TiffGail

Members
  • Content count

    12
  • Joined

  • Last visited

About TiffGail

  • Rank
    New Member
  1. Thank you so much!
  2. C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin\1pEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\Mighty Magoo\mmagootl.dll.vir a variant of Win32/Adware.Gamevance.BE application C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan C:\Users\June\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application C:\Users\June\AppData\LocalLow\DictionaryBossEI\Installr\Cache\0FE9788C.exe a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\June\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\5DA63158.exe a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe Win32/OpenCandy application C:\Users\June\Downloads\frostwire-4.21.6.windows.exe Win32/OpenCandy application C:\Users\June\Downloads\halo.exe a variant of Win32/InstallCore.Q application
  3. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.28.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 June :: JUNE-HP [administrator] Protection: Enabled 6/28/2012 1:16:57 AM mbam-log-2012-06-28 (01-16-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221451 Time elapsed: 2 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 12 HKCR\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e001b32e-5acb-4cce-9910-2d379ce0a6d6} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\APPID\MightyMagooText.DLL (PUP.MightyMagoo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2367&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully. Folders Detected: 3 C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components (PUP.MightyMagoo) -> Quarantined and deleted successfully. Files Detected: 8 C:\Users\June\Downloads\GreenGamesAndHam_UnlockGames.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully. C:\Users\June\Downloads\Irfanview_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome.manifest (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\install.rdf (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.xpt (PUP.MightyMagoo) -> Quarantined and deleted successfully. C:\Windows\svchost(184).exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. (end) HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:26:19 AM, on 6/28/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\June\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: FCToolbarURLSearchHook Class - {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: FCTBPos00Pos - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BHO_PROJECT - {9194649F-7143-4308-90C1-D6A35B0E354E} - (no file) O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11608 bytes Comptuer is doing great.
  4. ComboFix 12-06-27.01 - June 06/27/2012 18:04:38.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2658 [GMT -4:00] Running from: c:\users\June\Downloads\ComboFix.exe Command switches used :: c:\users\June\Desktop\CFScript.lnk AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-06-27 16:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1633D531-C6C7-4A6E-9A21-5FC49DF3AEF5}\mpengine.dll 2012-06-27 15:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-27 04:09 . 2012-06-27 04:09 -------- d-----w- c:\users\June\AppData\Roaming\NewspaperDirect 2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware 2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe 2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp 2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat 2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer 2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer 2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod 2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes 2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple 2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple 2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour 2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour 2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple 2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll 2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat 2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat 2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec 2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe 2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery 2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs 2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files 2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js 2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon 2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon 2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games 2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab 2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent 2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games 2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe 2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime 2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer 2012-05-30 01:06 . 2012-06-27 04:15 -------- d-----w- c:\program files (x86)\Kodak . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-27_03.36.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-03 10:28 . 2012-06-27 21:47 60762 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-27 21:47 43140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-04 14:27 . 2012-06-27 21:47 13816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1758543969-522351655-1275309373-1000_UserData.bin - 2009-07-14 05:30 . 2012-06-07 01:50 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-06-27 04:15 86016 c:\windows\system32\DriverStore\infpub.dat + 2010-12-04 13:13 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-04 13:13 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-04 13:13 . 2012-06-25 02:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-04 13:13 . 2012-06-27 16:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-06-27 14:48 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2012-06-25 03:54 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-06-27 22:09 . 2012-06-27 22:09 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-06-27 03:35 . 2012-06-27 03:35 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-12-06 08:33 . 2012-06-27 21:45 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-04 02:34 . 2012-06-27 20:36 314052 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2012-06-27 21:50 662860 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-26 13:36 662860 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-27 21:50 122430 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-26 13:36 122430 c:\windows\system32\perfc009.dat + 2009-07-14 04:45 . 2012-06-27 04:12 279360 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstor.dat + 2010-12-04 02:43 . 2012-06-27 21:11 695328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-06-27 22:09 232380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-11 08:01 . 2010-11-11 08:01 1212416 c:\windows\system32\DriverStore\FileRepository\a323at_x64.inf_amd64_neutral_32d6ab48cec35d83\AVerAVF2.sys + 2009-07-14 04:45 . 2012-06-27 04:15 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-25 03:27 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2010-12-04 02:43 . 2012-06-27 22:09 6197240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-8192.dat + 2011-09-07 22:26 . 2012-06-27 04:11 1455124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880] . [HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}] 2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264] S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184] S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.insightbb.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . BHO-{9194649F-7143-4308-90C1-D6A35B0E354E} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-06-27 18:15:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 22:15 ComboFix2.txt 2012-06-27 21:24 ComboFix3.txt 2012-06-27 03:42 . Pre-Run: 917,663,649,792 bytes free Post-Run: 917,588,402,176 bytes free . - - End Of File - - 7453F0F2E801C68977F19E01B21CD856 Computer is doing great.
