promethian

Read and completed, thank you so much! Aside from not having the nasty symptoms, by computer is running much faster now as well. If anyone is reading this thread, I certainly recommend using this help... and throw a few bucks their way for the service!

The Scan hung at 49% and I had to restart, but here is the log: C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\ireyln.dll.vir a variant of Win32/Medfos.AD trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\n.vir Win64/Sirefef.W trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000008.@.vir Win64/Agent.BA trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000000.@.vir Win64/Sirefef.AE trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000064.@.vir Win64/Sirefef.AE trojan C:\Users\Hot Blonde Babe\Desktop\SoftonicDownloader_for_itunes.exe a variant of Win32/SoftonicDownloader.A application

Thanks for all the help BTW... I have made a small donation to help you continue to do this fine work for luddites like me! No issues with these steps, or so far with the computer symptoms. for the CCcleaner, there were some menu items greyed out that I couldn't checkmark. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.17.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Scott :: SCOTT-PC [administrator] Protection: Enabled 17/06/2012 5:52:19 PM mbam-log-2012-06-17 (17-52-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235741 Time elapsed: 1 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:04:40 PM, on 17/06/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe Q:\140061.enu\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - Startup: Dropbox.lnk = Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.114.238.141/activex/AxisCamControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13947 bytes

No issues running the program, so far no symptoms of the virus/malware. Here is the log: ComboFix 12-06-16.02 - Scott 17/06/2012 15:35:15.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.5593 [GMT -7:00] Running from: c:\users\Scott\Downloads\ComboFix.exe Command switches used :: c:\users\Scott\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\autoHost64.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\autoHost64.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))) . . 2012-06-17 22:40 . 2012-06-17 22:40 -------- d-----w- c:\users\Hot Blonde Babe\AppData\Local\temp 2012-06-17 22:40 . 2012-06-17 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\programdata\HP Photo Creations 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\program files (x86)\HP Photo Creations 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\users\Scott\AppData\Roaming\HpUpdate 2012-06-16 22:47 . 2012-06-16 22:47 -------- d-----w- c:\programdata\HP Product Assistant 2012-06-16 22:28 . 2012-06-16 22:28 -------- d-----w- c:\windows\Hewlett-Packard 2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-16 17:17 . 2012-06-16 17:21 -------- d-----w- c:\programdata\PLAV 2012-06-16 17:17 . 2012-06-16 17:17 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS 2012-06-16 15:35 . 2012-06-16 15:35 -------- d-----w- c:\windows\system32\Macromed 2012-06-15 10:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll 2012-06-12 07:44 . 2012-06-12 07:44 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-12 07:44 . 2012-05-09 19:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-30 23:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-30 23:36 . 2012-05-30 23:36 -------- d-----w- c:\programdata\B7E8587100017DC3000BDF33B4EB2367 2012-05-30 23:36 . 2012-05-31 00:36 -------- d-----w- c:\users\Scott\AppData\Local\CMI 2012-05-30 13:19 . 2012-06-16 15:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-30 13:19 . 2012-06-16 15:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-22 01:48 . 2012-05-22 01:48 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 19:21 . 2010-07-06 15:57 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-30 11:35 . 2012-05-12 08:18 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-17_16.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-06-17 18:49 34428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-04-15 17:18 . 2012-06-17 18:49 15080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4185144697-2658366279-3439496175-1001_UserData.bin + 2009-07-14 04:46 . 2012-06-17 17:02 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-06-17 16:54 . 2012-06-17 16:54 3035 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-06-17 22:40 . 2012-06-17 22:40 3035 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-04-25 23:18 . 2012-06-17 18:46 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-06-17 16:55 . 2012-06-17 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-17 22:41 . 2012-06-17 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-17 22:41 . 2012-06-17 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-17 16:55 . 2012-06-17 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-04-15 23:37 . 