20 replies to this topic

[TiffGail]

There are ads playing in the background of my computer,, Help!!! Please.. Idk where I should post this.

[gringo_pr]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Security Check

Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.


• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
• A window will open instructing you save & post the logs
  
• Save the logs to a convenient place such as your desktop
  
• Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following


• .logs from DDS
  
• let me know of any problems you may have had

Gringo

[TiffGail]

Security check will not let me run it.. it says it could do harm and not letting me open it

[TiffGail]

Ok, Nevermind.. I chose to run it anyway..


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 26
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

[TiffGail]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by June at 10:17:38 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2303 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.insightbb.com/
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Shop to Win: {5abd6c72-ffd7-b634-a92b-d77d5960e009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
BHO: Superfish: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SuperFish\Superfish.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VideoFileDownload: {9194649f-7143-4308-90c1-d6a35b0e354e} - C:\Program Files (x86)\OApps\bho_project.dll
BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h
mRun: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SuperFish\Superfish.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{817F7676-B2EF-46C7-8D49-265CE9F30C90} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C972CA1-E083-4FFB-8137-3846DBC9E974} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Shop to Win: {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Superfish: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SuperFish\Superfish.dll
BHO-X64: Superfish - No File
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Mighty Magoo Text: {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll
BHO-X64: Mighty Magoo Text - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h
mRun-x64: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-5 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-7-14 22072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-10-5 109168]
R2 RecipeHub_2jService;Recipe HubService;C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 13:42:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll
2012-06-25 07:22:57 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-06-25 04:16:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:59:35 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 02:52:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 02:52:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 02:51:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 02:51:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 02:48:25 20480 ----a-w- C:\Windows\svchost.exe
2012-06-25 02:04:06 20480 ----a-w- C:\Windows\svchost(184).exe
2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17:52 -------- d-----w- C:\Users\June\AppData\Local\Apple Computer
2012-06-20 21:16:43 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16:43 -------- d-----w- C:\Program Files\iPod
2012-06-20 21:16:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-20 21:15:33 -------- d-----w- C:\Users\June\AppData\Local\Apple
2012-06-20 21:14:45 -------- d-----w- C:\Program Files\Bonjour
2012-06-20 21:14:45 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-14 00:06:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:34:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34:39 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21:08 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16:13 -------- d-----w- C:\ProgramData\Symantec
2012-06-07 17:16:21 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-06-07 01:36:52 -------- d-----w- C:\Users\June\AppData\Local\KodakGallery
2012-06-06 14:58:45 -------- d-----w- C:\Program Files (x86)\SuperFish
2012-06-06 14:56:54 -------- d-----w- C:\Remote Programs
2012-06-06 14:56:33 -------- d--h--w- C:\ProgramData\Common Files
2012-06-06 14:52:45 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-06-06 14:51:15 -------- d-----w- C:\Users\June\AppData\Roaming\Babylon
2012-06-06 14:51:15 -------- d-----w- C:\ProgramData\Babylon
2012-06-06 14:03:36 -------- d-----w- C:\Users\June\AppData\Local\Microsoft Games
2012-06-06 13:26:22 -------- d-----w- C:\Users\June\AppData\Roaming\Gamelab
2012-06-06 13:08:05 -------- d-----w- C:\ProgramData\Wild Tangent
2012-06-06 12:41:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-06-01 00:19:58 63080 ----a-r- C:\Users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19:56 -------- d-----w- C:\Users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08:26 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2012-05-30 01:06:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-05-30 01:06:49 -------- d-----w- C:\Program Files (x86)\Kodak
2012-05-28 19:26:38 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-05-28 19:26:32 -------- d-----w- C:\Program Files (x86)\PriceGong
2012-05-28 19:26:00 -------- d-----w- C:\Program Files (x86)\Shop to Win 29
2012-05-28 19:25:57 -------- d-----w- C:\Program Files (x86)\Shop To Win
2012-05-28 19:25:40 -------- d-----w- C:\Program Files (x86)\OApps
.
==================== Find3M ====================
.
2012-06-17 14:16:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 14:16:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-21 14:20:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-21 14:20:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:18:10.76 ===============


















.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2010 5:26:36 AM
System Uptime: 6/26/2012 9:31:57 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 2AAC
Processor: AMD Athlon™ II X2 240e Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 853.088 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.838 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Video Controller
Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000
Service:
.
==== System Restore Points ===================
.
RP339: 6/13/2012 8:07:03 PM - Windows Update
RP340: 6/16/2012 10:33:33 PM - Windows Update
RP341: 6/20/2012 10:25:48 AM - Windows Update
RP342: 6/20/2012 5:15:36 PM - Installed iTunes
RP343: 6/21/2012 5:18:26 AM - Windows Update
RP344: 6/23/2012 5:36:04 PM - Windows Update
RP345: 6/24/2012 10:12:55 PM - Removed ITE Infrared Transceiver
RP346: 6/24/2012 10:34:40 PM - Restore Operation
RP347: 6/24/2012 10:50:54 PM - Windows Update
RP348: 6/24/2012 10:58:18 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Airport Mania
Ancient Hearts
Azteca
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Bob the Builder Can-Do-Zoo
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Chuzzle Deluxe
Corel Paint it! touch - IPM
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
DIRECTV Player
DirectX for Managed Code Update (Summer 2004)
Dora's Carnival Adventure
Dora's World Adventure
DVD Menu Pack for HP TouchSmart Video
EA Download Manager
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Facebook for HP TouchSmart
FATE
FrostWire 4.21.6
Funmoods on IE and Chrome
Gem Shop
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hoyle Casino
HP Advisor
HP AppsCenter 1.00
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart/TouchSmart Netflix
HP My Display TouchSmart Edition
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Default Magnets
HP TouchSmart DVD
HP TouchSmart Live TV
HP TouchSmart Music
HP TouchSmart Notes
HP TouchSmart Paint it! by Corel
HP TouchSmart Paint it! by Corel - Content
HP TouchSmart Paint it! by Corel - Core
HP TouchSmart Paint it! by Corel - ICA
HP TouchSmart Paint it! by Corel - Langauge
HP TouchSmart Photo
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Video
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
IrfanView (remove only)
ITE Infrared Transceiver
Java Auto Updater
Java™ 6 Update 26
Jewel Quest Solitaire 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LabelPrint
LightScribe System Software
Mah Jong Medley
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2010 - English
Microsoft Office Outlook Connector
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Movie Theme Pack for HP TouchSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Notifier
OfotoXMI
PCDADDIN
PCDHELP
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Polar Bowler
Polar Golfer
Poppit To Go
Power2Go
PowerDirector
PressReader
PriceGong 2.6.4
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recipe Hub
Recovery Manager
Roads of Rome
Roxio CinemaNow 2.0
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SFR
SHASTA
Shop To Win
SKIN0001
SKINXSDK
Skip-Bo - Castaway Caper
Skype Click to Call
Skype™ 5.9
Slingo Deluxe
staticcr
swMSM
The Sims™ 3
tooltips
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VideoFileDownload
Virtual Villagers - The Secret City
VPRINTOL
Where's Waldo The Fantastic Journey
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WindowShopper
WIRELESS
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 9:37:31 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/25/2012 12:11:36 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 11:53:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 11:25:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 10:47:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.66.0;1.129.66.0 Engine version: 1.1.8502.0
6/24/2012 10:36:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\062412-26145-01.dmp. Report Id: 062412-26145-01.
6/24/2012 10:08:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fc66ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\062412-23212-01.dmp. Report Id: 062412-23212-01.
6/24/2012 1:32:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffa80400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cd3915). A dump was saved in: C:\Windows\Minidump\062412-18283-01.dmp. Report Id: 062412-18283-01.
6/20/2012 4:47:23 PM, Error: Disk [11] - The driver detected a controller error on \...\DR6.
.
==== End Of File ===========================

[gringo_pr]

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[TiffGail]

After I ran the program.. My computer booted back up.. And now I cannot get on my internet.. It deleted it.. I can't even get on my anti virus program.. What happened!?!? I am using my phone to reply back.. How do I get my internet to open back up?? That program deleted it.. It says "illegal operation attempted on a registry key that has been marked for deletion." But I do believe the spyware is gone.. How do I get my internet back!?

[TiffGail]

Nevermind I just seen the last note.. I am sorry..

[TiffGail]

ComboFix 12-06-26.02 - June 06/26/2012 23:28:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2479 [GMT -4:00]
Running from: c:\users\June\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DictionaryBossEI
c:\program files (x86)\FunWebProducts
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files (x86)\Mighty Magoo
c:\program files (x86)\Mighty Magoo\ars.cfg
c:\program files (x86)\Mighty Magoo\icon.ico
c:\program files (x86)\Mighty Magoo\mmagootl.dll
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\ShopToWin.exe
c:\program files (x86)\Shop to Win\unins000.exe
c:\programdata\308007g1s132n444o284o2iin6y7
c:\users\June\AppData\Roaming\Anti-Malware Lab
c:\users\June\AppData\Roaming\Anti-Malware Lab\Instructions.ini
c:\users\June\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\PriceGong
c:\users\June\AppData\Roaming\PriceGong\Data\1.xml
c:\users\June\AppData\Roaming\PriceGong\Data\a.xml
c:\users\June\AppData\Roaming\PriceGong\Data\b.xml
c:\users\June\AppData\Roaming\PriceGong\Data\c.xml
c:\users\June\AppData\Roaming\PriceGong\Data\d.xml
c:\users\June\AppData\Roaming\PriceGong\Data\e.xml
c:\users\June\AppData\Roaming\PriceGong\Data\f.xml
c:\users\June\AppData\Roaming\PriceGong\Data\g.xml
c:\users\June\AppData\Roaming\PriceGong\Data\h.xml
c:\users\June\AppData\Roaming\PriceGong\Data\i.xml
c:\users\June\AppData\Roaming\PriceGong\Data\j.xml
c:\users\June\AppData\Roaming\PriceGong\Data\k.xml
c:\users\June\AppData\Roaming\PriceGong\Data\l.xml
c:\users\June\AppData\Roaming\PriceGong\Data\m.xml
c:\users\June\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\June\AppData\Roaming\PriceGong\Data\n.xml
c:\users\June\AppData\Roaming\PriceGong\Data\o.xml
c:\users\June\AppData\Roaming\PriceGong\Data\p.xml
c:\users\June\AppData\Roaming\PriceGong\Data\q.xml
c:\users\June\AppData\Roaming\PriceGong\Data\r.xml
c:\users\June\AppData\Roaming\PriceGong\Data\s.xml
c:\users\June\AppData\Roaming\PriceGong\Data\t.xml
c:\users\June\AppData\Roaming\PriceGong\Data\u.xml
c:\users\June\AppData\Roaming\PriceGong\Data\v.xml
c:\users\June\AppData\Roaming\PriceGong\Data\w.xml
c:\users\June\AppData\Roaming\PriceGong\Data\x.xml
c:\users\June\AppData\Roaming\PriceGong\Data\y.xml
c:\users\June\AppData\Roaming\PriceGong\Data\z.xml
c:\users\June\Desktop\Anti-Malware Lab.lnk
c:\users\June\Documents\ShopToWin
c:\windows\svchost.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 13:42 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll
2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer
2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer
2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod
2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour
2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple
2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec
2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery
2012-06-06 14:58 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\SuperFish
2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs
2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files
2012-06-06 14:52 . 2012-06-06 14:52 -------- d-----w- c:\program files (x86)\Funmoods
2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon
2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games
2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab
2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent
2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Common Files\Kodak
2012-05-30 01:06 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Kodak
2012-05-28 19:26 . 2012-05-28 19:26 -------- d-----w- c:\program files (x86)\IrfanView
2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\PriceGong
2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Shop to Win 29
2012-05-28 19:25 . 2012-05-28 19:25 -------- d-----w- c:\program files (x86)\OApps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880]
.
[HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}]
2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Recipe Hub Search Scope Monitor"="c:\progra~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" [2011-10-31 38440]
"RecipeHub_2j Browser Plugin Loader"="c:\progra~2\RECIPE~2\bar\1.bin\2jbrmon.exe" [2011-10-31 30096]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 RecipeHub_2jService;Recipe HubService;c:\progra~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.insightbb.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SuperFish\Superfish.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{8413196d-e290-4418-b5c6-a3b1379a909c} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe
WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{06BA1354-9686-4136-B2F2-99CE8B1C2F18}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-26 23:42:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 03:42
.
Pre-Run: 915,164,041,216 bytes free
Post-Run: 915,949,461,504 bytes free
.
- - End Of File - - C33CBBEA5B99F7799549C321AE1A665A