  5. I had no problems running the programs. TDSSKILLER 10:55:18.0075 3536 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 10:55:18.0356 3536 ============================================================ 10:55:18.0356 3536 Current date / time: 2012/06/27 10:55:18.0356 10:55:18.0356 3536 SystemInfo: 10:55:18.0356 3536 10:55:18.0356 3536 OS Version: 6.1.7601 ServicePack: 1.0 10:55:18.0356 3536 Product type: Workstation 10:55:18.0356 3536 ComputerName: JUNE-HP 10:55:18.0356 3536 UserName: June 10:55:18.0356 3536 Windows directory: C:\Windows 10:55:18.0356 3536 System windows directory: C:\Windows 10:55:18.0356 3536 Running under WOW64 10:55:18.0356 3536 Processor architecture: Intel x64 10:55:18.0356 3536 Number of processors: 2 10:55:18.0356 3536 Page size: 0x1000 10:55:18.0356 3536 Boot type: Normal boot 10:55:18.0356 3536 ============================================================ 10:55:19.0511 3536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:55:19.0526 3536 ============================================================ 10:55:19.0526 3536 \Device\Harddisk0\DR0: 10:55:19.0526 3536 MBR partitions: 10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72915800 10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72948000, BlocksNum 0x1DBE000 10:55:19.0526 3536 ============================================================ 10:55:19.0542 3536 C: <-> \Device\Harddisk0\DR0\Partition1 10:55:19.0589 3536 D: <-> \Device\Harddisk0\DR0\Partition2 10:55:19.0589 3536 ============================================================ 10:55:19.0589 3536 Initialize success 10:55:19.0589 3536 ============================================================ 10:55:20.0681 1200 ============================================================ 10:55:20.0681 1200 Scan started 10:55:20.0681 1200 Mode: Manual; 10:55:20.0681 1200 ============================================================ 10:55:21.0741 1200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:55:21.0741 1200 1394ohci - ok 10:55:21.0788 1200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:55:21.0788 1200 ACPI - ok 10:55:21.0819 1200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:55:21.0819 1200 AcpiPmi - ok 10:55:21.0913 1200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:55:21.0913 1200 AdobeARMservice - ok 10:55:21.0975 1200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:55:21.0975 1200 adp94xx - ok 10:55:22.0007 1200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:55:22.0007 1200 adpahci - ok 10:55:22.0022 1200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:55:22.0022 1200 adpu320 - ok 10:55:22.0069 1200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:55:22.0069 1200 AeLookupSvc - ok 10:55:22.0131 1200 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE 10:55:22.0131 1200 AERTFilters - ok 10:55:22.0194 1200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:55:22.0209 1200 AFD - ok 10:55:22.0225 1200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:55:22.0225 1200 agp440 - ok 10:55:22.0241 1200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:55:22.0241 1200 ALG - ok 10:55:22.0256 1200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:55:22.0256 1200 aliide - ok 10:55:22.0287 1200 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe 10:55:22.0287 1200 AMD External Events Utility - ok 10:55:22.0319 1200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:55:22.0319 1200 amdide - ok 10:55:22.0334 1200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:55:22.0334 1200 AmdK8 - ok 10:55:22.0693 1200 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys 10:55:22.0724 1200 amdkmdag - ok 10:55:22.0802 1200 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys 10:55:22.0802 1200 amdkmdap - ok 10:55:22.0818 1200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:55:22.0818 1200 AmdPPM - ok 10:55:22.0849 1200 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys 10:55:22.0849 1200 amdsata - ok 10:55:22.0865 1200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:55:22.0865 1200 amdsbs - ok 10:55:22.0880 1200 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys 10:55:22.0880 1200 amdxata - ok 10:55:22.0911 1200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:55:22.0911 1200 AppID - ok 10:55:22.0927 1200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:55:22.0927 1200 AppIDSvc - ok 10:55:22.0974 1200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:55:22.0974 1200 Appinfo - ok 10:55:22.0989 1200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:55:22.0989 1200 arc - ok 10:55:23.0005 1200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:55:23.0005 1200 arcsas - ok 10:55:23.0083 1200 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:55:23.0083 1200 aspnet_state - ok 10:55:23.0114 1200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:55:23.0114 1200 AsyncMac - ok 10:55:23.0130 1200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:55:23.0145 1200 atapi - ok 10:55:23.0177 1200 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 10:55:23.0177 1200 AtiPcie - ok 10:55:23.0239 1200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:55:23.0255 1200 AudioEndpointBuilder - ok 10:55:23.0255 1200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:55:23.0270 1200 AudioSrv - ok 10:55:23.0379 1200 AVerAVF2 (086cbbb45324d56aa7239046cd86149a) C:\Windows\system32\DRIVERS\AVerAVF2.sys 10:55:23.0395 1200 AVerAVF2 - ok 10:55:23.0442 1200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:55:23.0442 1200 AxInstSV - ok 10:55:23.0489 1200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:55:23.0489 1200 b06bdrv - ok 10:55:23.0520 1200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:55:23.0520 1200 b57nd60a - ok 10:55:23.0535 1200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:55:23.0535 1200 BDESVC - ok 10:55:23.0551 1200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:55:23.0551 1200 Beep - ok 10:55:23.0645 1200 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:55:23.0660 1200 BFE - ok 10:55:23.0723 1200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 10:55:23.0723 1200 BITS - ok 10:55:23.0738 1200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:55:23.0738 1200 blbdrive - ok 10:55:23.0769 1200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:55:23.0769 1200 bowser - ok 10:55:23.0769 1200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:55:23.0785 1200 BrFiltLo - ok 10:55:23.0801 1200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:55:23.0801 1200 BrFiltUp - ok 10:55:23.0816 1200 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 10:55:23.0816 1200 BridgeMP - ok 10:55:23.0847 1200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:55:23.0847 1200 Browser - ok 10:55:23.0879 1200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:55:23.0879 1200 Brserid - ok 10:55:23.0894 1200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:55:23.0894 1200 BrSerWdm - ok 10:55:23.0910 1200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:55:23.0910 1200 BrUsbMdm - ok 10:55:23.0910 1200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:55:23.0910 1200 BrUsbSer - ok 10:55:23.0925 1200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:55:23.0925 1200 BTHMODEM - ok 10:55:23.0957 1200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:55:23.0957 1200 bthserv - ok 10:55:24.0035 1200 CalendarSynchService (28d3d9c47c1f6686f2a2edef0956166c) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe 10:55:24.0035 1200 CalendarSynchService - ok 10:55:24.0050 1200 catchme - ok 10:55:24.0081 1200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:55:24.0081 1200 cdfs - ok 10:55:24.0081 1200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 10:55:24.0097 1200 cdrom - ok 10:55:24.0159 1200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:55:24.0159 1200 CertPropSvc - ok 10:55:24.0253 1200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:55:24.0253 1200 circlass - ok 10:55:24.0300 1200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:55:24.0300 1200 CLFS - ok 10:55:24.0362 1200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:55:24.0362 1200 clr_optimization_v2.0.50727_32 - ok 10:55:24.0409 1200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:55:24.0409 1200 clr_optimization_v2.0.50727_64 - ok 10:55:24.0456 1200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:55:24.0471 1200 clr_optimization_v4.0.30319_32 - ok 10:55:24.0518 1200 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:55:24.0518 1200 clr_optimization_v4.0.30319_64 - ok 10:55:24.0534 1200 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys 10:55:24.0534 1200 clwvd - ok 10:55:24.0549 1200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:55:24.0549 1200 CmBatt - ok 10:55:24.0581 1200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:55:24.0581 1200 cmdide - ok 10:55:24.0643 1200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:55:24.0659 1200 CNG - ok 10:55:24.0690 1200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:55:24.0690 1200 Compbatt - ok 10:55:24.0705 1200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:55:24.0705 1200 CompositeBus - ok 10:55:24.0721 1200 COMSysApp - ok 10:55:24.0752 1200 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys 10:55:24.0752 1200 CpqDfw - ok 10:55:24.0768 1200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:55:24.0768 1200 crcdisk - ok 10:55:24.0815 1200 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 10:55:24.0815 1200 CryptSvc - ok 10:55:24.0908 1200 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 10:55:24.0908 1200 cvhsvc - ok 10:55:25.0002 1200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:55:25.0002 1200 DcomLaunch - ok 10:55:25.0033 1200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:55:25.0049 1200 defragsvc - ok 10:55:25.0064 1200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:55:25.0064 1200 DfsC - ok 10:55:25.0142 1200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:55:25.0142 1200 Dhcp - ok 10:55:25.0158 1200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:55:25.0158 1200 discache - ok 