2012-06-17 18:46 316062 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2012-06-16 23:06 628866 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-17 18:52 628866 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-17 18:52 110792 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-16 23:06 110792 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-06-17 22:40 311980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-17 16:54 311980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-22 08:57 . 2012-06-17 22:40 26882956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185144697-2658366279-3439496175-1001-8192.dat - 2011-01-22 08:57 . 2012-06-17 16:54 26882956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185144697-2658366279-3439496175-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-01 39408] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] . c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 15:35] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-06-17 15:46:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-17 22:46 ComboFix2.txt 2012-06-17 17:06 . Pre-Run: 794,524,135,424 bytes free Post-Run: 794,382,938,112 bytes free . - - End Of File - - 82582CBFA81B361663F0F193AD5BB3EB

OK... here are the logs. No reboot was needed for TDSSKiller and no suspicious files were found. aswMBR did find infected files but I did not select the "fix" button as it was not in the instructions, log included: 12:24:04.0356 5480 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 12:24:04.0746 5480 ============================================================ 12:24:04.0746 5480 Current date / time: 2012/06/17 12:24:04.0746 12:24:04.0746 5480 SystemInfo: 12:24:04.0746 5480 12:24:04.0746 5480 OS Version: 6.1.7601 ServicePack: 1.0 12:24:04.0746 5480 Product type: Workstation 12:24:04.0746 5480 ComputerName: SCOTT-PC 12:24:04.0746 5480 UserName: Scott 12:24:04.0746 5480 Windows directory: C:\Windows 12:24:04.0746 5480 System windows directory: C:\Windows 12:24:04.0746 5480 Running under WOW64 12:24:04.0746 5480 Processor architecture: Intel x64 12:24:04.0746 5480 Number of processors: 4 12:24:04.0746 5480 Page size: 0x1000 12:24:04.0746 5480 Boot type: Normal boot 12:24:04.0746 5480 ============================================================ 12:24:05.0026 5480 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:24:05.0089 5480 ============================================================ 12:24:05.0089 5480 \Device\Harddisk0\DR0: 12:24:05.0089 5480 MBR partitions: 12:24:05.0089 5480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000 12:24:05.0089 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x724D3800 12:24:05.0089 5480 ============================================================ 12:24:05.0104 5480 C: <-> \Device\Harddisk0\DR0\Partition1 12:24:05.0104 5480 ============================================================ 12:24:05.0104 5480 Initialize success 12:24:05.0104 5480 ============================================================ 12:24:09.0940 5140 ============================================================ 12:24:09.0940 5140 Scan started 12:24:09.0940 5140 Mode: Manual; 12:24:09.0940 5140 ============================================================ 12:24:10.0393 5140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:24:10.0408 5140 1394ohci - ok 12:24:10.0455 5140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:24:10.0455 5140 ACPI - ok 12:24:10.0486 5140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:24:10.0486 5140 AcpiPmi - ok 12:24:10.0564 5140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:24:10.0564 5140 AdobeARMservice - ok 12:24:10.0674 5140 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:24:10.0674 5140 AdobeFlashPlayerUpdateSvc - ok 12:24:10.0752 5140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 12:24:10.0752 5140 adp94xx - ok 12:24:10.0783 5140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 12:24:10.0798 5140 adpahci - ok 12:24:10.0814 5140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 12:24:10.0814 5140 adpu320 - ok 12:24:10.0830 5140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:24:10.0830 5140 AeLookupSvc - ok 12:24:10.0892 5140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:24:10.0892 5140 AFD - ok 12:24:10.0939 5140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:24:10.0939 5140 agp440 - ok 12:24:10.0986 5140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:24:10.0986 5140 ALG - ok 12:24:11.0001 5140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:24:11.0001 5140 aliide - ok 12:24:11.0032 5140 AMD External Events Utility (0fe0ec32ff5d33017405c465239c0441) C:\Windows\system32\atiesrxx.exe 12:24:11.0048 5140 AMD External Events Utility - ok 12:24:11.0048 5140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:24:11.0048 5140 amdide - ok 12:24:11.0079 5140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 12:24:11.0079 5140 AmdK8 - ok 12:24:11.0079 5140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 12:24:11.0079 