I got a warning saying that I have spydoctor installed. When I tried to find/locate it, I cant. I am not sure what or where the file is.
I dont know what that proxyserver is. Or anything about it.
ComboFix 11-11-19.01 - docs_babe 11/18/2011 23:12:52.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.538 [GMT -8:00]
Running from: c:\users\docs_babe\Desktop\ComboFix.exe
Command switches used :: c:\users\docs_babe\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\docs_babe\AppData\Roaming\ldr.ini"
"c:\windows\SysWow64\sho237.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\8EA0D
c:\program files (x86)\8EA0D\lvvm.exe
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\0x0409.ini
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\HP Support Assistant.msi
c:\users\docs_babe\AppData\Roaming\aFFpG5aQJ6dK8RT
c:\users\docs_babe\AppData\Roaming\Ap5Q6KfLh
c:\users\docs_babe\AppData\Roaming\assQJJ7dEK8gZ9Y
c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X
c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\bL9gTXqjYeIrOt
c:\users\docs_babe\AppData\Roaming\cNNNyxxA1uS2b3m
c:\users\docs_babe\AppData\Roaming\cssK7EL9qjYC
c:\users\docs_babe\AppData\Roaming\CTTXwjUCelB
c:\users\docs_babe\AppData\Roaming\cYCwkUVrlBx0c1v
c:\users\docs_babe\AppData\Roaming\D4HsKfLgZYwrOtP
c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN
c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx
c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\DeOzzP0yc1v2Fm5
c:\users\docs_babe\AppData\Roaming\dkIVrzONtAu2Dna
c:\users\docs_babe\AppData\Roaming\dNNtx0uc1iDoGmW
c:\users\docs_babe\AppData\Roaming\dyyxAuvvS2oF35J
c:\users\docs_babe\AppData\Roaming\E111D3onGm
c:\users\docs_babe\AppData\Roaming\E111D3onGm\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk
c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\F5ssQJJ7dEKgR9h
c:\users\docs_babe\AppData\Roaming\GaQQHH6dWK7RLgT
c:\users\docs_babe\AppData\Roaming\gqqhYCCwkUlBtx0
c:\users\docs_babe\AppData\Roaming\GxA0uvS2iFpGaHd
c:\users\docs_babe\AppData\Roaming\HIVrzONtx0c2b3n
c:\users\docs_babe\AppData\Roaming\HK77LqYkVtAc2D
c:\users\docs_babe\AppData\Roaming\HQ7dEKgZYjVlzNc
c:\users\docs_babe\AppData\Roaming\hUVelOBtz0c1
c:\users\docs_babe\AppData\Roaming\IJThCUrOtPc1Don
c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN
c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\JXwjUCeIB
c:\users\docs_babe\AppData\Roaming\kBBtyiiDoFa
c:\users\docs_babe\AppData\Roaming\kLghCVlt0Sv3na5
c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X
c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\ldr.ini
c:\users\docs_babe\AppData\Roaming\LrzxAuS2oFpGaJW
c:\users\docs_babe\AppData\Roaming\mssQQJ66dE
c:\users\docs_babe\AppData\Roaming\ncSS1ivD3onFam5
c:\users\docs_babe\AppData\Roaming\okIBBzzOyxA
c:\users\docs_babe\AppData\Roaming\PnnnF44pmH5sJdK
c:\users\docs_babe\AppData\Roaming\pSbp5Q6KfLhXjeB
c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs
c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\qiWWK77fEgZYwlb
c:\users\docs_babe\AppData\Roaming\rkBNubG6f
c:\users\docs_babe\AppData\Roaming\s4aQH6sWKfLgZjC
c:\users\docs_babe\AppData\Roaming\S777fEEL9gTqj
c:\users\docs_babe\AppData\Roaming\sFFF3pmG5aQ
c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA
c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\tBrrzzPNyxA1vSo
c:\users\docs_babe\AppData\Roaming\TEELL8ggRZqkelt
c:\users\docs_babe\AppData\Roaming\TLL99hTqU
c:\users\docs_babe\AppData\Roaming\TLL99hTqU\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\tWW77dEEL8
c:\users\docs_babe\AppData\Roaming\tWW77dEEL8\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m
c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\U5sQJ7dEKgZhXjV
c:\users\docs_babe\AppData\Roaming\UZqqjYCwkVrOx0
c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy
c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\VkkkUVVelOBzPyc
c:\users\docs_babe\AppData\Roaming\Vx0ciDna6WKE
c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E
c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\wL9gTXqjYeIrOtA
c:\users\docs_babe\AppData\Roaming\wnFaH5WJ7EgqXUe
c:\users\docs_babe\AppData\Roaming\WtN12FGJERTwClB
c:\users\docs_babe\AppData\Roaming\x4pmm55QJ7dKgZ9
c:\users\docs_babe\AppData\Roaming\X666sWWJ7f
c:\users\docs_babe\AppData\Roaming\xbbbF3pmG5aJ6W
c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V
c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA
c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW
c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YjYCekIVrOtAuSi
c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc
c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YvS2ibF3pGaHdKf
c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg
c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg\AV Security 2012.ico
c:\windows\SysWow64\sho237.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 07:26 . 2011-11-19 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 17:28 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 16:18 . 2011-11-17 16:18 127 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-13 22:00 . 2011-11-13 22:38 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\users\docs_babe\AppData\Roaming\pjCIrOx0c
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-13 19:25 . 2011-11-17 15:12 -------- d-----w- c:\programdata\PC Tools
2011-11-13 07:41 . 2011-11-17 15:09 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 01:02 . 2011-11-13 01:02 102400 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-13 01:01 . 2011-11-15 01:53 -------- d-----w- c:\users\docs_babe\AppData\Roaming\8EA0D
2011-11-11 12:55 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:58 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:57 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\program files (x86)\AnvSoft
2011-10-26 17:12 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 17:12 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 02:00 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-10 18:55 . 2011-10-10 18:55 18944 ----a-r- c:\users\docs_babe\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-10-01 03:21 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-11 19:47 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-11 19:47 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-11 19:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 19:47 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-17_17.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-05 19:05 . 2011-11-19 07:29 35728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-19 07:29 42170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-09 22:17 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-09 22:17 . 2011-11-19 07:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 22:17 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 21:50 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 21:50 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-15 18:19 . 2011-11-17 15:13 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-15 18:19 . 2011-11-19 06:33 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-09 21:51 . 2011-11-19 07:29 6622 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2138382880-4281427160-2979675762-1001_UserData.bin
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 07:27 . 2011-11-19 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 07:27 . 2011-11-19 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-10 03:51 . 2011-11-19 05:33 161948 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2011-11-17 16:58 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-19 07:26 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2011-11-19 06:51 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-17 15:29 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-04-27 02:21 . 2011-11-17 15:14 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-27 02:21 . 2011-11-19 06:33 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}]
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linkury Chrome Smartbar"="c:\program files (x86)\Linkury\Linkury.exe" [2011-09-25 103224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 19554952]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-12 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-12 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001Core.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001UA.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-10 c:\windows\Tasks\HPCeeScheduleFordocs_babe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-11-19 c:\windows\Tasks\HPCeeScheduleForWIN-LR7E2N8LO2K$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:54869
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-11-18 23:36:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 07:36
ComboFix2.txt 2011-11-19 06:44
ComboFix3.txt 2011-11-17 17:16
.
Pre-Run: 191,812,902,912 bytes free
Post-Run: 191,760,384,000 bytes free
.