10:55:25.0189 1200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:55:25.0189 1200 Disk - ok 10:55:25.0236 1200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:55:25.0236 1200 Dnscache - ok 10:55:25.0267 1200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:55:25.0283 1200 dot3svc - ok 10:55:25.0314 1200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:55:25.0314 1200 DPS - ok 10:55:25.0345 1200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:55:25.0345 1200 drmkaud - ok 10:55:25.0376 1200 DTSRVC (b1a72a497951217ae862117e8304f4e8) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe 10:55:25.0376 1200 DTSRVC - ok 10:55:25.0470 1200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:55:25.0485 1200 DXGKrnl - ok 10:55:25.0532 1200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:55:25.0532 1200 EapHost - ok 10:55:25.0719 1200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:55:25.0735 1200 ebdrv - ok 10:55:25.0829 1200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:55:25.0829 1200 EFS - ok 10:55:25.0907 1200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:55:25.0922 1200 ehRecvr - ok 10:55:25.0953 1200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:55:25.0953 1200 ehSched - ok 10:55:26.0000 1200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:55:26.0000 1200 elxstor - ok 10:55:26.0031 1200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:55:26.0031 1200 ErrDev - ok 10:55:26.0078 1200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:55:26.0094 1200 EventSystem - ok 10:55:26.0109 1200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:55:26.0109 1200 exfat - ok 10:55:26.0141 1200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:55:26.0141 1200 fastfat - ok 10:55:26.0219 1200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:55:26.0219 1200 Fax - ok 10:55:26.0234 1200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:55:26.0234 1200 fdc - ok 10:55:26.0250 1200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:55:26.0250 1200 fdPHost - ok 10:55:26.0265 1200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:55:26.0265 1200 FDResPub - ok 10:55:26.0281 1200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:55:26.0281 1200 FileInfo - ok 10:55:26.0281 1200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:55:26.0281 1200 Filetrace - ok 10:55:26.0297 1200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:55:26.0297 1200 flpydisk - ok 10:55:26.0343 1200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:55:26.0343 1200 FltMgr - ok 10:55:26.0421 1200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:55:26.0421 1200 FontCache - ok 10:55:26.0468 1200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:55:26.0468 1200 FontCache3.0.0.0 - ok 10:55:26.0499 1200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:55:26.0499 1200 FsDepends - ok 10:55:26.0531 1200 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 10:55:26.0531 1200 fssfltr - ok 10:55:26.0718 1200 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 10:55:26.0749 1200 fsssvc - ok 10:55:26.0858 1200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:55:26.0874 1200 Fs_Rec - ok 10:55:26.0921 1200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:55:26.0921 1200 fvevol - ok 10:55:26.0936 1200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:55:26.0936 1200 gagp30kx - ok 10:55:27.0014 1200 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 10:55:27.0014 1200 GamesAppService - ok 10:55:27.0123 1200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:55:27.0123 1200 gpsvc - ok 10:55:27.0139 1200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:55:27.0139 1200 hcw85cir - ok 10:55:27.0201 1200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:55:27.0217 1200 HdAudAddService - ok 10:55:27.0233 1200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:55:27.0233 1200 HDAudBus - ok 10:55:27.0248 1200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:55:27.0248 1200 HidBatt - ok 10:55:27.0264 1200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:55:27.0264 1200 HidBth - ok 10:55:27.0295 1200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:55:27.0295 1200 HidIr - ok 10:55:27.0326 1200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 10:55:27.0326 1200 hidserv - ok 10:55:27.0326 1200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 10:55:27.0326 1200 HidUsb - ok 10:55:27.0357 1200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:55:27.0373 1200 hkmsvc - ok 10:55:27.0404 1200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:55:27.0404 1200 HomeGroupListener - ok 10:55:27.0435 1200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:55:27.0435 1200 HomeGroupProvider - ok 10:55:27.0482 1200 HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 10:55:27.0482 1200 HP Health Check Service - ok 10:55:27.0545 1200 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 10:55:27.0545 1200 hpqwmiex - ok 10:55:27.0560 1200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:55:27.0560 1200 HpSAMD - ok 10:55:27.0638 1200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:55:27.0638 1200 HTTP - ok 10:55:27.0669 1200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:55:27.0669 1200 hwpolicy - ok 10:55:27.0701 1200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:55:27.0701 1200 i8042prt - ok 10:55:27.0732 1200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:55:27.0732 1200 iaStorV - ok 10:55:27.0857 1200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:55:27.0872 1200 idsvc - ok 10:55:27.0888 1200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:55:27.0888 1200 iirsp - ok 10:55:27.0950 1200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:55:27.0950 1200 IKEEXT - ok 10:55:28.0106 1200 IntcAzAudAddService (1c11e5d258bc374e7fbd598d75e49b75) C:\Windows\system32\drivers\RTKVHD64.sys 10:55:28.0122 1200 IntcAzAudAddService - ok 10:55:28.0231 1200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:55:28.0231 1200 intelide - ok 10:55:28.0247 1200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:55:28.0247 1200 intelppm - ok 10:55:28.0278 1200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:55:28.0278 1200 IPBusEnum - ok 10:55:28.0309 1200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:55:28.0309 1200 IpFilterDriver - ok 10:55:28.0356 1200 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:55:28.0371 1200 iphlpsvc - ok 10:55:28.0387 1200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:55:28.0387 1200 IPMIDRV - ok 10:55:28.0403 1200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:55:28.0403 1200 IPNAT - ok 10:55:28.0403 1200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:55:28.0403 1200 IRENUM - ok 10:55:28.0418 1200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:55:28.0418 1200 isapnp - ok 10:55:28.0449 1200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:55:28.0449 1200 iScsiPrt - ok 10:55:28.0481 1200 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys 10:55:28.0481 1200 itecir - ok 10:55:28.0496 1200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 10:55:28.0496 1200 kbdclass - ok 10:55:28.0527 1200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 10:55:28.0527 1200 kbdhid - ok 10:55:28.0559 1200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:55:28.0559 1200 KeyIso - ok 10:55:28.0574 1200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:55:28.0574 1200 KSecDD - ok 10:55:28.0590 1200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:55:28.0590 1200 KSecPkg - ok 10:55:28.0605 1200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:55:28.0605 1200 ksthunk - ok 10:55:28.0637 1200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:55:28.0637 1200 KtmRm - ok 10:55:28.0699 1200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 10:55:28.0699 1200 LanmanServer - ok 10:55:28.0746 1200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:55:28.0761 1200 LanmanWorkstation - ok 10:55:28.0808 1200 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 10:55:28.0808 1200 LightScribeService - ok 10:55:28.0839 1200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:55:28.0839 1200 lltdio - ok 10:55:28.0886 1200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:55:28.0902 1200 lltdsvc - ok 10:55:28.0917 1200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:55:28.0917 1200 lmhosts - ok 10:55:28.0949 1200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:55:28.0949 1200 LSI_FC - ok 10:55:28.0964 1200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:55:28.0964 1200 LSI_SAS - ok 10:55:28.0980 1200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:55:28.0980 1200 LSI_SAS2 - ok 10:55:29.0011 1200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:55:29.0011 1200 LSI_SCSI - ok 10:55:29.0011 1200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:55:29.0027 1200 luafv - ok 10:55:29.0058 1200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:55:29.0058 1200 Mcx2Svc - ok 10:55:29.0073 1200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:55:29.0073 1200 megasas - ok 10:55:29.0089 1200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:55:29.0089 