5140 AmdPPM - ok 12:24:11.0142 5140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:24:11.0142 5140 amdsata - ok 12:24:11.0157 5140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 12:24:11.0157 5140 amdsbs - ok 12:24:11.0188 5140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:24:11.0188 5140 amdxata - ok 12:24:11.0251 5140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:24:11.0251 5140 AppID - ok 12:24:11.0282 5140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:24:11.0282 5140 AppIDSvc - ok 12:24:11.0313 5140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:24:11.0313 5140 Appinfo - ok 12:24:11.0438 5140 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:24:11.0438 5140 Apple Mobile Device - ok 12:24:11.0485 5140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 12:24:11.0485 5140 arc - ok 12:24:11.0516 5140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 12:24:11.0516 5140 arcsas - ok 12:24:11.0532 5140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:24:11.0532 5140 AsyncMac - ok 12:24:11.0563 5140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:24:11.0563 5140 atapi - ok 12:24:11.0594 5140 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys 12:24:11.0594 5140 AtiHdmiService - ok 12:24:11.0922 5140 atikmdag (dbfadf1a452484a3d0e069866e26cc43) C:\Windows\system32\DRIVERS\atikmdag.sys 12:24:11.0968 5140 atikmdag - ok 12:24:12.0093 5140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:24:12.0093 5140 AudioEndpointBuilder - ok 12:24:12.0093 5140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:24:12.0109 5140 AudioSrv - ok 12:24:12.0156 5140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:24:12.0156 5140 AxInstSV - ok 12:24:12.0187 5140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 12:24:12.0202 5140 b06bdrv - ok 12:24:12.0218 5140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:24:12.0234 5140 b57nd60a - ok 12:24:12.0249 5140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:24:12.0249 5140 BDESVC - ok 12:24:12.0280 5140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:24:12.0280 5140 Beep - ok 12:24:12.0343 5140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:24:12.0358 5140 BFE - ok 12:24:12.0405 5140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 12:24:12.0421 5140 BITS - ok 12:24:12.0452 5140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 12:24:12.0452 5140 blbdrive - ok 12:24:12.0530 5140 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 12:24:12.0546 5140 Bonjour Service - ok 12:24:12.0577 5140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:24:12.0592 5140 bowser - ok 12:24:12.0608 5140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:24:12.0608 5140 BrFiltLo - ok 12:24:12.0608 5140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:24:12.0624 5140 BrFiltUp - ok 12:24:12.0639 5140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 12:24:12.0639 5140 BridgeMP - ok 12:24:12.0670 5140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:24:12.0686 5140 Browser - ok 12:24:12.0702 5140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:24:12.0702 5140 Brserid - ok 12:24:12.0717 5140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:24:12.0717 5140 BrSerWdm - ok 12:24:12.0733 5140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:24:12.0733 5140 BrUsbMdm - ok 12:24:12.0748 5140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:24:12.0748 5140 BrUsbSer - ok 12:24:12.0748 5140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 12:24:12.0764 5140 BTHMODEM - ok 12:24:12.0780 5140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:24:12.0780 5140 bthserv - ok 12:24:12.0811 5140 catchme - ok 12:24:12.0842 5140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:24:12.0842 5140 cdfs - ok 12:24:12.0873 5140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 12:24:12.0873 5140 cdrom - ok 12:24:12.0904 5140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:24:12.0920 5140 CertPropSvc - ok 12:24:12.0920 5140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 12:24:12.0920 5140 circlass - ok 12:24:12.0967 5140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:24:12.0967 5140 CLFS - ok 12:24:13.0014 5140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:24:13.0014 5140 clr_optimization_v2.0.50727_32 - ok 12:24:13.0029 5140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:24:13.0029 5140 clr_optimization_v2.0.50727_64 - ok 12:24:13.0076 5140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:24:13.0076 5140 clr_optimization_v4.0.30319_32 - ok 12:24:13.0123 5140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:24:13.0123 5140 clr_optimization_v4.0.30319_64 - ok 12:24:13.0138 5140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 12:24:13.0138 5140 CmBatt - ok 12:24:13.0170 5140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:24:13.0170 5140 cmdide - ok 12:24:13.0232 5140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:24:13.0248 5140 CNG - ok 12:24:13.0248 