.0274 3884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:29:27.0290 3884 arcsas - ok 10:29:27.0337 3884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:29:27.0368 3884 AsyncMac - ok 10:29:27.0399 3884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:29:27.0399 3884 atapi - ok 10:29:27.0446 3884 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys 10:29:27.0477 3884 athr - ok 10:29:27.0508 3884 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 10:29:27.0508 3884 AtiHdmiService - ok 10:29:28.0335 3884 atikmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atikmdag.sys 10:29:28.0429 3884 atikmdag - ok 10:29:28.0491 3884 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 10:29:28.0491 3884 AtiPcie - ok 10:29:28.0569 3884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:29:28.0600 3884 b06bdrv - ok 10:29:28.0663 3884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:29:28.0678 3884 b57nd60a - ok 10:29:28.0725 3884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:29:28.0741 3884 Beep - ok 10:29:28.0787 3884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:29:28.0819 3884 blbdrive - ok 10:29:28.0928 3884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:29:28.0928 3884 bowser - ok 10:29:28.0959 3884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:29:28.0959 3884 BrFiltLo - ok 10:29:28.0975 3884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:29:28.0990 3884 BrFiltUp - ok 10:29:29.0021 3884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 10:29:29.0021 3884 BridgeMP - ok 10:29:29.0053 3884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:29:29.0068 3884 Brserid - ok 10:29:29.0099 3884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:29:29.0131 3884 BrSerWdm - ok 10:29:29.0162 3884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:29:29.0177 3884 BrUsbMdm - ok 10:29:29.0193 3884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:29:29.0193 3884 BrUsbSer - ok 10:29:29.0224 3884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:29:29.0224 3884 BTHMODEM - ok 10:29:29.0723 3884 catchme - ok 10:29:29.0786 3884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:29:29.0864 3884 cdfs - ok 10:29:30.0004 3884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:29:30.0051 3884 cdrom - ok 10:29:30.0254 3884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:29:30.0332 3884 circlass - ok 10:29:30.0457 3884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:29:30.0472 3884 CLFS - ok 10:29:30.0613 3884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:29:30.0628 3884 CmBatt - ok 10:29:30.0722 3884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:29:30.0800 3884 cmdide - ok 10:29:30.0909 3884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:29:30.0909 3884 CNG - ok 10:29:31.0034 3884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:29:31.0096 3884 Compbatt - ok 10:29:31.0268 3884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:29:31.0315 3884 CompositeBus - ok 10:29:31.0471 3884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:29:31.0502 3884 crcdisk - ok 10:29:31.0689 3884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:29:31.0783 3884 DfsC - ok 10:29:31.0845 3884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:29:31.0861 3884 discache - ok 10:29:31.0892 3884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:29:31.0892 3884 Disk - ok 10:29:31.0939 3884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:29:31.0985 3884 drmkaud - ok 10:29:32.0048 3884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:29:32.0079 3884 DXGKrnl - ok 10:29:32.0282 3884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:29:32.0407 3884 ebdrv - ok 10:29:32.0500 3884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:29:32.0547 3884 elxstor - ok 10:29:32.0625 3884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:29:32.0672 3884 ErrDev - ok 10:29:32.0750 3884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:29:32.0765 3884 exfat - ok 10:29:32.0843 3884 EyeOneDisplay (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\Drivers\i1display_x64.sys 10:29:32.0875 3884 EyeOneDisplay - ok 10:29:32.0890 3884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:29:32.0890 3884 fastfat - ok 10:29:32.0921 3884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:29:32.0921 3884 fdc - ok 10:29:32.0953 3884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:29:32.0953 3884 FileInfo - ok 10:29:32.0984 3884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:29:32.0999 3884 Filetrace - ok 10:29:33.0046 3884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:29:33.0077 3884 flpydisk - ok 10:29:33.0187 3884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:29:33.0187 3884 FltMgr - ok 10:29:33.0233 3884 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys 10:29:33.0249 3884 FlyUsb - ok 10:29:33.0280 3884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:29:33.0280 3884 FsDepends - ok 10:29:33.0296 3884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 10:29:33.0296 3884 Fs_Rec - ok 10:29:33.0374 3884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:29:33.0389 3884 fvevol - ok 10:29:33.0421 3884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:29:33.0436 3884 gagp30kx - ok 10:29:33.0483 3884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:29:33.0499 3884 GEARAspiWDM - ok 10:29:33.0545 3884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:29:33.0545 3884 hcw85cir - ok 10:29:33.0623 3884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:29:33.0623 3884 HDAudBus - ok 10:29:33.0639 3884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:29:33.0655 3884 HidBatt - ok 10:29:33.0686 3884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:29:33.0686 3884 HidBth - ok 10:29:33.0717 3884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:29:33.0717 3884 HidIr - ok 10:29:33.0764 3884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 10:29:33.0764 3884 HidUsb - ok 10:29:33.0811 3884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:29:33.0826 3884 HpSAMD - ok 10:29:33.0904 