1200 MegaSR - ok 10:55:29.0105 1200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:55:29.0105 1200 MMCSS - ok 10:55:29.0120 1200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:55:29.0120 1200 Modem - ok 10:55:29.0136 1200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:55:29.0136 1200 monitor - ok 10:55:29.0151 1200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 10:55:29.0151 1200 mouclass - ok 10:55:29.0167 1200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:55:29.0167 1200 mouhid - ok 10:55:29.0198 1200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:55:29.0198 1200 mountmgr - ok 10:55:29.0276 1200 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 10:55:29.0276 1200 MpFilter - ok 10:55:29.0307 1200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:55:29.0307 1200 mpio - ok 10:55:29.0323 1200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:55:29.0323 1200 mpsdrv - ok 10:55:29.0432 1200 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:55:29.0448 1200 MpsSvc - ok 10:55:29.0479 1200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:55:29.0479 1200 MRxDAV - ok 10:55:29.0510 1200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:55:29.0510 1200 mrxsmb - ok 10:55:29.0557 1200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:55:29.0557 1200 mrxsmb10 - ok 10:55:29.0573 1200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:55:29.0573 1200 mrxsmb20 - ok 10:55:29.0604 1200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:55:29.0604 1200 msahci - ok 10:55:29.0604 1200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:55:29.0604 1200 msdsm - ok 10:55:29.0619 1200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:55:29.0635 1200 MSDTC - ok 10:55:29.0651 1200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:55:29.0651 1200 Msfs - ok 10:55:29.0666 1200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:55:29.0666 1200 mshidkmdf - ok 10:55:29.0682 1200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:55:29.0682 1200 msisadrv - ok 10:55:29.0697 1200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:55:29.0697 1200 MSiSCSI - ok 10:55:29.0713 1200 msiserver - ok 10:55:29.0729 1200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:55:29.0729 1200 MSKSSRV - ok 10:55:29.0775 1200 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 10:55:29.0775 1200 MsMpSvc - ok 10:55:29.0807 1200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:55:29.0807 1200 MSPCLOCK - ok 10:55:29.0807 1200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:55:29.0807 1200 MSPQM - ok 10:55:29.0869 1200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:55:29.0869 1200 MsRPC - ok 10:55:29.0885 1200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:55:29.0885 1200 mssmbios - ok 10:55:29.0900 1200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:55:29.0900 1200 MSTEE - ok 10:55:29.0900 1200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:55:29.0900 1200 MTConfig - ok 10:55:29.0931 1200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:55:29.0931 1200 Mup - ok 10:55:29.0994 1200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:55:29.0994 1200 napagent - ok 10:55:30.0041 1200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:55:30.0041 1200 NativeWifiP - ok 10:55:30.0087 1200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:55:30.0087 1200 NDIS - ok 10:55:30.0119 1200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:55:30.0119 1200 NdisCap - ok 10:55:30.0134 1200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:55:30.0134 1200 NdisTapi - ok 10:55:30.0165 1200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:55:30.0165 1200 Ndisuio - ok 10:55:30.0212 1200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:55:30.0212 1200 NdisWan - ok 10:55:30.0259 1200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:55:30.0259 1200 NDProxy - ok 10:55:30.0259 1200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:55:30.0259 1200 NetBIOS - ok 10:55:30.0306 1200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:55:30.0306 1200 NetBT - ok 10:55:30.0337 1200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:55:30.0337 1200 Netlogon - ok 10:55:30.0384 1200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:55:30.0384 1200 Netman - ok 10:55:30.0493 1200 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:30.0493 1200 NetMsmqActivator - ok 10:55:30.0509 1200 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:30.0509 1200 NetPipeActivator - ok 10:55:30.0540 1200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:55:30.0540 1200 netprofm - ok 10:55:30.0633 1200 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys 10:55:30.0649 1200 netr28x - ok 10:55:30.0696 1200 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:30.0711 1200 NetTcpActivator - ok 10:55:30.0711 1200 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:30.0711 1200 NetTcpPortSharing - ok 10:55:30.0758 1200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:55:30.0758 1200 nfrd960 - ok 10:55:30.0789 1200 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 10:55:30.0805 1200 NisDrv - ok 10:55:30.0836 1200 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 10:55:30.0836 1200 NisSrv - ok 10:55:30.0867 1200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:55:30.0867 1200 NlaSvc - ok 10:55:30.0883 1200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:55:30.0883 1200 Npfs - ok 10:55:30.0899 1200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:55:30.0899 1200 nsi - ok 10:55:30.0899 1200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:55:30.0899 1200 nsiproxy - ok 10:55:31.0055 1200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:55:31.0070 1200 Ntfs - ok 10:55:31.0133 1200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:55:31.0133 1200 Null - ok 10:55:31.0148 1200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:55:31.0148 1200 nvraid - ok 10:55:31.0164 1200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:55:31.0164 1200 nvstor - ok 10:55:31.0195 1200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:55:31.0195 1200 nv_agp - ok 10:55:31.0211 1200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:55:31.0211 1200 ohci1394 - ok 10:55:31.0273 1200 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:55:31.0273 1200 ose - ok 10:55:31.0632 1200 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:55:31.0663 1200 osppsvc - ok 10:55:31.0725 1200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:55:31.0725 1200 p2pimsvc - ok 10:55:31.0757 1200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:55:31.0772 1200 p2psvc - ok 10:55:31.0788 1200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:55:31.0788 1200 Parport - ok 10:55:31.0819 1200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 10:55:31.0819 1200 partmgr - ok 10:55:31.0850 1200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:55:31.0850 1200 PcaSvc - ok 10:55:31.0897 1200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:55:31.0897 1200 pci - ok 10:55:31.0913 1200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:55:31.0913 1200 pciide - ok 10:55:31.0944 1200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:55:31.0944 1200 pcmcia - ok 10:55:31.0959 1200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:55:31.0959 1200 pcw - ok 10:55:31.0975 1200 pdfcDispatcher - ok 10:55:32.0006 1200 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe 10:55:32.0006 1200 PdiService - ok 10:55:32.0053 1200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:55:32.0069 1200 PEAUTH - ok 10:55:32.0115 1200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:55:32.0115 1200 PerfHost - ok 10:55:32.0225 1200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:55:32.0225 1200 pla - ok 10:55:32.0287 1200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:55:32.0303 1200 PlugPlay - ok 10:55:32.0318 1200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:55:32.0318 1200 PNRPAutoReg - ok 10:55:32.0349 1200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:55:32.0349 1200 PNRPsvc - ok 10:55:32.0396 1200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:55:32.0396 1200 PolicyAgent - ok 10:55:32.0443 1200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:55:32.0443 1200 Power - ok 10:55:32.0490 1200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:55:32.0490 1200 PptpMiniport - ok 10:55:32.0505 1200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:55:32.0505 1200 Processor - ok 10:55:32.0552 1200 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 10:55:32.0552 1200 ProfSvc - ok 10:55:32.0583 1200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:55:32.0583 1200 ProtectedStorage - ok 10:55:32.0615 1200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:55:32.0615 1200 Psched - ok 10:55:32.0661 1200 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 10:55:32.0661 1200 PSI_SVC_2 - ok 10:55:32.0802 1200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:55:32.0817 1200 ql2300 - ok 10:55:32.0895 1200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:55:32.0895 1200 ql40xx - ok 10:55:32.0927 