5140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 12:24:13.0248 5140 Compbatt - ok 12:24:13.0294 5140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:24:13.0294 5140 CompositeBus - ok 12:24:13.0310 5140 COMSysApp - ok 12:24:13.0326 5140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 12:24:13.0326 5140 crcdisk - ok 12:24:13.0372 5140 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 12:24:13.0372 5140 CryptSvc - ok 12:24:13.0497 5140 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 12:24:13.0497 5140 cvhsvc - ok 12:24:13.0560 5140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:24:13.0575 5140 DcomLaunch - ok 12:24:13.0591 5140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:24:13.0606 5140 defragsvc - ok 12:24:13.0638 5140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:24:13.0638 5140 DfsC - ok 12:24:13.0669 5140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:24:13.0669 5140 Dhcp - ok 12:24:13.0684 5140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:24:13.0684 5140 discache - ok 12:24:13.0716 5140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 12:24:13.0716 5140 Disk - ok 12:24:13.0747 5140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:24:13.0762 5140 Dnscache - ok 12:24:13.0809 5140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:24:13.0809 5140 dot3svc - ok 12:24:13.0856 5140 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 12:24:13.0856 5140 Dot4 - ok 12:24:13.0903 5140 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys 12:24:13.0903 5140 Dot4Print - ok 12:24:13.0918 5140 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 12:24:13.0918 5140 dot4usb - ok 12:24:13.0950 5140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:24:13.0950 5140 DPS - ok 12:24:13.0965 5140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:24:13.0981 5140 drmkaud - ok 12:24:14.0043 5140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:24:14.0043 5140 DXGKrnl - ok 12:24:14.0090 5140 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys 12:24:14.0090 5140 e1kexpress - ok 12:24:14.0121 5140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:24:14.0121 5140 EapHost - ok 12:24:14.0277 5140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 12:24:14.0293 5140 ebdrv - ok 12:24:14.0386 5140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:24:14.0386 5140 EFS - ok 12:24:14.0464 5140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:24:14.0464 5140 ehRecvr - ok 12:24:14.0480 5140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:24:14.0496 5140 ehSched - ok 12:24:14.0527 5140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 12:24:14.0542 5140 elxstor - ok 12:24:14.0574 5140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:24:14.0574 5140 ErrDev - ok 12:24:14.0605 5140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:24:14.0620 5140 EventSystem - ok 12:24:14.0652 5140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:24:14.0667 5140 exfat - ok 12:24:14.0683 5140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:24:14.0698 5140 fastfat - ok 12:24:14.0761 5140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:24:14.0761 5140 Fax - ok 12:24:14.0792 5140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 12:24:14.0792 5140 fdc - ok 12:24:14.0808 5140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:24:14.0808 5140 fdPHost - ok 12:24:14.0823 5140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:24:14.0823 5140 FDResPub - ok 12:24:14.0839 5140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:24:14.0839 5140 FileInfo - ok 12:24:14.0854 5140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:24:14.0854 5140 Filetrace - ok 12:24:14.0870 5140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 12:24:14.0870 5140 flpydisk - ok 12:24:14.0901 5140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:24:14.0917 5140 FltMgr - ok 12:24:14.0979 5140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:24:14.0995 5140 FontCache - ok 12:24:15.0057 5140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:24:15.0057 5140 FontCache3.0.0.0 - ok 12:24:15.0088 5140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:24:15.0088 5140 FsDepends - ok 12:24:15.0120 5140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:24:15.0120 5140 Fs_Rec - ok 12:24:15.0166 5140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:24:15.0166 5140 fvevol - ok 12:24:15.0198 5140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:24:15.0198 5140 gagp30kx - ok 12:24:15.0291 5140 GameConsoleService (81c1eb203dd3f0c111fe2086bada2d67) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe 12:24:15.0291 5140 GameConsoleService - ok 12:24:15.0338 5140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:24:15.0338 5140 GEARAspiWDM - ok 12:24:15.0400 5140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:24:15.0416 5140 gpsvc - ok 12:24:15.0494 5140 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe 12:24:15.0510 5140 Greg_Service - ok 12:24:15.0556 5140 