I did not have any problems at all..
& the computer is doing GREAT!!

[gringo_pr]

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
  
• it will ask to download extra definitions - ALLOW IT
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

[TiffGail]

I had no problems running the programs.

TDSSKILLER



10:55:18.0075 3536 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

10:55:18.0356 3536 ============================================================

10:55:18.0356 3536 Current date / time: 2012/06/27 10:55:18.0356

10:55:18.0356 3536 SystemInfo:

10:55:18.0356 3536

10:55:18.0356 3536 OS Version: 6.1.7601 ServicePack: 1.0

10:55:18.0356 3536 Product type: Workstation

10:55:18.0356 3536 ComputerName: JUNE-HP

10:55:18.0356 3536 UserName: June

10:55:18.0356 3536 Windows directory: C:\Windows

10:55:18.0356 3536 System windows directory: C:\Windows

10:55:18.0356 3536 Running under WOW64

10:55:18.0356 3536 Processor architecture: Intel x64

10:55:18.0356 3536 Number of processors: 2

10:55:18.0356 3536 Page size: 0x1000

10:55:18.0356 3536 Boot type: Normal boot

10:55:18.0356 3536 ============================================================

10:55:19.0511 3536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:55:19.0526 3536 ============================================================

10:55:19.0526 3536 \Device\Harddisk0\DR0:

10:55:19.0526 3536 MBR partitions:

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72915800

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72948000, BlocksNum 0x1DBE000

10:55:19.0526 3536 ============================================================

10:55:19.0542 3536 C: <-> \Device\Harddisk0\DR0\Partition1

10:55:19.0589 3536 D: <-> \Device\Harddisk0\DR0\Partition2

10:55:19.0589 3536 ============================================================

10:55:19.0589 3536 Initialize success

10:55:19.0589 3536 ============================================================

10:55:20.0681 1200 ============================================================

10:55:20.0681 1200 Scan started

10:55:20.0681 1200 Mode: Manual;

10:55:20.0681 1200 ============================================================

10:55:21.0741 1200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:55:21.0741 1200 1394ohci - ok

10:55:21.0788 1200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:55:21.0788 1200 ACPI - ok

10:55:21.0819 1200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:55:21.0819 1200 AcpiPmi - ok

10:55:21.0913 1200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:55:21.0913 1200 AdobeARMservice - ok

10:55:21.0975 1200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:55:21.0975 1200 adp94xx - ok

10:55:22.0007 1200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:55:22.0007 1200 adpahci - ok

10:55:22.0022 1200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:55:22.0022 1200 adpu320 - ok

10:55:22.0069 1200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:55:22.0069 1200 AeLookupSvc - ok

10:55:22.0131 1200 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

10:55:22.0131 1200 AERTFilters - ok

10:55:22.0194 1200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:55:22.0209 1200 AFD - ok

10:55:22.0225 1200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:55:22.0225 1200 agp440 - ok

10:55:22.0241 1200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:55:22.0241 1200 ALG - ok

10:55:22.0256 1200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:55:22.0256 1200 aliide - ok

10:55:22.0287 1200 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

10:55:22.0287 1200 AMD External Events Utility - ok

10:55:22.0319 1200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:55:22.0319 1200 amdide - ok

10:55:22.0334 1200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:55:22.0334 1200 AmdK8 - ok

10:55:22.0693 1200 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

10:55:22.0724 1200 amdkmdag - ok

10:55:22.0802 1200 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

10:55:22.0802 1200 amdkmdap - ok

10:55:22.0818 1200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:55:22.0818 1200 AmdPPM - ok

10:55:22.0849 1200 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

10:55:22.0849 1200 amdsata - ok

10:55:22.0865 1200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:55:22.0865 1200 amdsbs - ok

10:55:22.0880 1200 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

10:55:22.0880 1200 amdxata - ok

10:55:22.0911 1200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:55:22.0911 1200 AppID - ok

10:55:22.0927 1200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:55:22.0927 1200 AppIDSvc - ok

10:55:22.0974 1200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:55:22.0974 1200 Appinfo - ok

10:55:22.0989 1200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:55:22.0989 1200 arc - ok

10:55:23.0005 1200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:55:23.0005 1200 arcsas - ok

10:55:23.0083 1200 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:55:23.0083 1200 aspnet_state - ok

10:55:23.0114 1200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:55:23.0114 1200 AsyncMac - ok

10:55:23.0130 1200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:55:23.0145 1200 atapi - ok

10:55:23.0177 1200 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

10:55:23.0177 1200 AtiPcie - ok

10:55:23.0239 1200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:55:23.0255 1200 AudioEndpointBuilder - ok

10:55:23.0255 1200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:55:23.0270 1200 AudioSrv - ok

10:55:23.0379 1200 AVerAVF2 (086cbbb45324d56aa7239046cd86149a) C:\Windows\system32\DRIVERS\AVerAVF2.sys

10:55:23.0395 1200 AVerAVF2 - ok

10:55:23.0442 1200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:55:23.0442 1200 AxInstSV - ok

10:55:23.0489 1200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:55:23.0489 1200 b06bdrv - ok

10:55:23.0520 1200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:55:23.0520 1200 b57nd60a - ok

10:55:23.0535 1200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:55:23.0535 1200 BDESVC - ok

10:55:23.0551 1200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:55:23.0551 1200 Beep - ok

10:55:23.0645 1200 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:55:23.0660 1200 BFE - ok

10:55:23.0723 1200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

10:55:23.0723 1200 BITS - ok

10:55:23.0738 1200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:55:23.0738 1200 blbdrive - ok

10:55:23.0769 1200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:55:23.0769 1200 bowser - ok

10:55:23.0769 1200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:55:23.0785 1200 BrFiltLo - ok

10:55:23.0801 1200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:55:23.0801 1200 BrFiltUp - ok

10:55:23.0816 1200 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

10:55:23.0816 1200 BridgeMP - ok

10:55:23.0847 1200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:55:23.0847 1200 Browser - ok

10:55:23.0879 1200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:55:23.0879 1200 Brserid - ok

10:55:23.0894 1200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:55:23.0894 1200 BrSerWdm - ok

10:55:23.0910 1200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:55:23.0910 1200 BrUsbMdm - ok

10:55:23.0910 1200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:55:23.0910 1200 BrUsbSer - ok

10:55:23.0925 1200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:55:23.0925 1200 BTHMODEM - ok

10:55:23.0957 1200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:55:23.0957 1200 bthserv - ok

10:55:24.0035 1200 CalendarSynchService (28d3d9c47c1f6686f2a2edef0956166c) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

10:55:24.0035 1200 CalendarSynchService - ok

10:55:24.0050 1200 catchme - ok

10:55:24.0081 1200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:55:24.0081 1200 cdfs - ok

10:55:24.0081 1200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:55:24.0097 1200 cdrom - ok

10:55:24.0159 1200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:55:24.0159 1200 CertPropSvc - ok

10:55:24.0253 1200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:55:24.0253 1200 circlass - ok

10:55:24.0300 1200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:55:24.0300 1200 CLFS - ok

10:55:24.0362 1200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:55:24.0362 1200 clr_optimization_v2.0.50727_32 - ok

10:55:24.0409 1200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:55:24.0409 1200 clr_optimization_v2.0.50727_64 - ok

10:55:24.0456 1200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:55:24.0471 1200 clr_optimization_v4.0.30319_32 - ok

10:55:24.0518 1200 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:55:24.0518 1200 clr_optimization_v4.0.30319_64 - ok

10:55:24.0534 1200 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys

10:55:24.0534 1200 clwvd - ok

10:55:24.0549 1200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:55:24.0549 1200 CmBatt - ok

10:55:24.0581 1200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:55:24.0581 1200 cmdide - ok

10:55:24.0643 1200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:55:24.0659 1200 CNG - ok

10:55:24.0690 1200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:55:24.0690 1200 Compbatt - ok

10:55:24.0705 1200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:55:24.0705 1200 CompositeBus - ok

10:55:24.0721 1200 COMSysApp - ok

10:55:24.0752 1200 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys

10:55:24.0752 1200 CpqDfw - ok

10:55:24.0768 1200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:55:24.0768 1200 crcdisk - ok

10:55:24.0815 1200 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

10:55:24.0815 1200 CryptSvc - ok

10:55:24.0908 1200 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:55:24.0908 1200 cvhsvc - ok

10:55:25.0002 1200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:55:25.0002 1200 DcomLaunch - ok

10:55:25.0033 1200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:55:25.0049 1200 defragsvc - ok

10:55:25.0064 1200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:55:25.0064 1200 DfsC - ok

10:55:25.0142 1200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:55:25.0142 1200 Dhcp - ok

10:55:25.0158 1200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:55:25.0158 1200 discache - ok

10:55:25.0189 1200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:55:25.0189 1200 Disk - ok

10:55:25.0236 1200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:55:25.0236 1200 Dnscache - ok