1200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:55:32.0927 1200 QWAVE - ok 10:55:32.0942 1200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:55:32.0942 1200 QWAVEdrv - ok 10:55:32.0942 1200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:55:32.0942 1200 RasAcd - ok 10:55:32.0958 1200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:55:32.0958 1200 RasAgileVpn - ok 10:55:32.0973 1200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:55:32.0973 1200 RasAuto - ok 10:55:33.0005 1200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:55:33.0005 1200 Rasl2tp - ok 10:55:33.0067 1200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:55:33.0067 1200 RasMan - ok 10:55:33.0098 1200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:55:33.0098 1200 RasPppoe - ok 10:55:33.0114 1200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:55:33.0114 1200 RasSstp - ok 10:55:33.0145 1200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:55:33.0145 1200 rdbss - ok 10:55:33.0176 1200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:55:33.0176 1200 rdpbus - ok 10:55:33.0192 1200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:55:33.0192 1200 RDPCDD - ok 10:55:33.0207 1200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:55:33.0207 1200 RDPENCDD - ok 10:55:33.0223 1200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:55:33.0223 1200 RDPREFMP - ok 10:55:33.0270 1200 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 10:55:33.0270 1200 RDPWD - ok 10:55:33.0317 1200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:55:33.0317 1200 rdyboost - ok 10:55:33.0332 1200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:55:33.0332 1200 RemoteAccess - ok 10:55:33.0348 1200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:55:33.0348 1200 RemoteRegistry - ok 10:55:33.0363 1200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:55:33.0363 1200 RpcEptMapper - ok 10:55:33.0379 1200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:55:33.0379 1200 RpcLocator - ok 10:55:33.0426 1200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:55:33.0441 1200 RpcSs - ok 10:55:33.0441 1200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:55:33.0441 1200 rspndr - ok 10:55:33.0504 1200 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:55:33.0504 1200 RTL8167 - ok 10:55:33.0519 1200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:55:33.0519 1200 SamSs - ok 10:55:33.0551 1200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:55:33.0551 1200 sbp2port - ok 10:55:33.0566 1200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:55:33.0566 1200 SCardSvr - ok 10:55:33.0597 1200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:55:33.0597 1200 scfilter - ok 10:55:33.0707 1200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:55:33.0722 1200 Schedule - ok 10:55:33.0769 1200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:55:33.0769 1200 SCPolicySvc - ok 10:55:33.0800 1200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:55:33.0816 1200 SDRSVC - ok 10:55:33.0816 1200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:55:33.0816 1200 secdrv - ok 10:55:33.0847 1200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:55:33.0847 1200 seclogon - ok 10:55:33.0863 1200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 10:55:33.0863 1200 SENS - ok 10:55:33.0878 1200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:55:33.0878 1200 SensrSvc - ok 10:55:33.0909 1200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:55:33.0909 1200 Serenum - ok 10:55:33.0925 1200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:55:33.0925 1200 Serial - ok 10:55:33.0941 1200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:55:33.0941 1200 sermouse - ok 10:55:33.0987 1200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:55:33.0987 1200 SessionEnv - ok 10:55:34.0019 1200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:55:34.0019 1200 sffdisk - ok 10:55:34.0019 1200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:55:34.0019 1200 sffp_mmc - ok 10:55:34.0034 1200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:55:34.0034 1200 sffp_sd - ok 10:55:34.0050 1200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:55:34.0050 1200 sfloppy - ok 10:55:34.0128 1200 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 10:55:34.0143 1200 Sftfs - ok 10:55:34.0237 1200 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 10:55:34.0237 1200 sftlist - ok 10:55:34.0487 1200 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 10:55:34.0502 1200 Sftplay - ok 10:55:34.0533 1200 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 10:55:34.0533 1200 Sftredir - ok 10:55:34.0549 1200 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 10:55:34.0549 1200 Sftvol - ok 10:55:34.0565 1200 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 10:55:34.0565 1200 sftvsa - ok 10:55:34.0596 1200 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:55:34.0611 1200 SharedAccess - ok 10:55:34.0658 1200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:55:34.0674 1200 ShellHWDetection - ok 10:55:34.0721 1200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:55:34.0721 1200 SiSRaid2 - ok 10:55:34.0736 1200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:55:34.0736 1200 SiSRaid4 - ok 10:55:34.0799 1200 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 10:55:34.0799 1200 SkypeUpdate - ok 10:55:34.0830 1200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:55:34.0830 1200 Smb - ok 10:55:34.0861 1200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:55:34.0861 1200 SNMPTRAP - ok 10:55:34.0877 1200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:55:34.0877 1200 spldr - ok 10:55:34.0923 1200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:55:34.0923 1200 Spooler - ok 10:55:35.0111 1200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:55:35.0126 1200 sppsvc - ok 10:55:35.0204 1200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:55:35.0204 1200 sppuinotify - ok 10:55:35.0282 1200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:55:35.0298 1200 srv - ok 10:55:35.0329 1200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:55:35.0329 1200 srv2 - ok 10:55:35.0345 1200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:55:35.0360 1200 srvnet - ok 10:55:35.0391 1200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:55:35.0407 1200 SSDPSRV - ok 10:55:35.0423 1200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:55:35.0423 1200 SstpSvc - ok 10:55:35.0438 1200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:55:35.0438 1200 stexstor - ok 10:55:35.0501 1200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:55:35.0501 1200 stisvc - ok 10:55:35.0532 1200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:55:35.0532 1200 swenum - ok 10:55:35.0579 1200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:55:35.0594 1200 swprv - ok 10:55:35.0719 1200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:55:35.0735 1200 SysMain - ok 10:55:35.0813 1200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:55:35.0813 1200 TabletInputService - ok 10:55:35.0875 1200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:55:35.0891 1200 TapiSrv - ok 10:55:35.0906 1200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:55:35.0906 1200 TBS - ok 10:55:36.0047 1200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 10:55:36.0047 1200 Tcpip - ok 10:55:36.0187 1200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 10:55:36.0187 1200 TCPIP6 - ok 10:55:36.0265 1200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:55:36.0265 1200 tcpipreg - ok 10:55:36.0281 1200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:55:36.0281 1200 TDPIPE - ok 10:55:36.0312 1200 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:55:36.0312 1200 TDTCP - ok 10:55:36.0343 1200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:55:36.0343 1200 tdx - ok 10:55:36.0359 1200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:55:36.0359 1200 TermDD - ok 10:55:36.0405 1200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:55:36.0405 1200 TermService - ok 10:55:36.0421 1200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:55:36.0421 1200 Themes - ok 10:55:36.0437 1200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:55:36.0437 1200 THREADORDER - ok 10:55:36.0468 1200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:55:36.0468 1200 TrkWks - ok 10:55:36.0515 1200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:55:36.0515 1200 TrustedInstaller - ok 10:55:36.0561 1200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:55:36.0577 1200 tssecsrv - ok 10:55:36.0608 1200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:55:36.0608 1200 TsUsbFlt - ok 10:55:36.0655 1200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:55:36.0655 1200 tunnel - ok 10:55:36.0671 1200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:55:36.0671 1200 uagp35 - ok 10:55:36.0717 1200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:55:36.0717 1200 udfs - ok 10:55:36.0764 1200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:55:36.0764 1200 UI0Detect - ok 10:55:36.0780 