OK.. Here are the first two files: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/3/2012 1:24:11 PM System Uptime: 2/20/2013 6:22:22 PM (2 hours ago) . Motherboard: Acer | | JV11-ML Processor: Intel® Atom CPU Z520 @ 1.33GHz | U3E1 | 1333/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 190.026 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP143: 2/16/2013 7:00:48 PM - Revo Uninstaller's restore point - Acer Updater RP145: 2/16/2013 7:02:20 PM - Removed Acer Updater RP147: 2/16/2013 7:05:48 PM - Revo Uninstaller's restore point - Audible Download Manager RP148: 2/18/2013 11:05:46 AM - Installed Java 7 Update 13 RP149: 2/18/2013 10:19:06 PM - Device Driver Package Install: Intel® Display adapters RP150: 2/18/2013 10:59:16 PM - Windows Modules Installer RP151: 2/19/2013 8:28:04 AM - Restore Operation RP152: 2/20/2013 11:20:54 AM - Installed Java 7 Update 15 RP153: 2/20/2013 4:09:02 PM - Windows Update . ==== Installed Programs ====================== . Acer Crystal Eye webcam Acer Updater Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Amazon Kindle Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Audible Download Manager AudibleManager AVG 2013 CCleaner Foxit Reader Google Chrome Google Talk Plugin Intel® Graphics Media Accelerator 500 iTunes Java 7 Update 15 Java Auto Updater KeyScrambler Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Image Composite Editor Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB973688) PDFill FREE PDF Writer Picasa 3 QuickTime Realtek High Definition Audio Driver Recuva Revo Uninstaller 1.94 Sandboxie 3.76 (32-bit) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) SlimCleaner Spybot - Search & Destroy Synaptics Pointing Device Driver System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VirtualCloneDrive . ==== Event Viewer Messages From Past Week ======== . 2/20/2013 7:44:37 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 2/20/2013 6:04:36 PM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service. 2/20/2013 6:02:11 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/20/2013 6:02:02 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 2/20/2013 4:57:30 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 2/20/2013 4:13:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.143.2586.0). 2/20/2013 4:09:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 2/20/2013 3:14:49 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant. 2/20/2013 11:16:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 2/19/2013 9:40:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 2/19/2013 8:33:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/19/2013 7:02:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/19/2013 10:31:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/19/2013 10:31:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim Avgldx86 discache ElbyCDIO spldr Wanarpv6 2/19/2013 10:31:01 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:31:01 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 2/19/2013 10:30:58 AM, Error: Service Control Manager [7001] - The Application Identity service depends on the AppID Driver service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:30:58 AM, Error: Service Control Manager [7001] - The AppID Driver service depends on the System Attribute Cache service which failed to start because of the following error: A device attached to the system is not functioning. 2/18/2013 11:04:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 2/18/2013 11:04:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 2/17/2013 6:39:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/16/2013 3:46:34 PM, Error: Service Control Manager [7001] - The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/16/2013 3:09:06 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. 2/16/2013 3:02:49 PM, Error: Service Control Manager [7030] - The Windows Driver Foundation - User-mode Driver Framework service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/16/2013 1:29:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 2/15/2013 1:38:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service. 2/14/2013 5:44:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 2/14/2013 10:06:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 2/13/2013 11:01:34 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/13/2013 1:43:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 2/13/2013 1:43:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service. . ==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by Adam at 20:09:08 on 2013-02-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.907 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes ================ . C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\System32\snmptrap.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Windows\Explorer.EXE C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\notepad.