3884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:29:33.0904 3884 HTTP - ok 10:29:33.0967 3884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:29:33.0967 3884 hwpolicy - ok 10:29:34.0045 3884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:29:34.0076 3884 i8042prt - ok 10:29:34.0154 3884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:29:34.0201 3884 iaStorV - ok 10:29:34.0279 3884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:29:34.0294 3884 iirsp - ok 10:29:34.0372 3884 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys 10:29:34.0388 3884 IntcAzAudAddService - ok 10:29:34.0419 3884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:29:34.0435 3884 intelide - ok 10:29:34.0466 3884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:29:34.0481 3884 intelppm - ok 10:29:34.0544 3884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:29:34.0544 3884 IpFilterDriver - ok 10:29:34.0606 3884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:29:34.0622 3884 IPMIDRV - ok 10:29:34.0653 3884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:29:34.0669 3884 IPNAT - ok 10:29:34.0731 3884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:29:34.0731 3884 IRENUM - ok 10:29:34.0793 3884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:29:34.0840 3884 isapnp - ok 10:29:34.0934 3884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:29:34.0949 3884 iScsiPrt - ok 10:29:35.0043 3884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 10:29:35.0043 3884 kbdclass - ok 10:29:35.0121 3884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 10:29:35.0137 3884 kbdhid - ok 10:29:35.0199 3884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:29:35.0199 3884 KSecDD - ok 10:29:35.0261 3884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:29:35.0261 3884 KSecPkg - ok 10:29:35.0277 3884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:29:35.0277 3884 ksthunk - ok 10:29:35.0371 3884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:29:35.0371 3884 lltdio - ok 10:29:35.0417 3884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:29:35.0433 3884 LSI_FC - ok 10:29:35.0464 3884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:29:35.0480 3884 LSI_SAS - ok 10:29:35.0527 3884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:29:35.0527 3884 LSI_SAS2 - ok 10:29:35.0558 3884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:29:35.0605 3884 LSI_SCSI - ok 10:29:35.0683 3884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:29:35.0714 3884 luafv - ok 10:29:35.0792 3884 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys 10:29:35.0823 3884 lvpepf64 - ok 10:29:35.0901 3884 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys 10:29:35.0932 3884 LVRS64 - ok 10:29:36.0104 3884 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys 10:29:36.0119 3884 LVUSBS64 - ok 10:29:36.0338 3884 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 10:29:36.0338 3884 MBAMProtector - ok 10:29:36.0385 3884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:29:36.0385 3884 megasas - ok 10:29:36.0431 3884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:29:36.0463 3884 MegaSR - ok 10:29:36.0525 3884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:29:36.0525 3884 Modem - ok 10:29:36.0556 3884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:29:36.0556 3884 monitor - ok 10:29:36.0619 3884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 10:29:36.0634 3884 mouclass - ok 10:29:36.0665 3884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:29:36.0681 3884 mouhid - ok 10:29:36.0743 3884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:29:36.0743 3884 mountmgr - ok 10:29:36.0821 3884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:29:36.0853 3884 mpio - ok 10:29:36.0884 3884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:29:36.0884 3884 mpsdrv - ok 10:29:37.0009 3884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:29:37.0024 3884 MRxDAV - ok 10:29:37.0071 3884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:29:37.0087 3884 mrxsmb - ok 10:29:37.0149 3884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:29:37.0165 3884 mrxsmb10 - ok 10:29:37.0180 3884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:29:37.0180 3884 mrxsmb20 - ok 10:29:37.0289 3884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:29:37.0336 3884 msahci - ok 10:29:37.0399 3884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:29:37.0414 3884 msdsm - ok 10:29:37.0445 3884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:29:37.0461 3884 Msfs - ok 10:29:37.0477 3884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:29:37.0477 3884 mshidkmdf - ok 10:29:37.0539 3884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:29:37.0539 3884 msisadrv - ok 10:29:37.0601 3884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:29:37.0601 3884 MSKSSRV - ok 10:29:37.0617 3884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:29:37.0633 3884 MSPCLOCK - ok 10:29:37.0648 3884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:29:37.0648 3884 MSPQM - ok 10:29:37.0711 3884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:29:37.0711 3884 MsRPC - ok 10:29:37.0757 3884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:29:37.0757 3884 mssmbios - ok 10:29:37.0820 3884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:29:37.0820 3884 MSTEE - ok 10:29:37.0835 3884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:29:37.0851 3884 MTConfig - ok 10:29:37.0867 3884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:29:37.0867 3884 Mup - ok 10:29:37.0913 3884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:29:37.0913 3884 NativeWifiP - ok 10:29:38.0007 3884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:29:38.0007 3884 NDIS - ok 10:29:38.0023 3884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:29:38.0038 3884 NdisCap - ok 10:29:38.0069 3884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:29:38.0085 3884 NdisTapi - ok 10:29:38.0147 3884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:29:38.0147 3884 Ndisuio - ok 10:29:38.0257 