10:55:25.0267 1200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:55:25.0283 1200 dot3svc - ok

10:55:25.0314 1200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:55:25.0314 1200 DPS - ok

10:55:25.0345 1200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:55:25.0345 1200 drmkaud - ok

10:55:25.0376 1200 DTSRVC (b1a72a497951217ae862117e8304f4e8) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

10:55:25.0376 1200 DTSRVC - ok

10:55:25.0470 1200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:55:25.0485 1200 DXGKrnl - ok

10:55:25.0532 1200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:55:25.0532 1200 EapHost - ok

10:55:25.0719 1200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:55:25.0735 1200 ebdrv - ok

10:55:25.0829 1200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:55:25.0829 1200 EFS - ok

10:55:25.0907 1200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:55:25.0922 1200 ehRecvr - ok

10:55:25.0953 1200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:55:25.0953 1200 ehSched - ok

10:55:26.0000 1200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:55:26.0000 1200 elxstor - ok

10:55:26.0031 1200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:55:26.0031 1200 ErrDev - ok

10:55:26.0078 1200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:55:26.0094 1200 EventSystem - ok

10:55:26.0109 1200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:55:26.0109 1200 exfat - ok

10:55:26.0141 1200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:55:26.0141 1200 fastfat - ok

10:55:26.0219 1200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:55:26.0219 1200 Fax - ok

10:55:26.0234 1200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:55:26.0234 1200 fdc - ok

10:55:26.0250 1200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:55:26.0250 1200 fdPHost - ok

10:55:26.0265 1200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:55:26.0265 1200 FDResPub - ok

10:55:26.0281 1200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:55:26.0281 1200 FileInfo - ok

10:55:26.0281 1200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:55:26.0281 1200 Filetrace - ok

10:55:26.0297 1200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:55:26.0297 1200 flpydisk - ok

10:55:26.0343 1200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:55:26.0343 1200 FltMgr - ok

10:55:26.0421 1200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:55:26.0421 1200 FontCache - ok

10:55:26.0468 1200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:55:26.0468 1200 FontCache3.0.0.0 - ok

10:55:26.0499 1200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:55:26.0499 1200 FsDepends - ok

10:55:26.0531 1200 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

10:55:26.0531 1200 fssfltr - ok

[size="1"][size="1"]10:55:26.0718 1200 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe[/size][/size]

[size="1"][size="1"]10:55:26.0749 1200 fsssvc - ok[/size][/size]

[size="1"][size="1"]10:55:26.0858 1200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys[/size][/size]

[size="1"][size="1"]10:55:26.0874 1200 Fs_Rec - ok[/size][/size]

[size="1"][size="1"]10:55:26.0921 1200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys[/size][/size]

[size="1"][size="1"]10:55:26.0921 1200 fvevol - ok[/size][/size]

[size="1"][size="1"]10:55:26.0936 1200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys[/size][/size]

[size="1"][size="1"]10:55:26.0936 1200 gagp30kx - ok[/size][/size]

[size="1"][size="1"]10:55:27.0014 1200 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe[/size][/size]

[size="1"][size="1"]10:55:27.0014 1200 GamesAppService - ok[/size][/size]

[size="1"][size="1"]10:55:27.0123 1200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll[/size][/size]

[size="1"][size="1"]10:55:27.0123 1200 gpsvc - ok[/size][/size]

[size="1"][size="1"]10:55:27.0139 1200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys[/size][/size]

[size="1"][size="1"]10:55:27.0139 1200 hcw85cir - ok[/size][/size]

[size="1"][size="1"]10:55:27.0201 1200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys[/size][/size]

[size="1"][size="1"]10:55:27.0217 1200 HdAudAddService - ok[/size][/size]

[size="1"][size="1"]10:55:27.0233 1200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys[/size][/size]

[size="1"][size="1"]10:55:27.0233 1200 HDAudBus - ok[/size][/size]

[size="1"][size="1"]10:55:27.0248 1200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys[/size][/size]

[size="1"][size="1"]10:55:27.0248 1200 HidBatt - ok[/size][/size]

[size="1"][size="1"]10:55:27.0264 1200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys[/size][/size]

[size="1"][size="1"]10:55:27.0264 1200 HidBth - ok[/size][/size]

[size="1"][size="1"]10:55:27.0295 1200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys[/size][/size]

[size="1"][size="1"]10:55:27.0295 1200 HidIr - ok[/size][/size]

[size="1"][size="1"]10:55:27.0326 1200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll[/size][/size]

[size="1"][size="1"]10:55:27.0326 1200 hidserv - ok[/size][/size]

[size="1"][size="1"]10:55:27.0326 1200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys[/size][/size]

[size="1"][size="1"]10:55:27.0326 1200 HidUsb - ok[/size][/size]

[size="1"][size="1"]10:55:27.0357 1200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll[/size][/size]

[size="1"][size="1"]10:55:27.0373 1200 hkmsvc - ok[/size][/size]

[size="1"][size="1"]10:55:27.0404 1200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll[/size][/size]

[size="1"][size="1"]10:55:27.0404 1200 HomeGroupListener - ok[/size][/size]

[size="1"][size="1"]10:55:27.0435 1200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll[/size][/size]

[size="1"][size="1"]10:55:27.0435 1200 HomeGroupProvider - ok[/size][/size]

[size="1"][size="1"]10:55:27.0482 1200 HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[/size][/size]

[size="1"][size="1"]10:55:27.0482 1200 HP Health Check Service - ok[/size][/size]

[size="1"][size="1"]10:55:27.0545 1200 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[/size][/size]

[size="1"][size="1"]10:55:27.0545 1200 hpqwmiex - ok[/size][/size]

[size="1"][size="1"]10:55:27.0560 1200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys[/size][/size]

[size="1"][size="1"]10:55:27.0560 1200 HpSAMD - ok[/size][/size]

[size="1"][size="1"]10:55:27.0638 1200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys[/size][/size]

[size="1"][size="1"]10:55:27.0638 1200 HTTP - ok[/size][/size]

[size="1"][size="1"]10:55:27.0669 1200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys[/size][/size]

[size="1"][size="1"]10:55:27.0669 1200 hwpolicy - ok[/size][/size]

[size="1"][size="1"]10:55:27.0701 1200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys[/size][/size]

[size="1"][size="1"]10:55:27.0701 1200 i8042prt - ok[/size][/size]

[size="1"][size="1"]10:55:27.0732 1200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys[/size][/size]

[size="1"][size="1"]10:55:27.0732 1200 iaStorV - ok[/size][/size]

[size="1"][size="1"]10:55:27.0857 1200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[/size][/size]

[size="1"][size="1"]10:55:27.0872 1200 idsvc - ok[/size][/size]

[size="1"][size="1"]10:55:27.0888 1200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys[/size][/size]

[size="1"][size="1"]10:55:27.0888 1200 iirsp - ok[/size][/size]

[size="1"][size="1"]10:55:27.0950 1200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll[/size][/size]

[size="1"][size="1"]10:55:27.0950 1200 IKEEXT - ok[/size][/size]

[size="1"][size="1"]10:55:28.0106 1200 IntcAzAudAddService (1c11e5d258bc374e7fbd598d75e49b75) C:\Windows\system32\drivers\RTKVHD64.sys[/size][/size]

[size="1"][size="1"]10:55:28.0122 1200 IntcAzAudAddService - ok[/size][/size]

[size="1"][size="1"]10:55:28.0231 1200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys[/size][/size]

[size="1"][size="1"]10:55:28.0231 1200 intelide - ok[/size][/size]

[size="1"][size="1"]10:55:28.0247 1200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys[/size][/size]

[size="1"][size="1"]10:55:28.0247 1200 intelppm - ok[/size][/size]

[size="1"][size="1"]10:55:28.0278 1200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll[/size][/size]

[size="1"][size="1"]10:55:28.0278 1200 IPBusEnum - ok[/size][/size]

[size="1"][size="1"]10:55:28.0309 1200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys[/size][/size]

[size="1"][size="1"]10:55:28.0309 1200 IpFilterDriver - ok[/size][/size]

[size="1"][size="1"]10:55:28.0356 1200 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll[/size][/size]

[size="1"][size="1"]10:55:28.0371 1200 iphlpsvc - ok[/size][/size]

[size="1"][size="1"]10:55:28.0387 1200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys[/size][/size]

[size="1"][size="1"]10:55:28.0387 1200 IPMIDRV - ok[/size][/size]

[size="1"][size="1"]10:55:28.0403 1200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys[/size][/size]

[size="1"][size="1"]10:55:28.0403 1200 IPNAT - ok[/size][/size]

[size="1"][size="1"]10:55:28.0403 1200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys[/size][/size]

[size="1"][size="1"]10:55:28.0403 1200 IRENUM - ok[/size][/size]

[size="1"][size="1"]10:55:28.0418 1200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys[/size][/size]

[size="1"][size="1"]10:55:28.0418 1200 isapnp - ok[/size][/size]

[size="1"][size="1"]10:55:28.0449 1200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys[/size][/size]

[size="1"][size="1"]10:55:28.0449 1200 iScsiPrt - ok[/size][/size]

[size="1"][size="1"]10:55:28.0481 1200 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys[/size][/size]

[size="1"][size="1"]10:55:28.0481 1200 itecir - ok[/size][/size]

[size="1"][size="1"]10:55:28.0496 1200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys[/size][/size]

[size="1"][size="1"]10:55:28.0496 1200 kbdclass - ok[/size][/size]

[size="1"][size="1"]10:55:28.0527 1200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys[/size][/size]

[size="1"][size="1"]10:55:28.0527 1200 kbdhid - ok[/size][/size]

[size="1"][size="1"]10:55:28.0559 1200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size][/size]

[size="1"][size="1"]10:55:28.0559 1200 KeyIso - ok[/size][/size]

[size="1"][size="1"]10:55:28.0574 1200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys[/size][/size]

[size="1"][size="1"]10:55:28.0574 1200 KSecDD - ok[/size][/size]

[size="1"][size="1"]10:55:28.0590 1200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys[/size][/size]

[size="1"][size="1"]10:55:28.0590 1200 KSecPkg - ok[/size][/size]

[size="1"][size="1"]10:55:28.0605 1200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys[/size][/size]

[size="1"][size="1"]10:55:28.0605 1200 ksthunk - ok[/size][/size]

[size="1"][size="1"]10:55:28.0637 1200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll[/size][/size]

[size="1"][size="1"]10:55:28.0637 1200 KtmRm - ok[/size][/size]

[size="1"][size="1"]10:55:28.0699 1200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll[/size][/size]

[size="1"][size="1"]10:55:28.0699 1200 LanmanServer - ok[/size][/size]