1200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:55:36.0795 1200 uliagpkx - ok 10:55:36.0842 1200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 10:55:36.0842 1200 umbus - ok 10:55:36.0858 1200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:55:36.0858 1200 UmPass - ok 10:55:36.0905 1200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:55:36.0905 1200 upnphost - ok 10:55:36.0920 1200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:55:36.0920 1200 usbccgp - ok 10:55:36.0967 1200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:55:36.0983 1200 usbcir - ok 10:55:36.0998 1200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:55:36.0998 1200 usbehci - ok 10:55:37.0029 1200 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 10:55:37.0029 1200 usbfilter - ok 10:55:37.0061 1200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:55:37.0061 1200 usbhub - ok 10:55:37.0076 1200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 10:55:37.0092 1200 usbohci - ok 10:55:37.0107 1200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:55:37.0107 1200 usbprint - ok 10:55:37.0154 1200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 10:55:37.0154 1200 usbscan - ok 10:55:37.0185 1200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 10:55:37.0185 1200 USBSTOR - ok 10:55:37.0201 1200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:55:37.0201 1200 usbuhci - ok 10:55:37.0217 1200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 10:55:37.0217 1200 usbvideo - ok 10:55:37.0232 1200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:55:37.0232 1200 UxSms - ok 10:55:37.0263 1200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:55:37.0263 1200 VaultSvc - ok 10:55:37.0279 1200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:55:37.0279 1200 vdrvroot - ok 10:55:37.0326 1200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:55:37.0326 1200 vds - ok 10:55:37.0341 1200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:55:37.0341 1200 vga - ok 10:55:37.0341 1200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:55:37.0341 1200 VgaSave - ok 10:55:37.0373 1200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:55:37.0373 1200 vhdmp - ok 10:55:37.0388 1200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:55:37.0404 1200 viaide - ok 10:55:37.0419 1200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:55:37.0419 1200 volmgr - ok 10:55:37.0466 1200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:55:37.0466 1200 volmgrx - ok 10:55:37.0497 1200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:55:37.0497 1200 volsnap - ok 10:55:37.0529 1200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:55:37.0529 1200 vsmraid - ok 10:55:37.0685 1200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:55:37.0700 1200 VSS - ok 10:55:37.0794 1200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:55:37.0809 1200 vwifibus - ok 10:55:37.0825 1200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:55:37.0825 1200 vwififlt - ok 10:55:37.0856 1200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:55:37.0856 1200 W32Time - ok 10:55:37.0887 1200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:55:37.0887 1200 WacomPen - ok 10:55:37.0903 1200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:55:37.0903 1200 WANARP - ok 10:55:37.0919 1200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:55:37.0919 1200 Wanarpv6 - ok 10:55:38.0043 1200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:55:38.0059 1200 WatAdminSvc - ok 10:55:38.0153 1200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:55:38.0168 1200 wbengine - ok 10:55:38.0215 1200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:55:38.0215 1200 WbioSrvc - ok 10:55:38.0277 1200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:55:38.0277 1200 wcncsvc - ok 10:55:38.0293 1200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:55:38.0293 1200 WcsPlugInService - ok 10:55:38.0309 1200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:55:38.0309 1200 Wd - ok 10:55:38.0355 1200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:55:38.0355 1200 Wdf01000 - ok 10:55:38.0371 1200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:55:38.0371 1200 WdiServiceHost - ok 10:55:38.0387 1200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:55:38.0387 1200 WdiSystemHost - ok 10:55:38.0418 1200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:55:38.0433 1200 WebClient - ok 10:55:38.0449 1200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:55:38.0449 1200 Wecsvc - ok 10:55:38.0465 1200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:55:38.0465 1200 wercplsupport - ok 10:55:38.0480 1200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:55:38.0480 1200 WerSvc - ok 10:55:38.0496 1200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:55:38.0496 1200 WfpLwf - ok 10:55:38.0511 1200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:55:38.0511 1200 WIMMount - ok 10:55:38.0527 1200 WinDefend - ok 10:55:38.0543 1200 WinHttpAutoProxySvc - ok 10:55:38.0605 1200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:55:38.0605 1200 Winmgmt - ok 10:55:38.0761 1200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:55:38.0777 1200 WinRM - ok 10:55:38.0823 1200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 10:55:38.0823 1200 WinUsb - ok 10:55:38.0886 1200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:55:38.0886 1200 Wlansvc - ok 10:55:38.0948 1200 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 10:55:38.0948 1200 wlcrasvc - ok 10:55:39.0167 1200 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:55:39.0167 1200 wlidsvc - ok 10:55:39.0245 1200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:55:39.0245 1200 WmiAcpi - ok 10:55:39.0276 1200 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:55:39.0276 1200 wmiApSrv - ok 10:55:39.0307 1200 WMPNetworkSvc - ok 10:55:39.0307 1200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:55:39.0323 1200 WPCSvc - ok 10:55:39.0338 1200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:55:39.0338 1200 WPDBusEnum - ok 10:55:39.0354 1200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:55:39.0354 1200 ws2ifsl - ok 10:55:39.0385 1200 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 10:55:39.0385 1200 wscsvc - ok 10:55:39.0385 1200 WSearch - ok 10:55:39.0557 1200 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 10:55:39.0572 1200 wuauserv - ok 10:55:39.0635 1200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:55:39.0635 1200 WudfPf - ok 10:55:39.0650 1200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:55:39.0666 1200 WUDFRd - ok 10:55:39.0681 1200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:55:39.0697 1200 wudfsvc - ok 10:55:39.0697 1200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:55:39.0713 1200 WwanSvc - ok 10:55:39.0744 1200 MBR (0x1B8) (e62d1f7a164f13bb434daf9173afb16b) \Device\Harddisk0\DR0 10:55:40.0025 1200 \Device\Harddisk0\DR0 - ok 10:55:40.0040 1200 Boot (0x1200) (1a6501080d7111e2df229062b3312adf) \Device\Harddisk0\DR0\Partition0 10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition0 - ok 10:55:40.0040 1200 Boot (0x1200) (7e17c48520d17e5ad06e0499b297a32a) \Device\Harddisk0\DR0\Partition1 10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition1 - ok 10:55:40.0071 1200 Boot (0x1200) (b5f145794c9b417a00d6cd0a4de1c5c2) \Device\Harddisk0\DR0\Partition2 10:55:40.0071 1200 \Device\Harddisk0\DR0\Partition2 - ok 10:55:40.0071 1200 ============================================================ 10:55:40.0071 1200 Scan finished 10:55:40.0071 1200 ============================================================ 10:55:40.0087 4844 Detected object count: 0 10:55:40.0087 4844 Actual detected object count: 0 ASWMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-27 10:49:48 ----------------------------- 10:49:48.924 OS Version: Windows x64 6.1.7601 Service Pack 1 10:49:48.924 Number of processors: 2 586 0x603 10:49:48.924 ComputerName: JUNE-HP UserName: June 10:49:50.577 Initialize success 10:51:39.263 AVAST engine defs: 12062700 10:52:11.898 The log file has been saved successfully to "C:\Users\June\Documents\aswMBR.txt"