3884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:29:38.0288 3884 NdisWan - ok 10:29:38.0350 3884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:29:38.0350 3884 NDProxy - ok 10:29:38.0366 3884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:29:38.0366 3884 NetBIOS - ok 10:29:38.0491 3884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:29:38.0506 3884 NetBT - ok 10:29:38.0584 3884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:29:38.0600 3884 nfrd960 - ok 10:29:38.0631 3884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:29:38.0647 3884 Npfs - ok 10:29:38.0662 3884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:29:38.0678 3884 nsiproxy - ok 10:29:38.0881 3884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:29:38.0881 3884 Ntfs - ok 10:29:38.0896 3884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:29:38.0927 3884 Null - ok 10:29:38.0974 3884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:29:39.0021 3884 nvraid - ok 10:29:39.0083 3884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:29:39.0115 3884 nvstor - ok 10:29:39.0146 3884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:29:39.0161 3884 nv_agp - ok 10:29:39.0224 3884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:29:39.0255 3884 ohci1394 - ok 10:29:39.0364 3884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:29:39.0395 3884 Parport - ok 10:29:39.0458 3884 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 10:29:39.0458 3884 partmgr - ok 10:29:39.0473 3884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:29:39.0473 3884 pci - ok 10:29:39.0505 3884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:29:39.0505 3884 pciide - ok 10:29:39.0567 3884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:29:39.0598 3884 pcmcia - ok 10:29:39.0629 3884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:29:39.0629 3884 pcw - ok 10:29:39.0645 3884 PDIHWCTL - ok 10:29:39.0661 3884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:29:39.0676 3884 PEAUTH - ok 10:29:39.0785 3884 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS 10:29:39.0817 3884 PID_PEPI - ok 10:29:39.0910 3884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:29:39.0926 3884 PptpMiniport - ok 10:29:39.0957 3884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:29:39.0973 3884 Processor - ok 10:29:40.0051 3884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:29:40.0066 3884 Psched - ok 10:29:40.0129 3884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:29:40.0207 3884 ql2300 - ok 10:29:40.0222 3884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:29:40.0238 3884 ql40xx - ok 10:29:40.0253 3884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:29:40.0269 3884 QWAVEdrv - ok 10:29:40.0300 3884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:29:40.0300 3884 RasAcd - ok 10:29:40.0331 3884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:29:40.0347 3884 RasAgileVpn - ok 10:29:40.0441 3884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:29:40.0456 3884 Rasl2tp - ok 10:29:40.0503 3884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:29:40.0519 3884 RasPppoe - ok 10:29:40.0519 3884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:29:40.0534 3884 RasSstp - ok 10:29:40.0643 3884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:29:40.0675 3884 rdbss - ok 10:29:40.0753 3884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:29:40.0784 3884 rdpbus - ok 10:29:40.0846 3884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:29:40.0909 3884 RDPCDD - ok 10:29:40.0971 3884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:29:40.0987 3884 RDPENCDD - ok 10:29:41.0002 3884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:29:41.0018 3884 RDPREFMP - ok 10:29:41.0096 3884 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 10:29:41.0127 3884 RDPWD - ok 10:29:41.0267 3884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:29:41.0267 3884 rdyboost - ok 10:29:41.0361 3884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:29:41.0361 3884 rspndr - ok 10:29:41.0517 3884 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:29:41.0595 3884 RTL8167 - ok 10:29:41.0720 3884 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys 10:29:41.0735 3884 SAVOnAccess - ok 10:29:41.0798 3884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:29:41.0813 3884 sbp2port - ok 10:29:41.0876 3884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:29:41.0891 3884 scfilter - ok 10:29:41.0907 3884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:29:41.0907 3884 secdrv - ok 10:29:41.0969 3884 SeqCal (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\DRIVERS\SeqCal.sys 10:29:41.0985 3884 SeqCal - ok 10:29:42.0016 3884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:29:42.0032 3884 Serenum - ok 10:29:42.0047 3884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:29:42.0063 3884 Serial - ok 10:29:42.0110 3884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:29:42.0125 3884 sermouse - ok 10:29:42.0188 3884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:29:42.0203 3884 sffdisk - ok 10:29:42.0219 3884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:29:42.0235 3884 sffp_mmc - ok 10:29:42.0250 3884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:29:42.0266 3884 sffp_sd - ok 10:29:42.0281 3884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:29:42.0297 3884 sfloppy - ok 10:29:42.0344 3884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:29:42.0359 3884 SiSRaid2 - ok 10:29:42.0375 3884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:29:42.0391 3884 SiSRaid4 - ok 10:29:42.0437 3884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:29:42.0437 3884 Smb - ok 10:29:42.0515 3884 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys 10:29:42.0547 3884 SophosBootDriver - ok 10:29:42.0562 3884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:29:42.0562 3884 spldr - ok 10:29:42.0640 3884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:29:42.0640 3884 srv - ok 10:29:42.0671 3884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:29:42.0671 3884 srv2 - ok 10:29:42.0687 