- - End Of File - - 837AADC63966152EDC1270A533093199
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by docs_babe at 23:46:03 on 2011-11-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.497 [GMT -8:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:54869
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabTCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89B2165E-3F3B-403E-AFDE-A21F962A4710} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89B2165E-3F3B-403E-AFDE-A21F962A4710}\2456C6B696E6F5E4B2F5140373635383 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{F814DF4C-6240-4401-8B93-60F2F568F426} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-26 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-11 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-17 17:28:58 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\Malwarebytes
2011-11-17 17:28:45 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 17:28:42 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-17 17:28:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 16:18:21 127 ----a-w- C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-17 15:33:30 98816 ----a-w- C:\Windows\sed.exe
2011-11-17 15:33:30 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-17 15:33:30 256000 ----a-w- C:\Windows\PEV.exe
2011-11-17 15:33:30 208896 ----a-w- C:\Windows\MBR.exe
2011-11-13 22:00:58 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2011-11-13 21:00:53 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\pjCIrOx0c
2011-11-13 20:31:52 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-11-13 20:31:52 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-13 19:25:17 -------- d-----w- C:\ProgramData\PC Tools
2011-11-13 07:41:47 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 01:02:01 102400 ----a-w- C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-13 01:01:56 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\8EA0D
2011-11-11 12:55:33 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58:20 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 15:58:20 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57:57 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 15:57:53 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-10-28 08:24:37 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24:01 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-10-28 04:51:58 -------- d-----w- C:\Users\docs_babe\AppData\Local\{FDEE99FC-3DCC-463A-95B3-9B4A11D0F649}
2011-10-28 04:51:42 -------- d-----w- C:\Users\docs_babe\AppData\Local\{7AFBFBA4-B6A7-413B-A7D9-A686F5A82769}
2011-10-26 17:12:55 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 17:12:55 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 23:46:58.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2011 2:49:29 PM
System Uptime: 11/18/2011 11:27:08 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 178.651 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.863 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 11/7/2011 10:22:43 AM - HPSF Applying updates
RP22: 11/7/2011 10:32:22 AM - Installed HP Support Assistant
RP23: 11/7/2011 10:41:05 AM - Windows Modules Installer
RP24: 11/7/2011 10:43:14 AM - Windows Modules Installer
RP25: 11/8/2011 7:06:21 AM - Windows Update
RP26: 11/11/2011 3:00:20 AM - Windows Update
RP27: 11/11/2011 4:53:50 AM - Windows Update
RP28: 11/12/2011 3:00:12 AM - Windows Update
RP30: 11/12/2011 5:25:05 PM - Windows Defender Checkpoint
RP31: 11/12/2011 11:24:01 PM - SLOW-PCfighter (64-bit) Backup
RP33: 11/12/2011 11:34:08 PM - PC Optimizer Pro64 Backup
RP34: 11/12/2011 11:40:06 PM - ARO 2011 - Before Installation
RP35: 11/12/2011 11:41:53 PM - ARO 2011 - FIRST RUN
RP36: 11/12/2011 11:57:25 PM - ARO 2011 Sat, Nov 12, 11 23:57
RP37: 11/13/2011 12:07:38 AM - ARO 2011 - Before Optimize
RP38: 11/13/2011 12:12:40 AM - Removed WeatherBug
RP39: 11/13/2011 12:19:05 AM - Removed WeatherBug
RP40: 11/13/2011 12:38:02 AM - Removed Blio
RP41: 11/13/2011 12:52:04 AM - ARO 2011- Before One Click
RP42: 11/17/2011 7:04:33 AM - Before malware removal
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Any Video Converter 3.3.0
ASPCA Tri Reminder by We-Care.com v4.0.12.5
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Community Smartbar
Compaq Setup Manager
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Fantapper Player
Farm Frenzy
FATE
Final Drive Nitro
Google Chrome
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
InstaCodecs
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Penguins!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 11:30:17 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
11/18/2011 11:30:17 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
11/18/2011 11:26:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/18/2011 11:24:41 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/18/2011 10:37:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/18/2011 10:37:54 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 8:44:12 AM, Error: Service Control Manager [7034] - The Fantapper Player Update Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2011 8:42:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/17/2011 7:16:12 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/17/2011 7:15:04 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/17/2011 7:15:04 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/17/2011 7:12:07 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/16/2011 9:54:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
11/16/2011 2:44:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
11/14/2011 5:08:45 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/14/2011 5:08:42 PM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
11/13/2011 4:47:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/13/2011 12:51:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:19:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2011 12:16:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 12:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2011 12:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2011 12:16:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2011 12:16:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2011 12:16:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/13/2011 12:16:35 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 11:35:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 1:46:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RoxioNow Service service.
.
==== End Of File ===========================