[size="1"][size="1"]10:55:28.0746 1200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll[/size][/size]

[size="1"][size="1"]10:55:28.0761 1200 LanmanWorkstation - ok[/size][/size]

[size="1"][size="1"]10:55:28.0808 1200 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[/size][/size]

[size="1"][size="1"]10:55:28.0808 1200 LightScribeService - ok[/size][/size]

[size="1"][size="1"]10:55:28.0839 1200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys[/size][/size]

[size="1"][size="1"]10:55:28.0839 1200 lltdio - ok[/size][/size]

[size="1"][size="1"]10:55:28.0886 1200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll[/size][/size]

[size="1"][size="1"]10:55:28.0902 1200 lltdsvc - ok[/size][/size]

[size="1"][size="1"]10:55:28.0917 1200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll[/size][/size]

[size="1"][size="1"]10:55:28.0917 1200 lmhosts - ok[/size][/size]

[size="1"][size="1"]10:55:28.0949 1200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys[/size][/size]

[size="1"][size="1"]10:55:28.0949 1200 LSI_FC - ok[/size][/size]

[size="1"][size="1"]10:55:28.0964 1200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys[/size][/size]

[size="1"][size="1"]10:55:28.0964 1200 LSI_SAS - ok[/size][/size]

[size="1"][size="1"]10:55:28.0980 1200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys[/size][/size]

[size="1"][size="1"]10:55:28.0980 1200 LSI_SAS2 - ok[/size][/size]

[size="1"][size="1"]10:55:29.0011 1200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys[/size][/size]

[size="1"][size="1"]10:55:29.0011 1200 LSI_SCSI - ok[/size][/size]

[size="1"][size="1"]10:55:29.0011 1200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys[/size][/size]

[size="1"][size="1"]10:55:29.0027 1200 luafv - ok[/size][/size]

[size="1"][size="1"]10:55:29.0058 1200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll[/size][/size]

[size="1"][size="1"]10:55:29.0058 1200 Mcx2Svc - ok[/size][/size]

[size="1"][size="1"]10:55:29.0073 1200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys[/size][/size]

[size="1"][size="1"]10:55:29.0073 1200 megasas - ok[/size][/size]

[size="1"][size="1"]10:55:29.0089 1200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys[/size][/size]

[size="1"][size="1"]10:55:29.0089 1200 MegaSR - ok[/size][/size]

[size="1"][size="1"]10:55:29.0105 1200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll[/size][/size]

[size="1"][size="1"]10:55:29.0105 1200 MMCSS - ok[/size][/size]

[size="1"][size="1"]10:55:29.0120 1200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys[/size][/size]

[size="1"][size="1"]10:55:29.0120 1200 Modem - ok[/size][/size]

[size="1"][size="1"]10:55:29.0136 1200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys[/size][/size]

[size="1"][size="1"]10:55:29.0136 1200 monitor - ok[/size][/size]

[size="1"][size="1"]10:55:29.0151 1200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys[/size][/size]

[size="1"][size="1"]10:55:29.0151 1200 mouclass - ok[/size][/size]

[size="1"][size="1"]10:55:29.0167 1200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys[/size][/size]

[size="1"][size="1"]10:55:29.0167 1200 mouhid - ok[/size][/size]

[size="1"][size="1"]10:55:29.0198 1200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys[/size][/size]

[size="1"][size="1"]10:55:29.0198 1200 mountmgr - ok[/size][/size]

[size="1"][size="1"]10:55:29.0276 1200 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys[/size][/size]

[size="1"][size="1"]10:55:29.0276 1200 MpFilter - ok[/size][/size]

[size="1"][size="1"]10:55:29.0307 1200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys[/size][/size]

[size="1"][size="1"]10:55:29.0307 1200 mpio - ok[/size][/size]

[size="1"][size="1"]10:55:29.0323 1200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys[/size][/size]

[size="1"][size="1"]10:55:29.0323 1200 mpsdrv - ok[/size][/size]

[size="1"][size="1"]10:55:29.0432 1200 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll[/size][/size]

[size="1"][size="1"]10:55:29.0448 1200 MpsSvc - ok[/size][/size]

[size="1"][size="1"]10:55:29.0479 1200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys[/size][/size]

[size="1"][size="1"]10:55:29.0479 1200 MRxDAV - ok[/size][/size]

[size="1"][size="1"]10:55:29.0510 1200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys[/size][/size]

[size="1"][size="1"]10:55:29.0510 1200 mrxsmb - ok[/size][/size]

[size="1"][size="1"]10:55:29.0557 1200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys[/size][/size]

[size="1"][size="1"]10:55:29.0557 1200 mrxsmb10 - ok[/size][/size]

[size="1"][size="1"]10:55:29.0573 1200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys[/size][/size]

[size="1"][size="1"]10:55:29.0573 1200 mrxsmb20 - ok[/size][/size]

[size="1"][size="1"]10:55:29.0604 1200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys[/size][/size]

[size="1"][size="1"]10:55:29.0604 1200 msahci - ok[/size][/size]

[size="1"][size="1"]10:55:29.0604 1200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys[/size][/size]

[size="1"][size="1"]10:55:29.0604 1200 msdsm - ok[/size][/size]

[size="1"][size="1"]10:55:29.0619 1200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe[/size][/size]

[size="1"][size="1"]10:55:29.0635 1200 MSDTC - ok[/size][/size]

[size="1"][size="1"]10:55:29.0651 1200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys[/size][/size]

[size="1"][size="1"]10:55:29.0651 1200 Msfs - ok[/size][/size]

[size="1"][size="1"]10:55:29.0666 1200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys[/size][/size]

[size="1"][size="1"]10:55:29.0666 1200 mshidkmdf - ok[/size][/size]

[size="1"][size="1"]10:55:29.0682 1200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys[/size][/size]

[size="1"][size="1"]10:55:29.0682 1200 msisadrv - ok[/size][/size]

[size="1"][size="1"]10:55:29.0697 1200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll[/size][/size]

[size="1"][size="1"]10:55:29.0697 1200 MSiSCSI - ok[/size][/size]

[size="1"][size="1"]10:55:29.0713 1200 msiserver - ok[/size][/size]

[size="1"][size="1"]10:55:29.0729 1200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys[/size][/size]

[size="1"][size="1"]10:55:29.0729 1200 MSKSSRV - ok[/size][/size]

[size="1"][size="1"]10:55:29.0775 1200 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe[/size][/size]

[size="1"][size="1"]10:55:29.0775 1200 MsMpSvc - ok[/size][/size]

[size="1"][size="1"]10:55:29.0807 1200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys[/size][/size]

[size="1"][size="1"]10:55:29.0807 1200 MSPCLOCK - ok[/size][/size]

[size="1"][size="1"]10:55:29.0807 1200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys[/size][/size]

[size="1"][size="1"]10:55:29.0807 1200 MSPQM - ok[/size][/size]

[size="1"][size="1"]10:55:29.0869 1200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys[/size][/size]

[size="1"][size="1"]10:55:29.0869 1200 MsRPC - ok[/size][/size]

[size="1"][size="1"]10:55:29.0885 1200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys[/size][/size]

[size="1"][size="1"]10:55:29.0885 1200 mssmbios - ok[/size][/size]

[size="1"][size="1"]10:55:29.0900 1200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys[/size][/size]

[size="1"][size="1"]10:55:29.0900 1200 MSTEE - ok[/size][/size]

[size="1"][size="1"]10:55:29.0900 1200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys[/size][/size]

[size="1"][size="1"]10:55:29.0900 1200 MTConfig - ok[/size][/size]

[size="1"][size="1"]10:55:29.0931 1200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys[/size][/size]

[size="1"][size="1"]10:55:29.0931 1200 Mup - ok[/size][/size]

[size="1"][size="1"]10:55:29.0994 1200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll[/size][/size]

[size="1"][size="1"]10:55:29.0994 1200 napagent - ok[/size][/size]

[size="1"][size="1"]10:55:30.0041 1200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys[/size][/size]

[size="1"][size="1"]10:55:30.0041 1200 NativeWifiP - ok[/size][/size]

[size="1"][size="1"]10:55:30.0087 1200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys[/size][/size]

[size="1"][size="1"]10:55:30.0087 1200 NDIS - ok[/size][/size]

[size="1"][size="1"]10:55:30.0119 1200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys[/size][/size]

[size="1"][size="1"]10:55:30.0119 1200 NdisCap - ok[/size][/size]

[size="1"][size="1"]10:55:30.0134 1200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys[/size][/size]

[size="1"][size="1"]10:55:30.0134 1200 NdisTapi - ok[/size][/size]

[size="1"][size="1"]10:55:30.0165 1200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys[/size][/size]

[size="1"][size="1"]10:55:30.0165 1200 Ndisuio - ok[/size][/size]

[size="1"][size="1"]10:55:30.0212 1200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys[/size][/size]

[size="1"][size="1"]10:55:30.0212 1200 NdisWan - ok[/size][/size]

[size="1"][size="1"]10:55:30.0259 1200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys[/size][/size]

[size="1"][size="1"]10:55:30.0259 1200 NDProxy - ok[/size][/size]

[size="1"][size="1"]10:55:30.0259 1200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys[/size][/size]

[size="1"][size="1"]10:55:30.0259 1200 NetBIOS - ok[/size][/size]

[size="1"][size="1"]10:55:30.0306 1200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys[/size][/size]

[size="1"][size="1"]10:55:30.0306 1200 NetBT - ok[/size][/size]

[size="1"][size="1"]10:55:30.0337 1200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size][/size]

[size="1"][size="1"]10:55:30.0337 1200 Netlogon - ok[/size][/size]

[size="1"][size="1"]10:55:30.0384 1200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll[/size][/size]

[size="1"][size="1"]10:55:30.0384 1200 Netman - ok[/size][/size]

[size="1"][size="1"]10:55:30.0493 1200 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size][/size]

[size="1"][size="1"]10:55:30.0493 1200 NetMsmqActivator - ok[/size][/size]

[size="1"][size="1"]10:55:30.0509 1200 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size][/size]

[size="1"][size="1"]10:55:30.0509 1200 NetPipeActivator - ok[/size][/size]

[size="1"][size="1"]10:55:30.0540 1200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll[/size][/size]

[size="1"][size="1"]10:55:30.0540 1200 netprofm - ok[/size][/size]

[size="1"][size="1"]10:55:30.0633 1200 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys[/size][/size]

[size="1"][size="1"]10:55:30.0649 1200 netr28x - ok[/size][/size]

[size="1"][size="1"]10:55:30.0696 1200 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size][/size]

[size="1"][size="1"]10:55:30.0711 1200 NetTcpActivator - ok[/size][/size]