3884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:29:42.0687 3884 srvnet - ok 10:29:42.0734 3884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:29:42.0749 3884 stexstor - ok 10:29:42.0812 3884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:29:42.0827 3884 swenum - ok 10:29:42.0983 3884 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 10:29:43.0015 3884 Tcpip - ok 10:29:43.0108 3884 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 10:29:43.0139 3884 TCPIP6 - ok 10:29:43.0202 3884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:29:43.0202 3884 tcpipreg - ok 10:29:43.0233 3884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:29:43.0264 3884 TDPIPE - ok 10:29:43.0311 3884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 10:29:43.0342 3884 TDTCP - ok 10:29:43.0389 3884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:29:43.0420 3884 tdx - ok 10:29:43.0436 3884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:29:43.0451 3884 TermDD - ok 10:29:43.0529 3884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:29:43.0561 3884 tssecsrv - ok 10:29:43.0607 3884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:29:43.0639 3884 TsUsbFlt - ok 10:29:43.0732 3884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:29:43.0763 3884 tunnel - ok 10:29:43.0810 3884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:29:43.0841 3884 uagp35 - ok 10:29:43.0904 3884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:29:43.0951 3884 udfs - ok 10:29:43.0982 3884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:29:43.0997 3884 uliagpkx - ok 10:29:44.0075 3884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 10:29:44.0107 3884 umbus - ok 10:29:44.0153 3884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:29:44.0185 3884 UmPass - ok 10:29:44.0278 3884 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 10:29:44.0294 3884 USBAAPL64 - ok 10:29:44.0325 3884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 10:29:44.0341 3884 usbaudio - ok 10:29:44.0356 3884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:29:44.0372 3884 usbccgp - ok 10:29:44.0497 3884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:29:44.0543 3884 usbcir - ok 10:29:44.0543 3884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:29:44.0559 3884 usbehci - ok 10:29:44.0590 3884 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys 10:29:44.0621 3884 usbfilter - ok 10:29:44.0653 3884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:29:44.0699 3884 usbhub - ok 10:29:44.0715 3884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 10:29:44.0731 3884 usbohci - ok 10:29:44.0762 3884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:29:44.0777 3884 usbprint - ok 10:29:44.0809 3884 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 10:29:44.0824 3884 usbscan - ok 10:29:44.0855 3884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 10:29:44.0871 3884 USBSTOR - ok 10:29:44.0887 3884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:29:44.0902 3884 usbuhci - ok 10:29:44.0949 3884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:29:44.0949 3884 vdrvroot - ok 10:29:45.0011 3884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:29:45.0043 3884 vga - ok 10:29:45.0058 3884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:29:45.0074 3884 VgaSave - ok 10:29:45.0136 3884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:29:45.0167 3884 vhdmp - ok 10:29:45.0199 3884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:29:45.0214 3884 viaide - ok 10:29:45.0245 3884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:29:45.0245 3884 volmgr - ok 10:29:45.0308 3884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:29:45.0308 3884 volmgrx - ok 10:29:45.0339 3884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:29:45.0339 3884 volsnap - ok 10:29:45.0386 3884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:29:45.0433 3884 vsmraid - ok 10:29:45.0448 3884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:29:45.0479 3884 vwifibus - ok 10:29:45.0511 3884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:29:45.0542 3884 vwififlt - ok 10:29:45.0589 3884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 10:29:45.0589 3884 vwifimp - ok 10:29:45.0620 3884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:29:45.0651 3884 WacomPen - ok 10:29:45.0682 3884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:29:45.0682 3884 WANARP - ok 10:29:45.0698 3884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:29:45.0698 3884 Wanarpv6 - ok 10:29:45.0760 3884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:29:45.0807 3884 Wd - ok 10:29:45.0854 3884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:29:45.0869 3884 Wdf01000 - ok 10:29:45.0916 3884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:29:45.0916 3884 WfpLwf - ok 10:29:45.0947 3884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:29:45.0979 3884 WIMMount - ok 10:29:46.0072 3884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 10:29:46.0103 3884 WinUsb - ok 10:29:46.0119 3884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:29:46.0135 3884 WmiAcpi - ok 10:29:46.0166 3884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:29:46.0181 3884 ws2ifsl - ok 10:29:46.0244 3884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:29:46.0275 3884 WudfPf - ok 10:29:46.0291 3884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:29:46.0291 3884 WUDFRd - ok 10:29:46.0337 3884 MBR (0x1B8) (d903658e313289c7e22a468124057bec) \Device\Harddisk0\DR0 10:29:46.0634 3884 \Device\Harddisk0\DR0 - ok 10:29:46.0649 3884 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 10:29:46.0649 3884 \Device\Harddisk1\DR1 - ok 10:29:46.0649 3884 Boot (0x1200) (4a33f1701d59accaf95a959c61e74e15) \Device\Harddisk0\DR0\Partition0 10:29:46.0649 3884 \Device\Harddisk0\DR0\Partition0 - ok 10:29:46.0681 3884 Boot (0x1200) (43937668241aa4355caf9d2efdfe1143) \Device\Harddisk0\DR0\Partition1 10:29:46.0681 3884 \Device\Harddisk0\DR0\Partition1 - ok 10:29:46.0712 3884 Boot (0x1200) (72245fcf58949617d735cbfc956978df) \Device\Harddisk0\DR0\Partition2 10:29:46.0712 3884 \Device\Harddisk0\DR0\Partition2 - ok 10:29:46.0727 3884 Boot (0x1200) (01c92e07e3a1141ef15f2f2dc1a84ccc) \Device\Harddisk1\DR1\Partition0 10:29:46.0727 3884 \Device\Harddisk1\DR1\Partition0 - ok 10:29:46.0727 3884 ============================================================ 10:29:46.0727 3884 Scan finished 10:29:46.0727 3884 ============================================================ 10:29:46.0743 3668 Detected object count: 0 10:29:46.0743 3668 Actual detected object count: 0