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:24:15.0556 5140 gupdate - ok 12:24:15.0588 5140 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:24:15.0588 5140 gupdatem - ok 12:24:15.0603 5140 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 12:24:15.0603 5140 gusvc - ok 12:24:15.0681 5140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:24:15.0681 5140 hcw85cir - ok 12:24:15.0744 5140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:24:15.0744 5140 HdAudAddService - ok 12:24:15.0775 5140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:24:15.0775 5140 HDAudBus - ok 12:24:15.0806 5140 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 12:24:15.0806 5140 HECIx64 - ok 12:24:15.0822 5140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 12:24:15.0822 5140 HidBatt - ok 12:24:15.0822 5140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 12:24:15.0822 5140 HidBth - ok 12:24:15.0837 5140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 12:24:15.0837 5140 HidIr - ok 12:24:15.0853 5140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 12:24:15.0868 5140 hidserv - ok 12:24:15.0868 5140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:24:15.0868 5140 HidUsb - ok 12:24:15.0900 5140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:24:15.0900 5140 hkmsvc - ok 12:24:15.0946 5140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:24:15.0946 5140 HomeGroupListener - ok 12:24:15.0993 5140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:24:15.0993 5140 HomeGroupProvider - ok 12:24:16.0118 5140 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 12:24:16.0118 5140 hpqcxs08 - ok 12:24:16.0134 5140 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 12:24:16.0134 5140 hpqddsvc - ok 12:24:16.0196 5140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:24:16.0196 5140 HpSAMD - ok 12:24:16.0274 5140 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 12:24:16.0290 5140 HPSLPSVC - ok 12:24:16.0352 5140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:24:16.0352 5140 HTTP - ok 12:24:16.0383 5140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:24:16.0383 5140 hwpolicy - ok 12:24:16.0430 5140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 12:24:16.0430 5140 i8042prt - ok 12:24:16.0508 5140 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 12:24:16.0508 5140 IAANTMON - ok 12:24:16.0524 5140 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys 12:24:16.0539 5140 iaStor - ok 12:24:16.0586 5140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:24:16.0586 5140 iaStorV - ok 12:24:16.0695 5140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:24:16.0695 5140 idsvc - ok 12:24:16.0726 5140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 12:24:16.0726 5140 iirsp - ok 12:24:16.0789 5140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:24:16.0804 5140 IKEEXT - ok 12:24:16.0929 5140 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys 12:24:16.0945 5140 IntcAzAudAddService - ok 12:24:17.0038 5140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:24:17.0038 5140 intelide - ok 12:24:17.0070 5140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:24:17.0070 5140 intelppm - ok 12:24:17.0085 5140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:24:17.0085 5140 IPBusEnum - ok 12:24:17.0132 5140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:24:17.0132 5140 IpFilterDriver - ok 12:24:17.0179 5140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:24:17.0194 5140 iphlpsvc - ok 12:24:17.0210 5140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:24:17.0210 5140 IPMIDRV - ok 12:24:17.0226 5140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:24:17.0226 5140 IPNAT - ok 12:24:17.0350 5140 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 12:24:17.0366 5140 iPod Service - ok 12:24:17.0366 5140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:24:17.0366 5140 IRENUM - ok 12:24:17.0397 5140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:24:17.0397 5140 isapnp - ok 12:24:17.0413 5140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:24:17.0413 5140 iScsiPrt - ok 12:24:17.0444 5140 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys 12:24:17.0444 5140 JRAID - ok 12:24:17.0460 5140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 12:24:17.0460 5140 kbdclass - ok 12:24:17.0506 5140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:24:17.0506 5140 kbdhid - ok 12:24:17.0522 5140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:24:17.0522 5140 KeyIso - ok 12:24:17.0584 5140 kl1 (524503240d2ba280d97e2297102151ce) C:\Windows\system32\DRIVERS\kl1.sys 12:24:17.0584 5140 kl1 - ok 12:24:17.0616 5140 KLIF (6ab7b4b65c5e201cb968dec20af10dcb) C:\Windows\system32\DRIVERS\klif.sys 12:24:17.0616 5140 KLIF - ok 12:24:17.0647 5140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:24:17.0647 5140 KSecDD - ok 12:24:17.0678 5140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:24:17.0694 5140 KSecPkg - ok 12:24:17.0709 5140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:24:17.0709 