[size="1"][size="1"]10:55:30.0711 1200 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size][/size]

[size="1"][size="1"]10:55:30.0711 1200 NetTcpPortSharing - ok[/size][/size]

[size="1"][size="1"]10:55:30.0758 1200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys[/size][/size]

[size="1"][size="1"]10:55:30.0758 1200 nfrd960 - ok[/size][/size]

[size="1"][size="1"]10:55:30.0789 1200 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys[/size][/size]

[size="1"][size="1"]10:55:30.0805 1200 NisDrv - ok[/size][/size]

[size="1"][size="1"]10:55:30.0836 1200 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe[/size][/size]

[size="1"][size="1"]10:55:30.0836 1200 NisSrv - ok[/size][/size]

[size="1"][size="1"]10:55:30.0867 1200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll[/size][/size]

[size="1"][size="1"]10:55:30.0867 1200 NlaSvc - ok[/size][/size]

[size="1"][size="1"]10:55:30.0883 1200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys[/size][/size]

[size="1"][size="1"]10:55:30.0883 1200 Npfs - ok[/size][/size]

[size="1"][size="1"]10:55:30.0899 1200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll[/size][/size]

[size="1"][size="1"]10:55:30.0899 1200 nsi - ok[/size][/size]

[size="1"][size="1"]10:55:30.0899 1200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys[/size][/size]

[size="1"][size="1"]10:55:30.0899 1200 nsiproxy - ok[/size][/size]

[size="1"][size="1"]10:55:31.0055 1200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys[/size][/size]

[size="1"][size="1"]10:55:31.0070 1200 Ntfs - ok[/size][/size]

[size="1"][size="1"]10:55:31.0133 1200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys[/size][/size]

[size="1"][size="1"]10:55:31.0133 1200 Null - ok[/size][/size]

[size="1"][size="1"]10:55:31.0148 1200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys[/size][/size]

[size="1"][size="1"]10:55:31.0148 1200 nvraid - ok[/size][/size]

[size="1"][size="1"]10:55:31.0164 1200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys[/size][/size]

[size="1"][size="1"]10:55:31.0164 1200 nvstor - ok[/size][/size]

[size="1"][size="1"]10:55:31.0195 1200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys[/size][/size]

[size="1"][size="1"]10:55:31.0195 1200 nv_agp - ok[/size][/size]

[size="1"][size="1"]10:55:31.0211 1200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys[/size][/size]

[size="1"][size="1"]10:55:31.0211 1200 ohci1394 - ok[/size][/size]

[size="1"][size="1"]10:55:31.0273 1200 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[/size][/size]

[size="1"][size="1"]10:55:31.0273 1200 ose - ok[/size][/size]

[size="1"][size="1"]10:55:31.0632 1200 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[/size][/size]

[size="1"][size="1"]10:55:31.0663 1200 osppsvc - ok[/size][/size]

[size="1"][size="1"]10:55:31.0725 1200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll[/size][/size]

[size="1"][size="1"]10:55:31.0725 1200 p2pimsvc - ok[/size][/size]

[size="1"][size="1"]10:55:31.0757 1200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll[/size][/size]

[size="1"][size="1"]10:55:31.0772 1200 p2psvc - ok[/size][/size]

[size="1"][size="1"]10:55:31.0788 1200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys[/size][/size]

[size="1"][size="1"]10:55:31.0788 1200 Parport - ok[/size][/size]

[size="1"][size="1"]10:55:31.0819 1200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys[/size][/size]

[size="1"][size="1"]10:55:31.0819 1200 partmgr - ok[/size][/size]

[size="1"][size="1"]10:55:31.0850 1200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll[/size][/size]

[size="1"][size="1"]10:55:31.0850 1200 PcaSvc - ok[/size][/size]

[size="1"][size="1"]10:55:31.0897 1200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys[/size][/size]

[size="1"][size="1"]10:55:31.0897 1200 pci - ok[/size][/size]

[size="1"][size="1"]10:55:31.0913 1200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys[/size][/size]

[size="1"][size="1"]10:55:31.0913 1200 pciide - ok[/size][/size]

[size="1"][size="1"]10:55:31.0944 1200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys[/size][/size]

[size="1"][size="1"]10:55:31.0944 1200 pcmcia - ok[/size][/size]

[size="1"][size="1"]10:55:31.0959 1200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys[/size][/size]

[size="1"][size="1"]10:55:31.0959 1200 pcw - ok[/size][/size]

[size="1"][size="1"]10:55:31.0975 1200 pdfcDispatcher - ok[/size][/size]

[size="1"][size="1"]10:55:32.0006 1200 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[/size][/size]

[size="1"][size="1"]10:55:32.0006 1200 PdiService - ok[/size][/size]

[size="1"][size="1"]10:55:32.0053 1200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys[/size][/size]

[size="1"][size="1"]10:55:32.0069 1200 PEAUTH - ok[/size][/size]

[size="1"][size="1"]10:55:32.0115 1200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe[/size][/size]

[size="1"][size="1"]10:55:32.0115 1200 PerfHost - ok[/size][/size]

[size="1"][size="1"]10:55:32.0225 1200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll[/size][/size]

[size="1"][size="1"]10:55:32.0225 1200 pla - ok[/size][/size]

[size="1"][size="1"]10:55:32.0287 1200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll[/size][/size]

[size="1"][size="1"]10:55:32.0303 1200 PlugPlay - ok[/size][/size]

[size="1"][size="1"]10:55:32.0318 1200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll[/size][/size]

[size="1"][size="1"]10:55:32.0318 1200 PNRPAutoReg - ok[/size][/size]

[size="1"][size="1"]10:55:32.0349 1200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll[/size][/size]

[size="1"][size="1"]10:55:32.0349 1200 PNRPsvc - ok[/size][/size]

[size="1"][size="1"]10:55:32.0396 1200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll[/size][/size]

[size="1"][size="1"]10:55:32.0396 1200 PolicyAgent - ok[/size][/size]

[size="1"][size="1"]10:55:32.0443 1200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll[/size][/size]

[size="1"][size="1"]10:55:32.0443 1200 Power - ok[/size][/size]

[size="1"][size="1"]10:55:32.0490 1200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys[/size][/size]

[size="1"][size="1"]10:55:32.0490 1200 PptpMiniport - ok[/size][/size]

[size="1"][size="1"]10:55:32.0505 1200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys[/size][/size]

[size="1"][size="1"]10:55:32.0505 1200 Processor - ok[/size][/size]

[size="1"][size="1"]10:55:32.0552 1200 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll[/size][/size]

[size="1"][size="1"]10:55:32.0552 1200 ProfSvc - ok[/size][/size]

[size="1"][size="1"]10:55:32.0583 1200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size][/size]

[size="1"][size="1"]10:55:32.0583 1200 ProtectedStorage - ok[/size][/size]

[size="1"][size="1"]10:55:32.0615 1200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys[/size][/size]

[size="1"][size="1"]10:55:32.0615 1200 Psched - ok[/size][/size]

[size="1"][size="1"]10:55:32.0661 1200 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[/size][/size]

[size="1"][size="1"]10:55:32.0661 1200 PSI_SVC_2 - ok[/size][/size]

[size="1"][size="1"]10:55:32.0802 1200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys[/size][/size]

[size="1"][size="1"]10:55:32.0817 1200 ql2300 - ok[/size][/size]

[size="1"][size="1"]10:55:32.0895 1200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys[/size][/size]

[size="1"][size="1"]10:55:32.0895 1200 ql40xx - ok[/size][/size]

[size="1"][size="1"]10:55:32.0927 1200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll[/size][/size]

[size="1"][size="1"]10:55:32.0927 1200 QWAVE - ok[/size][/size]

[size="1"][size="1"]10:55:32.0942 1200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys[/size][/size]

[size="1"][size="1"]10:55:32.0942 1200 QWAVEdrv - ok[/size][/size]

[size="1"][size="1"]10:55:32.0942 1200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys[/size][/size]

[size="1"][size="1"]10:55:32.0942 1200 RasAcd - ok[/size][/size]

[size="1"][size="1"]10:55:32.0958 1200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys[/size][/size]

[size="1"][size="1"]10:55:32.0958 1200 RasAgileVpn - ok[/size][/size]

[size="1"][size="1"]10:55:32.0973 1200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll[/size][/size]

[size="1"][size="1"]10:55:32.0973 1200 RasAuto - ok[/size][/size]

[size="1"][size="1"]10:55:33.0005 1200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys[/size][/size]

[size="1"][size="1"]10:55:33.0005 1200 Rasl2tp - ok[/size][/size]

[size="1"][size="1"]10:55:33.0067 1200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll[/size][/size]

[size="1"][size="1"]10:55:33.0067 1200 RasMan - ok[/size][/size]

[size="1"][size="1"]10:55:33.0098 1200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys[/size][/size]

[size="1"][size="1"]10:55:33.0098 1200 RasPppoe - ok[/size][/size]

[size="1"][size="1"]10:55:33.0114 1200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys[/size][/size]

[size="1"][size="1"]10:55:33.0114 1200 RasSstp - ok[/size][/size]

[size="1"][size="1"]10:55:33.0145 1200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys[/size][/size]

[size="1"][size="1"]10:55:33.0145 1200 rdbss - ok[/size][/size]

[size="1"][size="1"]10:55:33.0176 1200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys[/size][/size]

[size="1"][size="1"]10:55:33.0176 1200 rdpbus - ok[/size][/size]

[size="1"][size="1"]10:55:33.0192 1200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys[/size][/size]

[size="1"][size="1"]10:55:33.0192 1200 RDPCDD - ok[/size][/size]

[size="1"][size="1"]10:55:33.0207 1200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys[/size][/size]

[size="1"][size="1"]10:55:33.0207 1200 RDPENCDD - ok[/size][/size]

[size="1"][size="1"]10:55:33.0223 1200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys[/size][/size]

[size="1"][size="1"]10:55:33.0223 1200 RDPREFMP - ok[/size][/size]

[size="1"][size="1"]10:55:33.0270 1200 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys[/size][/size]

[size="1"][size="1"]10:55:33.0270 1200 RDPWD - ok[/size][/size]

[size="1"][size="1"]10:55:33.0317 1200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys[/size][/size]

[size="1"][size="1"]10:55:33.0317 1200 rdyboost - ok[/size][/size]

[size="1"][size="1"]10:55:33.0332 1200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll[/size][/size]

[size="1"][size="1"]10:55:33.0332 1200 RemoteAccess - ok[/size][/size]

[size="1"][size="1"]10:55:33.0348 1200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll[/size][/size]

[size="1"][size="1"]10:55:33.0348 1200 RemoteRegistry - ok[/size][/size]