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\svchost.exe -k defragsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxps://startpage.com/do/mypage.pl?prf=f83a6ce8e8788c5e821499ad31004fbc uSearchURL,(Default) = hxxps://startpage.com/do/metasearch.pl?query=%s&pl=ie&language=english&cat=web BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [Google Update] "c:\users\adam\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5B595297-3515-4AFB-BCA2-B04255CCCCF8} : DHCPNameServer = 192.168.1.254 Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\ FF - prefs.js: browser.search.selectedEngine - Startpage (SSL) FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=f83a6ce8e8788c5e821499ad31004fbc FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\adam\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664] R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2013-1-17 255376] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-19 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-19 682344] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-3 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-3 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-3 168384] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2010-9-16 648832] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-12-4 173880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-19 21104] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-3 14848] S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2012-11-13 35976] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-3 49664] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-1-3 27136] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-6 1343400] . =============== Created Last 30 ================ . 2013-02-20 21:09:52 -------- dc----w- C:\b20a6fb25457ccfbb7b9fe 2013-02-20 16:23:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-20 01:22:33 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-19 01:22:06 -------- dc----w- C:\IEMGD_HEAD_Windows7 2013-02-18 00:05:34 -------- dc----w- C:\IEGD 2013-02-13 16:19:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-13 16:19:03 149528 ----a-w- c:\program files\internet explorer\sqmapi.dll 2013-02-13 16:19:02 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-13 16:19:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2013-02-13 15:40:55 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 15:40:36 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-13 15:40:34 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 15:40:31 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 15:40:30 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 15:40:27 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-11 19:27:20 152072 -c--a-w- C:\Regbackup.reg 2013-02-11 02:08:45 454656 ----a-w- c:\program files\mozilla firefox\firemin\bin\sqlite3.exe 2013-02-11 02:08:44 590599 ----a-w- c:\program files\mozilla firefox\firemin\Firemin.exe 2013-02-10 05:18:39 -------- d-----w- c:\users\adam\appdata\roaming\Malwarebytes 2013-02-10 05:18:22 -------- d-----w- c:\programdata\Malwarebytes 2013-02-10 05:18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-10 01:32:43 -------- d-----w- c:\users\adam\appdata\roaming\GlarySoft 2013-02-10 01:29:10 -------- d-----w- c:\program files\Glary Utilities 2013-02-09 20:08:20 -------- d-----w- c:\users\adam\appdata\roaming\Wise Care 365 2013-02-07 13:47:35 -------- d-----w- c:\users\adam\appdata\roaming\SUPERAntiSpyware.com 2013-02-07 13:46:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-02-07 13:46:46 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-02-07 01:27:08 -------- d-----w- c:\users\adam\appdata\roaming\Barnes & Noble 2013-02-07 01:27:00 -------- d-----w- c:\program files\Barnes & Noble 2013-02-04 03:39:36 -------- d-----w- c:\program files\CCleaner 2013-02-04 03:06:14 -------- d-----w- c:\users\adam\appdata\local\SlimWare Utilities Inc 2013-02-04 03:05:44 -------- d-----w- c:\program files\SlimCleaner 2013-02-01 20:31:03 -------- d-----w- c:\programdata\unzip 2013-01-30 08:02:16 -------- d-----w- c:\program files\MSXML 4.0 2013-01-30 03:24:16 -------- d-----w- c:\programdata\MAGIX 2013-01-30 03:20:43 -------- d-----w- c:\users\adam\appdata\roaming\MAGIX 2013-01-26 17:09:31 -------- d-----w- c:\users\adam\appdata\roaming\AVG 2013-01-26 17:07:43 -------- d-----w- c:\programdata\AVG 2013-01-24 19:29:46 -------- d-----w- c:\users\adam\appdata\local\Opera . ==================== Find3M ==================== . 2013-02-20 16:22:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-20 16:22:55 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-10 15:55:27 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-10 15:55:27 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-17 20:28:21 120104 ----a-w- c:\windows\system32\SynTPCo4.dll 2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-05 04:01:46 1784352 ----a-w- c:\windows\system32\WavesLib.dll 2012-12-05 04:00:50 266240 ----a-w- c:\windows\system32\FMAPO.dll 2012-12-05 04:00:41 125952 ----a-w- c:\windows\system32\AERTARen.dll 2012-12-05 04:00:40 142848 ----a-w- c:\windows\system32\AERTACap.dll 2012-12-05 04:00:33 831488 ----a-w- c:\windows\RtlExUpd.dll 2012-12-04 01:39:17 1176312 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-12-04 01:39:14 212400 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-12-04 01:39:14 161064 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-12-04 01:39:10 206120 ----a-w- c:\windows\system32\SynCtrl.dll 2012-12-04 01:39:10 169256 ----a-w- c:\windows\system32\SynCOM.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe . ============= FINISH: 20:10:16.79 =============== Finally the Rogue Killer report Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/20/2013 08:14:28 PM in x86 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * WSearch [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 02/20/2013 08:14:57 PM Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s) I don't mind if not all the Windows services are running, as long as they are not necessary for Windows to work and don't compromise security. Thanks