5140 ksthunk - ok 12:24:17.0740 5140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:24:17.0756 5140 KtmRm - ok 12:24:17.0787 5140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 12:24:17.0803 5140 LanmanServer - ok 12:24:17.0834 5140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:24:17.0834 5140 LanmanWorkstation - ok 12:24:17.0865 5140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:24:17.0865 5140 lltdio - ok 12:24:17.0896 5140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:24:17.0896 5140 lltdsvc - ok 12:24:17.0912 5140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:24:17.0912 5140 lmhosts - ok 12:24:17.0928 5140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:24:17.0943 5140 LSI_FC - ok 12:24:17.0959 5140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:24:17.0959 5140 LSI_SAS - ok 12:24:17.0974 5140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:24:17.0974 5140 LSI_SAS2 - ok 12:24:17.0990 5140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:24:17.0990 5140 LSI_SCSI - ok 12:24:18.0021 5140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:24:18.0021 5140 luafv - ok 12:24:18.0052 5140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 12:24:18.0052 5140 MBAMProtector - ok 12:24:18.0130 5140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:24:18.0130 5140 MBAMService - ok 12:24:18.0162 5140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:24:18.0162 5140 Mcx2Svc - ok 12:24:18.0193 5140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 12:24:18.0193 5140 megasas - ok 12:24:18.0224 5140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 12:24:18.0224 5140 MegaSR - ok 12:24:18.0240 5140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:24:18.0255 5140 MMCSS - ok 12:24:18.0255 5140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:24:18.0255 5140 Modem - ok 12:24:18.0271 5140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:24:18.0271 5140 monitor - ok 12:24:18.0318 5140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:24:18.0318 5140 mouclass - ok 12:24:18.0349 5140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:24:18.0349 5140 mouhid - ok 12:24:18.0380 5140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:24:18.0380 5140 mountmgr - ok 12:24:18.0411 5140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:24:18.0427 5140 mpio - ok 12:24:18.0442 5140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:24:18.0442 5140 mpsdrv - ok 12:24:18.0489 5140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:24:18.0505 5140 MpsSvc - ok 12:24:18.0552 5140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:24:18.0552 5140 MRxDAV - ok 12:24:18.0583 5140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:24:18.0583 5140 mrxsmb - ok 12:24:18.0630 5140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:24:18.0630 5140 mrxsmb10 - ok 12:24:18.0645 5140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:24:18.0645 5140 mrxsmb20 - ok 12:24:18.0676 5140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:24:18.0676 5140 msahci - ok 12:24:18.0708 5140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:24:18.0723 5140 msdsm - ok 12:24:18.0739 5140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:24:18.0739 5140 MSDTC - ok 12:24:18.0770 5140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:24:18.0770 5140 Msfs - ok 12:24:18.0786 5140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:24:18.0786 5140 mshidkmdf - ok 12:24:18.0801 5140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:24:18.0801 5140 msisadrv - ok 12:24:18.0817 5140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:24:18.0817 5140 MSiSCSI - ok 12:24:18.0832 5140 msiserver - ok 12:24:18.0848 5140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:24:18.0848 5140 MSKSSRV - ok 12:24:18.0848 5140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:24:18.0848 5140 MSPCLOCK - ok 12:24:18.0864 5140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:24:18.0864 5140 MSPQM - ok 12:24:18.0910 5140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:24:18.0910 5140 MsRPC - ok 12:24:18.0942 5140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:24:18.0942 5140 mssmbios - ok 12:24:18.0973 5140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:24:18.0973 5140 MSTEE - ok 12:24:18.0988 5140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 12:24:18.0988 5140 MTConfig - ok 12:24:18.0988 5140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:24:18.0988 5140 Mup - ok 12:24:19.0020 5140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:24:19.0035 5140 napagent - ok 12:24:19.0051 5140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:24:19.0066 5140 NativeWifiP - ok 12:24:19.0129 5140 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:24:19.0144 5140 NDIS - ok 12:24:19.0160 5140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:24:19.0176 5140 NdisCap - ok 12:24:19.0191 5140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:24:19.0191 