[size="1"][size="1"]10:55:33.0363 1200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll[/size][/size]

[size="1"][size="1"]10:55:33.0363 1200 RpcEptMapper - ok[/size][/size]

[size="1"][size="1"]10:55:33.0379 1200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe[/size][/size]

[size="1"][size="1"]10:55:33.0379 1200 RpcLocator - ok[/size][/size]

[size="1"][size="1"]10:55:33.0426 1200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll[/size][/size]

[size="1"][size="1"]10:55:33.0441 1200 RpcSs - ok[/size][/size]

[size="1"][size="1"]10:55:33.0441 1200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys[/size][/size]

[size="1"][size="1"]10:55:33.0441 1200 rspndr - ok[/size][/size]

[size="1"][size="1"]10:55:33.0504 1200 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\Windows\system32\DRIVERS\Rt64win7.sys[/size][/size]

[size="1"][size="1"]10:55:33.0504 1200 RTL8167 - ok[/size][/size]

[size="1"][size="1"]10:55:33.0519 1200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size][/size]

[size="1"][size="1"]10:55:33.0519 1200 SamSs - ok[/size][/size]

[size="1"][size="1"]10:55:33.0551 1200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys[/size][/size]

[size="1"][size="1"]10:55:33.0551 1200 sbp2port - ok[/size][/size]

[size="1"][size="1"]10:55:33.0566 1200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll[/size][/size]

[size="1"][size="1"]10:55:33.0566 1200 SCardSvr - ok[/size][/size]

[size="1"][size="1"]10:55:33.0597 1200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys[/size][/size]

[size="1"][size="1"]10:55:33.0597 1200 scfilter - ok[/size][/size]

[size="1"][size="1"]10:55:33.0707 1200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll[/size][/size]

[size="1"][size="1"]10:55:33.0722 1200 Schedule - ok[/size][/size]

[size="1"][size="1"]10:55:33.0769 1200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll[/size][/size]

[size="1"][size="1"]10:55:33.0769 1200 SCPolicySvc - ok[/size][/size]

[size="1"][size="1"]10:55:33.0800 1200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll[/size][/size]

[size="1"][size="1"]10:55:33.0816 1200 SDRSVC - ok[/size][/size]

[size="1"][size="1"]10:55:33.0816 1200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys[/size][/size]

[size="1"][size="1"]10:55:33.0816 1200 secdrv - ok[/size][/size]

[size="1"][size="1"]10:55:33.0847 1200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll[/size][/size]

[size="1"][size="1"]10:55:33.0847 1200 seclogon - ok[/size][/size]

[size="1"][size="1"]10:55:33.0863 1200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll[/size][/size]

[size="1"][size="1"]10:55:33.0863 1200 SENS - ok[/size][/size]

[size="1"][size="1"]10:55:33.0878 1200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll[/size][/size]

[size="1"][size="1"]10:55:33.0878 1200 SensrSvc - ok[/size][/size]

[size="1"][size="1"]10:55:33.0909 1200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys[/size][/size]

[size="1"][size="1"]10:55:33.0909 1200 Serenum - ok[/size][/size]

[size="1"][size="1"]10:55:33.0925 1200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys[/size][/size]

[size="1"][size="1"]10:55:33.0925 1200 Serial - ok[/size][/size]

[size="1"][size="1"]10:55:33.0941 1200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys[/size][/size]

[size="1"][size="1"]10:55:33.0941 1200 sermouse - ok[/size][/size]

[size="1"][size="1"]10:55:33.0987 1200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll[/size][/size]

[size="1"][size="1"]10:55:33.0987 1200 SessionEnv - ok[/size][/size]

[size="1"][size="1"]10:55:34.0019 1200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys[/size][/size]

[size="1"][size="1"]10:55:34.0019 1200 sffdisk - ok[/size][/size]

[size="1"][size="1"]10:55:34.0019 1200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys[/size][/size]

[size="1"][size="1"]10:55:34.0019 1200 sffp_mmc - ok[/size][/size]

[size="1"][size="1"]10:55:34.0034 1200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys[/size][/size]

[size="1"][size="1"]10:55:34.0034 1200 sffp_sd - ok[/size][/size]

[size="1"][size="1"]10:55:34.0050 1200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys[/size][/size]

[size="1"][size="1"]10:55:34.0050 1200 sfloppy - ok[/size][/size]

[size="1"][size="1"]10:55:34.0128 1200 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys[/size][/size]

[size="1"][size="1"]10:55:34.0143 1200 Sftfs - ok[/size][/size]

[size="1"][size="1"]10:55:34.0237 1200 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[/size][/size]

[size="1"][size="1"]10:55:34.0237 1200 sftlist - ok[/size][/size]

[size="1"][size="1"]10:55:34.0487 1200 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys[/size][/size]

[size="1"][size="1"]10:55:34.0502 1200 Sftplay - ok[/size][/size]

[size="1"][size="1"]10:55:34.0533 1200 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys[/size][/size]

[size="1"][size="1"]10:55:34.0533 1200 Sftredir - ok[/size][/size]

[size="1"][size="1"]10:55:34.0549 1200 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys[/size][/size]

[size="1"][size="1"]10:55:34.0549 1200 Sftvol - ok[/size][/size]

[size="1"][size="1"]10:55:34.0565 1200 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[/size][/size]

[size="1"][size="1"]10:55:34.0565 1200 sftvsa - ok[/size][/size]

[size="1"][size="1"]10:55:34.0596 1200 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll[/size][/size]

[size="1"][size="1"]10:55:34.0611 1200 SharedAccess - ok[/size][/size]

[size="1"][size="1"]10:55:34.0658 1200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll[/size][/size]

[size="1"][size="1"]10:55:34.0674 1200 ShellHWDetection - ok[/size][/size]

[size="1"][size="1"]10:55:34.0721 1200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys[/size][/size]

[size="1"][size="1"]10:55:34.0721 1200 SiSRaid2 - ok[/size][/size]

[size="1"][size="1"]10:55:34.0736 1200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys[/size][/size]

[size="1"][size="1"]10:55:34.0736 1200 SiSRaid4 - ok[/size][/size]

[size="1"][size="1"]10:55:34.0799 1200 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe[/size][/size]

[size="1"][size="1"]10:55:34.0799 1200 SkypeUpdate - ok[/size][/size]

[size="1"][size="1"]10:55:34.0830 1200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys[/size][/size]

[size="1"][size="1"]10:55:34.0830 1200 Smb - ok[/size][/size]

[size="1"][size="1"]10:55:34.0861 1200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe[/size][/size]

[size="1"][size="1"]10:55:34.0861 1200 SNMPTRAP - ok[/size][/size]

[size="1"][size="1"]10:55:34.0877 1200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys[/size][/size]

[size="1"][size="1"]10:55:34.0877 1200 spldr - ok[/size][/size]

[size="1"][size="1"]10:55:34.0923 1200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe[/size][/size]

[size="1"][size="1"]10:55:34.0923 1200 Spooler - ok[/size][/size]

[size="1"][size="1"]10:55:35.0111 1200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe[/size][/size]

[size="1"][size="1"]10:55:35.0126 1200 sppsvc - ok[/size][/size]

[size="1"][size="1"]10:55:35.0204 1200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll[/size][/size]

[size="1"][size="1"]10:55:35.0204 1200 sppuinotify - ok[/size][/size]

[size="1"][size="1"]10:55:35.0282 1200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys[/size][/size]

[size="1"][size="1"]10:55:35.0298 1200 srv - ok[/size][/size]

[size="1"][size="1"]10:55:35.0329 1200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys[/size][/size]

[size="1"][size="1"]10:55:35.0329 1200 srv2 - ok[/size][/size]

[size="1"][size="1"]10:55:35.0345 1200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys[/size][/size]

[size="1"][size="1"]10:55:35.0360 1200 srvnet - ok[/size][/size]

[size="1"][size="1"]10:55:35.0391 1200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll[/size][/size]

[size="1"][size="1"]10:55:35.0407 1200 SSDPSRV - ok[/size][/size]

[size="1"][size="1"]10:55:35.0423 1200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll[/size][/size]

[size="1"][size="1"]10:55:35.0423 1200 SstpSvc - ok[/size][/size]

[size="1"][size="1"]10:55:35.0438 1200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys[/size][/size]

[size="1"][size="1"]10:55:35.0438 1200 stexstor - ok[/size][/size]

[size="1"][size="1"]10:55:35.0501 1200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll[/size][/size]

[size="1"][size="1"]10:55:35.0501 1200 stisvc - ok[/size][/size]

[size="1"][size="1"]10:55:35.0532 1200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys[/size][/size]

[size="1"][size="1"]10:55:35.0532 1200 swenum - ok[/size][/size]

[size="1"][size="1"]10:55:35.0579 1200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll[/size][/size]

[size="1"][size="1"]10:55:35.0594 1200 swprv - ok[/size][/size]

[size="1"][size="1"]10:55:35.0719 1200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll[/size][/size]

[size="1"][size="1"]10:55:35.0735 1200 SysMain - ok[/size][/size]

[size="1"][size="1"]10:55:35.0813 1200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll[/size][/size]

[size="1"][size="1"]10:55:35.0813 1200 TabletInputService - ok[/size][/size]

[size="1"][size="1"]10:55:35.0875 1200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll[/size][/size]

[size="1"][size="1"]10:55:35.0891 1200 TapiSrv - ok[/size][/size]

[size="1"][size="1"]10:55:35.0906 1200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll[/size][/size]

[size="1"][size="1"]10:55:35.0906 1200 TBS - ok[/size][/size]

[size="1"][size="1"]10:55:36.0047 1200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys[/size][/size]

[size="1"][size="1"]10:55:36.0047 1200 Tcpip - ok[/size][/size]

[size="1"][size="1"]10:55:36.0187 1200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys[/size][/size]

[size="1"][size="1"]10:55:36.0187 1200 TCPIP6 - ok[/size][/size]

[size="1"][size="1"]10:55:36.0265 1200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys[/size][/size]

[size="1"][size="1"]10:55:36.0265 1200 tcpipreg - ok[/size][/size]

[size="1"][size="1"]10:55:36.0281 1200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys[/size][/size]

[size="1"][size="1"]10:55:36.0281 1200 TDPIPE - ok[/size][/size]

[size="1"][size="1"]10:55:36.0312 1200 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys[/size][/size]

[size="1"][size="1"]10:55:36.0312 1200 TDTCP - ok[/size][/size]

[size="1"][size="1"]10:55:36.0343 1200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys[/size][/size]

[size="1"][size="1"]10:55:36.0343 1200 tdx - ok[/size][/size]