  6. ComboFix 12-06-26.02 - June 06/26/2012 23:28:51.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2479 [GMT -4:00] Running from: c:\users\June\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DictionaryBossEI c:\program files (x86)\FunWebProducts c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL c:\program files (x86)\Mighty Magoo c:\program files (x86)\Mighty Magoo\ars.cfg c:\program files (x86)\Mighty Magoo\icon.ico c:\program files (x86)\Mighty Magoo\mmagootl.dll c:\program files (x86)\Shop to Win c:\program files (x86)\Shop to Win\InstallNotifier.exe c:\program files (x86)\Shop to Win\ShopToWin.exe c:\program files (x86)\Shop to Win\unins000.exe c:\programdata\308007g1s132n444o284o2iin6y7 c:\users\June\AppData\Roaming\Anti-Malware Lab c:\users\June\AppData\Roaming\Anti-Malware Lab\Instructions.ini c:\users\June\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Anti-Malware Lab.lnk c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.drv c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\eb.exe c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.exe c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.drv c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.exe c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\gid.sys c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\pal.exe c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.sys c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SM.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Anti-Malware Lab.lnk c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anti-Malware Lab.lnk c:\users\June\AppData\Roaming\PriceGong c:\users\June\AppData\Roaming\PriceGong\Data\1.xml c:\users\June\AppData\Roaming\PriceGong\Data\a.xml c:\users\June\AppData\Roaming\PriceGong\Data\b.xml c:\users\June\AppData\Roaming\PriceGong\Data\c.xml c:\users\June\AppData\Roaming\PriceGong\Data\d.xml c:\users\June\AppData\Roaming\PriceGong\Data\e.xml c:\users\June\AppData\Roaming\PriceGong\Data\f.xml c:\users\June\AppData\Roaming\PriceGong\Data\g.xml c:\users\June\AppData\Roaming\PriceGong\Data\h.xml c:\users\June\AppData\Roaming\PriceGong\Data\i.xml c:\users\June\AppData\Roaming\PriceGong\Data\j.xml c:\users\June\AppData\Roaming\PriceGong\Data\k.xml c:\users\June\AppData\Roaming\PriceGong\Data\l.xml c:\users\June\AppData\Roaming\PriceGong\Data\m.xml c:\users\June\AppData\Roaming\PriceGong\Data\mru.xml c:\users\June\AppData\Roaming\PriceGong\Data\n.xml c:\users\June\AppData\Roaming\PriceGong\Data\o.xml c:\users\June\AppData\Roaming\PriceGong\Data\p.xml c:\users\June\AppData\Roaming\PriceGong\Data\q.xml c:\users\June\AppData\Roaming\PriceGong\Data\r.xml c:\users\June\AppData\Roaming\PriceGong\Data\s.xml c:\users\June\AppData\Roaming\PriceGong\Data\t.xml c:\users\June\AppData\Roaming\PriceGong\Data\u.xml c:\users\June\AppData\Roaming\PriceGong\Data\v.xml c:\users\June\AppData\Roaming\PriceGong\Data\w.xml c:\users\June\AppData\Roaming\PriceGong\Data\x.xml c:\users\June\AppData\Roaming\PriceGong\Data\y.xml c:\users\June\AppData\Roaming\PriceGong\Data\z.xml c:\users\June\Desktop\Anti-Malware Lab.lnk c:\users\June\Documents\ShopToWin c:\windows\svchost.exe c:\windows\SysWow64\drivers\npf.sys c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\WanPacket.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-26 13:42 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll 2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware 2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 02:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe 2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp 2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat 2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer 2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer 2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod 2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes 2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple 2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple 2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour 2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour 2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple 2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll 2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat 2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat 2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec 2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe 2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery 2012-06-06 14:58 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\SuperFish 2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs 2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files 2012-06-06 14:52 . 2012-06-06 14:52 -------- d-----w- c:\program files (x86)\Funmoods 2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js 2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon 2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon 2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games 2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab 2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent 2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games 2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe 2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime 2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer 2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Common Files\Kodak 2012-05-30 01:06 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Kodak 2012-05-28 19:26 . 2012-05-28 19:26 -------- d-----w- c:\program files (x86)\IrfanView 2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\PriceGong 2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Shop to Win 29 2012-05-28 19:25 . 2012-05-28 19:25 -------- d-----w- c:\program files (x86)\OApps . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880] . [HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}] 2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}] 2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Recipe Hub Search Scope Monitor"="c:\progra~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" [2011-10-31 38440] "RecipeHub_2j Browser Plugin Loader"="c:\progra~2\RECIPE~2\bar\1.bin\2jbrmon.exe" [2011-10-31 30096] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264] S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168] S2 RecipeHub_2jService;Recipe HubService;c:\progra~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21] . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.insightbb.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SuperFish\Superfish.dll TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{8413196d-e290-4418-b5c6-a3b1379a909c} - (no file) Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-{06BA1354-9686-4136-B2F2-99CE8B1C2F18}_is1 - c:\program files (x86)\Shop To Win\unins000.exe AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-06-26 23:42:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 03:42 . Pre-Run: 915,164,041,216 bytes free Post-Run: 915,949,461,504 bytes free . - - End Of File - - C33CBBEA5B99F7799549C321AE1A665A I did not have any problems at all.. & the computer is doing GREAT!!
  7. Nevermind I just seen the last note.. I am sorry..
  8. After I ran the program.. My computer booted back up.. And now I cannot get on my internet.. It deleted it.. I can't even get on my anti virus program.. What happened!?!? I am using my phone to reply back.. How do I get my internet to open back up?? That program deleted it.. It says "illegal operation attempted on a registry key that has been marked for deletion." But I do believe the spyware is gone.. How do I get my internet back!?
  9. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by June at 10:17:38 on 2012-06-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2303 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Shop To Win\ShopToWin.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\splwow64.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.insightbb.com/ uURLSearchHooks: H - No File uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll uURLSearchHooks: FCToolbarURLSearchHook Class: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Shop to Win: {5abd6c72-ffd7-b634-a92b-d77d5960e009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll BHO: Superfish: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SuperFish\Superfish.dll BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: VideoFileDownload: {9194649f-7143-4308-90c1-d6a35b0e354e} - C:\Program Files (x86)\OApps\bho_project.dll BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe uRun: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h mRun: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SuperFish\Superfish.