5140 NdisTapi - ok 12:24:19.0222 5140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:24:19.0222 5140 Ndisuio - ok 12:24:19.0269 5140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:24:19.0269 5140 NdisWan - ok 12:24:19.0269 5140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:24:19.0269 5140 NDProxy - ok 12:24:19.0378 5140 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 12:24:19.0394 5140 Nero BackItUp Scheduler 4.0 - ok 12:24:19.0441 5140 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll 12:24:19.0456 5140 Net Driver HPZ12 - ok 12:24:19.0472 5140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:24:19.0472 5140 NetBIOS - ok 12:24:19.0519 5140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:24:19.0519 5140 NetBT - ok 12:24:19.0550 5140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:24:19.0550 5140 Netlogon - ok 12:24:19.0597 5140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:24:19.0612 5140 Netman - ok 12:24:19.0644 5140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:24:19.0644 5140 netprofm - ok 12:24:19.0706 5140 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys 12:24:19.0722 5140 netr28x - ok 12:24:19.0768 5140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:24:19.0768 5140 NetTcpPortSharing - ok 12:24:19.0815 5140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 12:24:19.0815 5140 nfrd960 - ok 12:24:19.0862 5140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:24:19.0862 5140 NlaSvc - ok 12:24:19.0878 5140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:24:19.0878 5140 Npfs - ok 12:24:19.0893 5140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:24:19.0893 5140 nsi - ok 12:24:19.0909 5140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:24:19.0909 5140 nsiproxy - ok 12:24:20.0002 5140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:24:20.0018 5140 Ntfs - ok 12:24:20.0080 5140 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe 12:24:20.0096 5140 NTI IScheduleSvc - ok 12:24:20.0158 5140 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 12:24:20.0158 5140 NTIDrvr - ok 12:24:20.0158 5140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:24:20.0158 5140 Null - ok 12:24:20.0205 5140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:24:20.0221 5140 nvraid - ok 12:24:20.0236 5140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:24:20.0236 5140 nvstor - ok 12:24:20.0268 5140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:24:20.0283 5140 nv_agp - ok 12:24:20.0299 5140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:24:20.0299 5140 ohci1394 - ok 12:24:20.0361 5140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:24:20.0361 5140 ose - ok 12:24:20.0611 5140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:24:20.0626 5140 osppsvc - ok 12:24:20.0720 5140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:24:20.0720 5140 p2pimsvc - ok 12:24:20.0751 5140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:24:20.0751 5140 p2psvc - ok 12:24:20.0782 5140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 12:24:20.0782 5140 Parport - ok 12:24:20.0814 5140 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 12:24:20.0814 5140 partmgr - ok 12:24:20.0829 5140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:24:20.0845 5140 PcaSvc - ok 12:24:20.0876 5140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:24:20.0876 5140 pci - ok 12:24:20.0876 5140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:24:20.0892 5140 pciide - ok 12:24:20.0907 5140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 12:24:20.0907 5140 pcmcia - ok 12:24:20.0923 5140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:24:20.0923 5140 pcw - ok 12:24:20.0954 5140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:24:20.0954 5140 PEAUTH - ok 12:24:21.0001 5140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:24:21.0016 5140 PerfHost - ok 12:24:21.0126 5140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:24:21.0141 5140 pla - ok 12:24:21.0188 5140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:24:21.0188 5140 PlugPlay - ok 12:24:21.0235 5140 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll 12:24:21.0235 5140 Pml Driver HPZ12 - ok 12:24:21.0250 5140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:24:21.0250 5140 PNRPAutoReg - ok 12:24:21.0266 5140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:24:21.0266 5140 PNRPsvc - ok 12:24:21.0328 5140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:24:21.0328 5140 PolicyAgent - ok 12:24:21.0344 5140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:24:21.0360 5140 Power - ok 12:24:21.0406 5140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:24:21.0422 5140 PptpMiniport - ok 12:24:21.0422 5140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 12:24:21.0422 5140 Processor - ok 12:24:21.0469 5140 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 12:24:21.0469 5140 ProfSvc - ok 12:24:21.0500 5140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:24:21.0500 