[size="1"][size="1"]10:55:36.0359 1200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys[/size][/size]

[size="1"][size="1"]10:55:36.0359 1200 TermDD - ok[/size][/size]

[size="1"][size="1"]10:55:36.0405 1200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll[/size][/size]

[size="1"][size="1"]10:55:36.0405 1200 TermService - ok[/size][/size]

[size="1"][size="1"]10:55:36.0421 1200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll[/size][/size]

[size="1"][size="1"]10:55:36.0421 1200 Themes - ok[/size][/size]

[size="1"][size="1"]10:55:36.0437 1200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll[/size][/size]

[size="1"][size="1"]10:55:36.0437 1200 THREADORDER - ok[/size][/size]

[size="1"][size="1"]10:55:36.0468 1200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll[/size][/size]

[size="1"][size="1"]10:55:36.0468 1200 TrkWks - ok[/size][/size]

[size="1"][size="1"]10:55:36.0515 1200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe[/size][/size]

[size="1"][size="1"]10:55:36.0515 1200 TrustedInstaller - ok[/size][/size]

[size="1"][size="1"]10:55:36.0561 1200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys[/size][/size]

[size="1"][size="1"]10:55:36.0577 1200 tssecsrv - ok[/size][/size]

[size="1"][size="1"]10:55:36.0608 1200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys[/size][/size]

[size="1"][size="1"]10:55:36.0608 1200 TsUsbFlt - ok[/size][/size]

[size="1"][size="1"]10:55:36.0655 1200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys[/size][/size]

[size="1"][size="1"]10:55:36.0655 1200 tunnel - ok[/size][/size]

[size="1"][size="1"]10:55:36.0671 1200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys[/size][/size]

[size="1"][size="1"]10:55:36.0671 1200 uagp35 - ok[/size][/size]

[size="1"][size="1"]10:55:36.0717 1200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys[/size][/size]

[size="1"][size="1"]10:55:36.0717 1200 udfs - ok[/size][/size]

[size="1"][size="1"]10:55:36.0764 1200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe[/size][/size]

[size="1"][size="1"]10:55:36.0764 1200 UI0Detect - ok[/size][/size]

[size="1"][size="1"]10:55:36.0780 1200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys[/size][/size]

[size="1"][size="1"]10:55:36.0795 1200 uliagpkx - ok[/size][/size]

[size="1"][size="1"]10:55:36.0842 1200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys[/size][/size]

[size="1"][size="1"]10:55:36.0842 1200 umbus - ok[/size][/size]

[size="1"][size="1"]10:55:36.0858 1200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys[/size][/size]

[size="1"][size="1"]10:55:36.0858 1200 UmPass - ok[/size][/size]

[size="1"][size="1"]10:55:36.0905 1200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll[/size][/size]

[size="1"][size="1"]10:55:36.0905 1200 upnphost - ok[/size][/size]

[size="1"][size="1"]10:55:36.0920 1200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys[/size][/size]

[size="1"][size="1"]10:55:36.0920 1200 usbccgp - ok[/size][/size]

[size="1"][size="1"]10:55:36.0967 1200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys[/size][/size]

[size="1"][size="1"]10:55:36.0983 1200 usbcir - ok[/size][/size]

[size="1"][size="1"]10:55:36.0998 1200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys[/size][/size]

[size="1"][size="1"]10:55:36.0998 1200 usbehci - ok[/size][/size]

[size="1"][size="1"]10:55:37.0029 1200 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys[/size][/size]

[size="1"][size="1"]10:55:37.0029 1200 usbfilter - ok[/size][/size]

[size="1"][size="1"]10:55:37.0061 1200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys[/size][/size]

[size="1"][size="1"]10:55:37.0061 1200 usbhub - ok[/size][/size]

[size="1"][size="1"]10:55:37.0076 1200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys[/size][/size]

[size="1"][size="1"]10:55:37.0092 1200 usbohci - ok[/size][/size]

[size="1"][size="1"]10:55:37.0107 1200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys[/size][/size]

[size="1"][size="1"]10:55:37.0107 1200 usbprint - ok[/size][/size]

[size="1"][size="1"]10:55:37.0154 1200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys[/size][/size]

[size="1"][size="1"]10:55:37.0154 1200 usbscan - ok[/size][/size]

[size="1"][size="1"]10:55:37.0185 1200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS[/size][/size]

[size="1"][size="1"]10:55:37.0185 1200 USBSTOR - ok[/size][/size]

[size="1"][size="1"]10:55:37.0201 1200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys[/size][/size]

[size="1"][size="1"]10:55:37.0201 1200 usbuhci - ok[/size][/size]

[size="1"][size="1"]10:55:37.0217 1200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys[/size][/size]

[size="1"][size="1"]10:55:37.0217 1200 usbvideo - ok[/size][/size]

[size="1"][size="1"]10:55:37.0232 1200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll[/size][/size]

[size="1"][size="1"]10:55:37.0232 1200 UxSms - ok[/size][/size]

[size="1"][size="1"]10:55:37.0263 1200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size][/size]

[size="1"][size="1"]10:55:37.0263 1200 VaultSvc - ok[/size][/size]

[size="1"][size="1"]10:55:37.0279 1200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys[/size][/size]

[size="1"][size="1"]10:55:37.0279 1200 vdrvroot - ok[/size][/size]

[size="1"][size="1"]10:55:37.0326 1200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe[/size][/size]

[size="1"][size="1"]10:55:37.0326 1200 vds - ok[/size][/size]

[size="1"][size="1"]10:55:37.0341 1200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys[/size][/size]

[size="1"][size="1"]10:55:37.0341 1200 vga - ok[/size][/size]

[size="1"][size="1"]10:55:37.0341 1200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys[/size][/size]

[size="1"][size="1"]10:55:37.0341 1200 VgaSave - ok[/size][/size]

[size="1"][size="1"]10:55:37.0373 1200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys[/size][/size]

[size="1"][size="1"]10:55:37.0373 1200 vhdmp - ok[/size][/size]

[size="1"][size="1"]10:55:37.0388 1200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys[/size][/size]

[size="1"][size="1"]10:55:37.0404 1200 viaide - ok[/size][/size]

[size="1"][size="1"]10:55:37.0419 1200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys[/size][/size]

[size="1"][size="1"]10:55:37.0419 1200 volmgr - ok[/size][/size]

[size="1"][size="1"]10:55:37.0466 1200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys[/size][/size]

[size="1"][size="1"]10:55:37.0466 1200 volmgrx - ok[/size][/size]

[size="1"][size="1"]10:55:37.0497 1200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys[/size][/size]

[size="1"][size="1"]10:55:37.0497 1200 volsnap - ok[/size][/size]

[size="1"][size="1"]10:55:37.0529 1200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys[/size][/size]

[size="1"][size="1"]10:55:37.0529 1200 vsmraid - ok[/size][/size]

[size="1"][size="1"]10:55:37.0685 1200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe[/size][/size]

[size="1"][size="1"]10:55:37.0700 1200 VSS - ok[/size][/size]

[size="1"][size="1"]10:55:37.0794 1200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys[/size][/size]

[size="1"][size="1"]10:55:37.0809 1200 vwifibus - ok[/size][/size]

[size="1"][size="1"]10:55:37.0825 1200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys[/size][/size]

[size="1"][size="1"]10:55:37.0825 1200 vwififlt - ok[/size][/size]

[size="1"][size="1"]10:55:37.0856 1200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll[/size][/size]

[size="1"][size="1"]10:55:37.0856 1200 W32Time - ok[/size][/size]

[size="1"][size="1"]10:55:37.0887 1200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys[/size][/size]

[size="1"][size="1"]10:55:37.0887 1200 WacomPen - ok[/size][/size]

[size="1"][size="1"]10:55:37.0903 1200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size][/size]

[size="1"][size="1"]10:55:37.0903 1200 WANARP - ok[/size][/size]

[size="1"][size="1"]10:55:37.0919 1200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size][/size]

[size="1"][size="1"]10:55:37.0919 1200 Wanarpv6 - ok[/size][/size]

[size="1"][size="1"]10:55:38.0043 1200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe[/size][/size]

[size="1"][size="1"]10:55:38.0059 1200 WatAdminSvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0153 1200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe[/size][/size]

[size="1"][size="1"]10:55:38.0168 1200 wbengine - ok[/size][/size]

[size="1"][size="1"]10:55:38.0215 1200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0215 1200 WbioSrvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0277 1200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0277 1200 wcncsvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0293 1200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll[/size][/size]

[size="1"][size="1"]10:55:38.0293 1200 WcsPlugInService - ok[/size][/size]

[size="1"][size="1"]10:55:38.0309 1200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys[/size][/size]

[size="1"][size="1"]10:55:38.0309 1200 Wd - ok[/size][/size]

[size="1"][size="1"]10:55:38.0355 1200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys[/size][/size]

[size="1"][size="1"]10:55:38.0355 1200 Wdf01000 - ok[/size][/size]

[size="1"][size="1"]10:55:38.0371 1200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll[/size][/size]

[size="1"][size="1"]10:55:38.0371 1200 WdiServiceHost - ok[/size][/size]

[size="1"][size="1"]10:55:38.0387 1200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll[/size][/size]

[size="1"][size="1"]10:55:38.0387 1200 WdiSystemHost - ok[/size][/size]

[size="1"][size="1"]10:55:38.0418 1200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll[/size][/size]

[size="1"][size="1"]10:55:38.0433 1200 WebClient - ok[/size][/size]

[size="1"][size="1"]10:55:38.0449 1200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0449 1200 Wecsvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0465 1200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll[/size][/size]

[size="1"][size="1"]10:55:38.0465 1200 wercplsupport - ok[/size][/size]

[size="1"][size="1"]10:55:38.0480 1200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0480 1200 WerSvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0496 1200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys[/size][/size]

[size="1"][size="1"]10:55:38.0496 1200 WfpLwf - ok[/size][/size]

[size="1"][size="1"]10:55:38.0511 1200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys[/size][/size]

[size="1"][size="1"]10:55:38.0511 1200 WIMMount - ok[/size][/size]

[size="1"][size="1"]10:55:38.0527 1200 WinDefend - ok[/size][/size]

[size="1"][size="1"]10:55:38.0543 1200 WinHttpAutoProxySvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0605 1200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0605 1200 Winmgmt - ok[/size][/size]

[size="1"][size="1"]10:55:38.0761 1200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0777 1200 WinRM - ok[/size][/size]

[size="1"][size="1"]10:55:38.0823 1200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys[/size][/size]

[size="1"][size="1"]10:55:38.0823 1200 WinUsb - ok[/size][/size]