  10. Merged post Hi! Yesterday my computer completely shut down and would only restart to a black screen with a blinking cursor. I was able to get it up and running again by doing a chkdsk /f but was then having all kinds of issues - running very slow, sites redirecting, etc. So, I bought the malwarebytes pro version this morning and I was getting nonstop notifications of outgoing sites being blocked. I started searching on the threads here for what to do and I *seem* to have cleared up the issue but was hoping someone could take a look for me... Combofix Log.txt Oh and here is my malwarebytes log...mbam-log-2012-02-10 (15-51-52).txt ComboFix 12-02-10.03 - Tracy 02/10/2012 15:20:23.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6141 [GMT -5:00] Running from: c:\users\Tracy\Downloads\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C} SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Tracy\Documents\~WRL0995.tmp . . ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 ))))))))))))))))))))))))))))))) . . 2012-02-10 20:37 . 2012-02-10 20:37 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-02-10 19:48 . 2012-02-10 19:48 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-10 09:43 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17B84BD7-1728-433D-B047-92DCE7C0AD3E}\mpengine.dll 2012-02-10 03:56 . 2012-02-10 03:57 -------- d-----w- c:\users\Tracy\Print Labs 2012-02-10 02:52 . 2011-10-13 17:18 25608 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2012-02-10 02:52 . 2011-10-13 17:18 142328 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2012-02-07 19:42 . 2012-02-07 19:42 -------- d-----w- c:\program files\iPod 2012-02-07 19:42 . 2012-02-07 19:43 -------- d-----w- c:\program files\iTunes 2012-02-07 19:42 . 2012-02-07 19:43 -------- d-----w- c:\program files (x86)\iTunes 2012-01-31 08:25 . 2012-01-31 08:25 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 05:52 . 2009-11-03 01:55 279656 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 20:24 . 2011-07-01 02:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 03:54 . 2011-05-24 13:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-24 04:52 . 2011-12-15 20:15 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 14:58 . 2012-01-11 16:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 16:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:41 . 2012-01-11 16:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 05:38 . 2012-01-11 16:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 39408] "Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-01-17 495400] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-01-17 495400] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-4-10 708608] ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-4-10 954368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664] R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x] R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664] R3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312] R4 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512] R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880] S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe [2012-01-17 211240] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056] S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520] S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 10:58] . 2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 10:58] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1000Core.job - c:\users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 01:59] . 2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1000UA.job - c:\users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 01:59] . 2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1006Core.job - c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 07:01] . 2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1006UA.job - c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 07:01] . 2012-02-09 c:\windows\Tasks\HPCeeScheduleForTracy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22] . 2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\sophos\SOPHOS~1\sophos_detoured_x64.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe AddRemove-Bay Photo Economy - c:\windows\system32\javaws.exe AddRemove-ColorInc ROES - c:\windows\system32\javaws.exe AddRemove-CPQ Color By You - c:\windows\system32\javaws.exe AddRemove-McKenna Easy Order - c:\windows\system32\javaws.exe AddRemove-Miller's ROES - c:\windows\system32\javaws.exe AddRemove-mpixpro ROES - c:\windows\system32\javaws.exe AddRemove-ProDPI ROES - c:\windows\system32\javaws.exe AddRemove-ROES.whcc - c:\windows\system32\javaws.exe AddRemove-Simply Color Lab ROES - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.032" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.abr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.ac3" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.amc" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.amr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ani" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.apd" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.arw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bay" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bmp" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.bwf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.caf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.cdda" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.cel" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cr2" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.crw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cur" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcx" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dib" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.dif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djv" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djvu" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dng" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.dv" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.emf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.eps" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.erf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fff" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.flc" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.fli" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fpx" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.gif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.gsm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icl" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icn" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ico" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iff" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.int" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.inta" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2k" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jfif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jp2" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpc" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpe" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpeg" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpg" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.kar" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kdc" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.lbm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m15" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m1a" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m2a" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m4b" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m4p" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.m75" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mef" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mos" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.mpv" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mrw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.nef" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.nrw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.orf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcd" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pct" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcx" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pef" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pgm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pic" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.pics" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pict" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pix" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.png" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ppm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psd" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psp" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.qcp" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.qt" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.qtpf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ras" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgb" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rle" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rw2" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rwl" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.sd2" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.sdv" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.sfil" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sgi" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.smf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.smi" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.smil" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.sml" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.srf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.swa" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tga" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.thm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tiff" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.ulw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11o" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11p" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11pf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006) "Progid"="ACDSee Photo Manager 2009.vfw" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbmp" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wmf" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xbm" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xif" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xmp" . [HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-02-10 15:43:12 ComboFix-quarantined-files.txt 2012-02-10 20:43 . Pre-Run: 352,720,732,160 bytes free Post-Run: 443,536,531,456 bytes free . - - End Of File - - 38AF94EBC11244D6A235765409A3AB1A My apologies as I just saw the sticky in this thread that explained the first steps and what I *should* have done prior to running Combo fix. Oops. I stumbled upon this forum looking for fixes to my problem and followed the guidance from there without really checking out the other threads/directions. Hopefully i didn't make too much of a mess of things. Here are the two requested logs. These were done after I ran combofix and TDSS. Sorry!! Thanks in advance for any advice you can provide! Tracy DDS.txtAttach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.