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{817F7676-B2EF-46C7-8D49-265CE9F30C90} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8C972CA1-E083-4FFB-8137-3846DBC9E974} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll BHO-X64: PriceGong - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Shop to Win: {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll BHO-X64: FCTBPos00Pos - No File BHO-X64: Superfish: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SuperFish\Superfish.dll BHO-X64: Superfish - No File BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll BHO-X64: Funmoods Helper Object - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll BHO-X64: BHO_PROJECT - No File BHO-X64: Mighty Magoo Text: {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll BHO-X64: Mighty Magoo Text - No File BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h mRun-x64: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-5 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-7-14 22072] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-10-5 109168] R2 RecipeHub_2jService;Recipe HubService;C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-26 13:42:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll 2012-06-25 07:22:57 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-06-25 04:16:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 02:59:35 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-25 02:52:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-25 02:52:25 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-25 02:51:50 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-25 02:51:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-25 02:48:25 20480 ----a-w- C:\Windows\svchost.exe 2012-06-25 02:04:06 20480 ----a-w- C:\Windows\svchost(184).exe 2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4F00.tmp 2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4E72.tmp.dat 2012-06-20 21:17:52 -------- d-----w- C:\Users\June\AppData\Local\Apple Computer 2012-06-20 21:16:43 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-20 21:16:43 -------- d-----w- C:\Program Files\iPod 2012-06-20 21:16:42 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-20 21:15:33 -------- d-----w- C:\Users\June\AppData\Local\Apple 2012-06-20 21:14:45 -------- d-----w- C:\Program Files\Bonjour 2012-06-20 21:14:45 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-06-14 00:06:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 14:34:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll 2012-06-10 13:34:39 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9EAD.tmp.dat 2012-06-09 13:21:08 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\E208.tmp.dat 2012-06-07 19:16:13 -------- d-----w- C:\ProgramData\Symantec 2012-06-07 17:16:21 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-06-07 01:36:52 -------- d-----w- C:\Users\June\AppData\Local\KodakGallery 2012-06-06 14:58:45 -------- d-----w- C:\Program Files (x86)\SuperFish 2012-06-06 14:56:54 -------- d-----w- C:\Remote Programs 2012-06-06 14:56:33 -------- d--h--w- C:\ProgramData\Common Files 2012-06-06 14:52:45 -------- d-----w- C:\Program Files (x86)\Funmoods 2012-06-06 14:51:15 -------- d-----w- C:\Users\June\AppData\Roaming\Babylon 2012-06-06 14:51:15 -------- d-----w- C:\ProgramData\Babylon 2012-06-06 14:03:36 -------- d-----w- C:\Users\June\AppData\Local\Microsoft Games 2012-06-06 13:26:22 -------- d-----w- C:\Users\June\AppData\Roaming\Gamelab 2012-06-06 13:08:05 -------- d-----w- C:\ProgramData\Wild Tangent 2012-06-06 12:41:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games 2012-06-01 00:19:58 63080 ----a-r- C:\Users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe 2012-06-01 00:19:56 -------- d-----w- C:\Users\June\AppData\Local\DIRECTV Player 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-30 01:08:26 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak 2012-05-30 01:06:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2012-05-30 01:06:49 -------- d-----w- C:\Program Files (x86)\Kodak 2012-05-28 19:26:38 -------- d-----w- C:\Program Files (x86)\IrfanView 2012-05-28 19:26:32 -------- d-----w- C:\Program Files (x86)\PriceGong 2012-05-28 19:26:00 -------- d-----w- C:\Program Files (x86)\Shop to Win 29 2012-05-28 19:25:57 -------- d-----w- C:\Program Files (x86)\Shop To Win 2012-05-28 19:25:40 -------- d-----w- C:\Program Files (x86)\OApps . ==================== Find3M ==================== . 2012-06-17 14:16:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-17 14:16:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-21 14:20:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-21 14:20:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 10:18:10.76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/3/2010 5:26:36 AM System Uptime: 6/26/2012 9:31:57 AM (1 hours ago) . Motherboard: Hewlett-Packard | | 2AAC Processor: AMD Athlon II X2 240e Processor | CPU 1 | 784/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 853.088 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.838 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Multimedia Video Controller Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000 Service: . ==== System Restore Points =================== . RP339: 6/13/2012 8:07:03 PM - Windows Update RP340: 6/16/2012 10:33:33 PM - Windows Update RP341: 6/20/2012 10:25:48 AM - Windows Update RP342: 6/20/2012 5:15:36 PM - Installed iTunes RP343: 6/21/2012 5:18:26 AM - Windows Update RP344: 6/23/2012 5:36:04 PM - Windows Update RP345: 6/24/2012 10:12:55 PM - Removed ITE Infrared Transceiver RP346: 6/24/2012 10:34:40 PM - Restore Operation RP347: 6/24/2012 10:50:54 PM - Windows Update RP348: 6/24/2012 10:58:18 PM - Windows Update . ==== Installed Programs ====================== . ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Airport Mania Ancient Hearts Azteca Bejeweled 2 Deluxe Bing Rewards Client Installer Bob the Builder Can-Do-Zoo Bounce Symphony Build-a-lot Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCScore Chuzzle Deluxe Corel Paint it! touch - IPM CyberLink DVD Suite Deluxe D3DX10 Diner Dash 2 Restaurant Rescue DIRECTV Player DirectX for Managed Code Update (Summer 2004) Dora's Carnival Adventure Dora's World Adventure DVD Menu Pack for HP TouchSmart Video EA Download Manager ESSCDBK ESScore ESSgui ESSini ESSPCD ESSSONIC ESSTOOLS essvatgt Facebook for HP TouchSmart FATE FrostWire 4.21.6 Funmoods on IE and Chrome Gem Shop Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hoyle Casino HP Advisor HP AppsCenter 1.00 HP Customer Experience Enhancements HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart/TouchSmart Netflix HP My Display TouchSmart Edition HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP TouchSmart HP TouchSmart Browser HP TouchSmart Calendar HP TouchSmart Canvas HP TouchSmart Clock HP TouchSmart Default Magnets HP TouchSmart DVD HP TouchSmart Live TV HP TouchSmart Music HP TouchSmart Notes HP TouchSmart Paint it! by Corel HP TouchSmart Paint it! by Corel - Content HP TouchSmart Paint it! by Corel - Core HP TouchSmart Paint it! by Corel - ICA HP TouchSmart Paint it! by Corel - Langauge HP TouchSmart Photo HP TouchSmart RecipeBox HP TouchSmart RSS HP TouchSmart Tutorials HP TouchSmart Twitter HP TouchSmart Video HP TouchSmart Weather HP TouchSmart Webcam HP Update HPAsset component for HP Active Support Library Hulu Desktop IrfanView (remove only) ITE Infrared Transceiver Java Auto Updater Java 6 Update 26 Jewel Quest Solitaire 2 Junk Mail filter update kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kodak EasyShare software KSU LabelPrint LightScribe System Software Mah Jong Medley Mesh Runtime Messenger Companion Microsoft Default Manager Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Home and Business 2010 - English Microsoft Office Home and Student 2010 - English Microsoft Office Outlook Connector Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Touch Pack for Windows 7 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.0 Microsoft XNA Framework Redistributable 3.1 Movie Theme Pack for HP TouchSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) netbrdg Notifier OfotoXMI PCDADDIN PCDHELP PDF Complete Special Edition Penguins! PhotoNow! PictureMover Plants vs. Zombies Polar Bowler Polar Golfer Poppit To Go Power2Go PowerDirector PressReader PriceGong 2.6.4 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recipe Hub Recovery Manager Roads of Rome Roxio CinemaNow 2.0 SDK Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SFR SHASTA Shop To Win SKIN0001 SKINXSDK Skip-Bo - Castaway Caper Skype Click to Call Skype™ 5.9 Slingo Deluxe staticcr swMSM The Sims™ 3 tooltips Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VideoFileDownload Virtual Villagers - The Secret City VPRINTOL Where's Waldo The Fantastic Journey WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WindowShopper WIRELESS Zinio Reader 4 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/26/2012 9:37:31 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 6/25/2012 12:11:36 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0 6/24/2012 11:53:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0 6/24/2012 11:25:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0 6/24/2012 10:47:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.66.0;1.129.66.0 Engine version: 1.1.8502.0 6/24/2012 10:36:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\062412-26145-01.dmp. Report Id: 062412-26145-01. 6/24/2012 10:08:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fc66ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\062412-23212-01.dmp. Report Id: 062412-23212-01. 6/24/2012 1:32:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffa80400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cd3915). A dump was saved in: C:\Windows\Minidump\062412-18283-01.dmp. Report Id: 062412-18283-01. 6/20/2012 4:47:23 PM, Error: Disk [11] - The driver detected a controller error on \...\DR6. . ==== End Of File ===========================
  10. Ok, Nevermind.. I chose to run it anyway.. Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 26 Java version out of Date! Adobe Reader X (10.1.3) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  11. Security check will not let me run it.. it says it could do harm and not letting me open it
  12. There are ads playing in the background of my computer,, Help!!! Please.. Idk where I should post this.