[size="1"][size="1"]10:55:38.0886 1200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll[/size][/size]

[size="1"][size="1"]10:55:38.0886 1200 Wlansvc - ok[/size][/size]

[size="1"][size="1"]10:55:38.0948 1200 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe[/size][/size]

[size="1"][size="1"]10:55:38.0948 1200 wlcrasvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0167 1200 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/size][/size]

[size="1"][size="1"]10:55:39.0167 1200 wlidsvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0245 1200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys[/size][/size]

[size="1"][size="1"]10:55:39.0245 1200 WmiAcpi - ok[/size][/size]

[size="1"][size="1"]10:55:39.0276 1200 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe[/size][/size]

[size="1"][size="1"]10:55:39.0276 1200 wmiApSrv - ok[/size][/size]

[size="1"][size="1"]10:55:39.0307 1200 WMPNetworkSvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0307 1200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll[/size][/size]

[size="1"][size="1"]10:55:39.0323 1200 WPCSvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0338 1200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll[/size][/size]

[size="1"][size="1"]10:55:39.0338 1200 WPDBusEnum - ok[/size][/size]

[size="1"][size="1"]10:55:39.0354 1200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys[/size][/size]

[size="1"][size="1"]10:55:39.0354 1200 ws2ifsl - ok[/size][/size]

[size="1"][size="1"]10:55:39.0385 1200 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll[/size][/size]

[size="1"][size="1"]10:55:39.0385 1200 wscsvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0385 1200 WSearch - ok[/size][/size]

[size="1"][size="1"]10:55:39.0557 1200 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll[/size][/size]

[size="1"][size="1"]10:55:39.0572 1200 wuauserv - ok[/size][/size]

[size="1"][size="1"]10:55:39.0635 1200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys[/size][/size]

[size="1"][size="1"]10:55:39.0635 1200 WudfPf - ok[/size][/size]

[size="1"][size="1"]10:55:39.0650 1200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size][/size]

[size="1"][size="1"]10:55:39.0666 1200 WUDFRd - ok[/size][/size]

[size="1"][size="1"]10:55:39.0681 1200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll[/size][/size]

[size="1"][size="1"]10:55:39.0697 1200 wudfsvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0697 1200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll[/size][/size]

[size="1"][size="1"]10:55:39.0713 1200 WwanSvc - ok[/size][/size]

[size="1"][size="1"]10:55:39.0744 1200 MBR (0x1B8) (e62d1f7a164f13bb434daf9173afb16b) \Device\Harddisk0\DR0[/size][/size]

[size="1"][size="1"]10:55:40.0025 1200 \Device\Harddisk0\DR0 - ok[/size][/size]

[size="1"][size="1"]10:55:40.0040 1200 Boot (0x1200) (1a6501080d7111e2df229062b3312adf) \Device\Harddisk0\DR0\Partition0[/size][/size]

[size="1"][size="1"]10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition0 - ok[/size][/size]

[size="1"][size="1"]10:55:40.0040 1200 Boot (0x1200) (7e17c48520d17e5ad06e0499b297a32a) \Device\Harddisk0\DR0\Partition1[/size][/size]

[size="1"][size="1"]10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition1 - ok[/size][/size]

[size="1"][size="1"]10:55:40.0071 1200 Boot (0x1200) (b5f145794c9b417a00d6cd0a4de1c5c2) \Device\Harddisk0\DR0\Partition2[/size][/size]

[size="1"][size="1"]10:55:40.0071 1200 \Device\Harddisk0\DR0\Partition2 - ok[/size][/size]

[size="1"][size="1"]10:55:40.0071 1200 ============================================================[/size][/size]

[size="1"][size="1"]10:55:40.0071 1200 Scan finished[/size][/size]

[size="1"][size="1"]10:55:40.0071 1200 ============================================================[/size][/size]

[size="1"][size="1"]10:55:40.0087 4844 Detected object count: 0[/size][/size]

[size="1"][size="1"]10:55:40.0087 4844 Actual detected object count: 0[/size][/size]

[size="1"]ASWMBR[/size]

[size="1"]aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 10:49:48
-----------------------------
10:49:48.924 OS Version: Windows x64 6.1.7601 Service Pack 1
10:49:48.924 Number of processors: 2 586 0x603
10:49:48.924 ComputerName: JUNE-HP UserName: June
10:49:50.577 Initialize success
10:51:39.263 AVAST engine defs: 12062700
10:52:11.898 The log file has been saved successfully to "C:\Users\June\Documents\aswMBR.txt"[/size]

[gringo_pr]

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• report from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now after running the script?

Gringo

[TiffGail]

ComboFix 12-06-27.01 - June 06/27/2012 18:04:38.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2658 [GMT -4:00]
Running from: c:\users\June\Downloads\ComboFix.exe
Command switches used :: c:\users\June\Desktop\CFScript.lnk
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-27 16:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1633D531-C6C7-4A6E-9A21-5FC49DF3AEF5}\mpengine.dll
2012-06-27 15:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 04:09 . 2012-06-27 04:09 -------- d-----w- c:\users\June\AppData\Roaming\NewspaperDirect
2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer
2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer
2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod
2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour
2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple
2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec
2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery
2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs
2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files
2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon
2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games
2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab
2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent
2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer
2012-05-30 01:06 . 2012-06-27 04:15 -------- d-----w- c:\program files (x86)\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_03.36.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-03 10:28 . 2012-06-27 21:47 60762 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 21:47 43140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-04 14:27 . 2012-06-27 21:47 13816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1758543969-522351655-1275309373-1000_UserData.bin
- 2009-07-14 05:30 . 2012-06-07 01:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-12-04 13:13 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 13:13 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 13:13 . 2012-06-25 02:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-04 13:13 . 2012-06-27 16:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-27 14:48 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-25 03:54 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-27 03:35 . 2012-06-27 03:35 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-12-06 08:33 . 2012-06-27 21:45 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-04 02:34 . 2012-06-27 20:36 314052 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-27 21:50 662860 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-26 13:36 662860 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 21:50 122430 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-26 13:36 122430 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-06-27 04:12 279360 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-12-04 02:43 . 2012-06-27 21:11 695328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-27 22:09 232380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-11 08:01 . 2010-11-11 08:01 1212416 c:\windows\system32\DriverStore\FileRepository\a323at_x64.inf_amd64_neutral_32d6ab48cec35d83\AVerAVF2.sys
+ 2009-07-14 04:45 . 2012-06-27 04:15 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-25 03:27 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-04 02:43 . 2012-06-27 22:09 6197240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-8192.dat
+ 2011-09-07 22:26 . 2012-06-27 04:11 1455124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880]
.
[HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}]
2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.insightbb.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-27 18:15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 22:15
ComboFix2.txt 2012-06-27 21:24
ComboFix3.txt 2012-06-27 03:42
.
Pre-Run: 917,663,649,792 bytes free
Post-Run: 917,588,402,176 bytes free
.
- - End Of File - - 7453F0F2E801C68977F19E01B21CD856





Computer is doing great.

[gringo_pr]

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove



Bing Rewards Client Installer
FrostWire 4.21.6
Funmoods on IE and Chrome
Java™ 6 Update 26
Recipe Hub
Shop To Win

Please download and install Revo Uninstaller Free

• Double click Revo Uninstaller to run it.
  
• From the list of programs double click on The Program to remove
  
• When prompted if you want to uninstall click Yes.
  
• Be sure the Moderate option is selected then click Next.
  
• The program will run, If prompted again click Yes
  
• when the built-in uninstaller is finished click on Next.
  
• Once the program has searched for leftovers click Next.
  
• Check/tick the bolded items only on the list then click Delete
  
• when prompted click on Yes and then on next.
  
• put a check on any folders that are found and select delete
  
• when prompted select yes then on next
  
• Once done click Finish.

.


Install Java:

Please go here to install Java

• click on the Free Java Download Button
  
• click on Agree and start Free download
  
• click on Run
  
• click on run again
  
• click on install
  
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
  • Run the installer to install the application.
    
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    
  • Click Run Cleaner.
    
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.


• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
    
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following


• Log From MBAM
  
• report from Hijackthis
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[TiffGail]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
June :: JUNE-HP [administrator]
Protection: Enabled
6/28/2012 1:16:57 AM
mbam-log-2012-06-28 (01-16-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221451
Time elapsed: 2 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e001b32e-5acb-4cce-9910-2d379ce0a6d6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\APPID\MightyMagooText.DLL (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...&q={searchTerms}) Good: (http://www.google.co...Page={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 3
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components (PUP.MightyMagoo) -> Quarantined and deleted successfully.
Files Detected: 8
C:\Users\June\Downloads\GreenGamesAndHam_UnlockGames.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\June\Downloads\Irfanview_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome.manifest (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\install.rdf (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.xpt (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Windows\svchost(184).exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)




HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:19 AM, on 6/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\June\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: FCTBPos00Pos - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO_PROJECT - {9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11608 bytes


Comptuer is doing great.

[gringo_pr]

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Run HijackThis
  
• Click on the Scan button
  
• Put a check beside all of the items listed below (if present):
  
  
  
  O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
  O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
  O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
  O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  
  
  
• Close all open windows and browsers/email, etc...
  
• Click on the "Fix Checked" button
  
• When completed, close the application.
  
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the ActiveX control to install
  
  • Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options
  
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
  
• Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

[TiffGail]

C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin\1pEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Mighty Magoo\mmagootl.dll.vir a variant of Win32/Adware.Gamevance.BE application
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\Users\June\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\June\AppData\LocalLow\DictionaryBossEI\Installr\Cache\0FE9788C.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\June\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\5DA63158.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe Win32/OpenCandy application
C:\Users\June\Downloads\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Users\June\Downloads\halo.exe a variant of Win32/InstallCore.Q application

[gringo_pr]

Hello

There are some minor things in your online scan that should be removed.


delete files

• Copy all text in the quote box (below)...to Notepad.
  

  Quote

  @echo off
  del /f /s /q "C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin\1pEZSETP.dll"
  del /f /s /q "C:\Users\June\AppData\Local\Temp\SetupDataMngr_Searchqu.exe"
  del /f /s /q "C:\Users\June\AppData\LocalLow\DictionaryBossEI\Installr\Cache\0FE9788C.exe"
  del /f /s /q "C:\Users\June\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\5DA63158.exe"
  del /f /s /q "C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
  del /f /s /q "C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
  del /f /s /q "C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe"
  del /f /s /q "C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe"
  del /f /s /q "C:\Users\June\Downloads\frostwire-4.21.6.windows.exe"
  del /f /s /q "C:\Users\June\Downloads\halo.exe"
  del %0
• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
  
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
  
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  
  
  Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Quote

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

[TiffGail]

Thank you so much!

[gringo_pr]

you are more than welcome



gringo