5140 ProtectedStorage - ok 12:24:21.0547 5140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:24:21.0547 5140 Psched - ok 12:24:21.0625 5140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 12:24:21.0640 5140 ql2300 - ok 12:24:21.0718 5140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 12:24:21.0718 5140 ql40xx - ok 12:24:21.0750 5140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:24:21.0765 5140 QWAVE - ok 12:24:21.0781 5140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:24:21.0781 5140 QWAVEdrv - ok 12:24:21.0781 5140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:24:21.0781 5140 RasAcd - ok 12:24:21.0796 5140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:24:21.0796 5140 RasAgileVpn - ok 12:24:21.0812 5140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:24:21.0812 5140 RasAuto - ok 12:24:21.0859 5140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:24:21.0859 5140 Rasl2tp - ok 12:24:21.0906 5140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:24:21.0906 5140 RasMan - ok 12:24:21.0937 5140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:24:21.0937 5140 RasPppoe - ok 12:24:21.0937 5140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:24:21.0952 5140 RasSstp - ok 12:24:21.0968 5140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:24:21.0968 5140 rdbss - ok 12:24:21.0999 5140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 12:24:21.0999 5140 rdpbus - ok 12:24:22.0015 5140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:24:22.0015 5140 RDPCDD - ok 12:24:22.0030 5140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:24:22.0030 5140 RDPENCDD - ok 12:24:22.0046 5140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:24:22.0046 5140 RDPREFMP - ok 12:24:22.0093 5140 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 12:24:22.0093 5140 RDPWD - ok 12:24:22.0140 5140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:24:22.0140 5140 rdyboost - ok 12:24:22.0171 5140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:24:22.0171 5140 RemoteAccess - ok 12:24:22.0202 5140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:24:22.0218 5140 RemoteRegistry - ok 12:24:22.0218 5140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:24:22.0218 5140 RpcEptMapper - ok 12:24:22.0233 5140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:24:22.0233 5140 RpcLocator - ok 12:24:22.0280 5140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:24:22.0296 5140 RpcSs - ok 12:24:22.0311 5140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:24:22.0327 5140 rspndr - ok 12:24:22.0358 5140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:24:22.0358 5140 SamSs - ok 12:24:22.0389 5140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:24:22.0389 5140 sbp2port - ok 12:24:22.0420 5140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:24:22.0420 5140 SCardSvr - ok 12:24:22.0452 5140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:24:22.0452 5140 scfilter - ok 12:24:22.0530 5140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:24:22.0545 5140 Schedule - ok 12:24:22.0561 5140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:24:22.0576 5140 SCPolicySvc - ok 12:24:22.0623 5140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:24:22.0623 5140 SDRSVC - ok 12:24:22.0701 5140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:24:22.0701 5140 secdrv - ok 12:24:22.0717 5140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:24:22.0732 5140 seclogon - ok 12:24:22.0748 5140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 12:24:22.0748 5140 SENS - ok 12:24:22.0764 5140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:24:22.0764 5140 SensrSvc - ok 12:24:22.0779 5140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 12:24:22.0779 5140 Serenum - ok 12:24:22.0795 5140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 12:24:22.0795 5140 Serial - ok 12:24:22.0826 5140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 12:24:22.0826 5140 sermouse - ok 12:24:22.0857 5140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:24:22.0873 5140 SessionEnv - ok 12:24:22.0904 5140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:24:22.0904 5140 sffdisk - ok 12:24:22.0904 5140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:24:22.0904 5140 sffp_mmc - ok 12:24:22.0920 5140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:24:22.0920 5140 sffp_sd - ok 12:24:22.0935 5140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 12:24:22.0935 5140 sfloppy - ok 12:24:22.0998 5140 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 12:24:23.0013 5140 Sftfs - ok 12:24:23.0091 5140 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 12:24:23.0107 5140 sftlist - ok 12:24:23.0138 5140 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 12:24:23.0138 5140 Sftplay - ok 12:24:23.0169 5140 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 12:24:23.0169 5140 Sftredir - ok 12:24:23.0185 5140 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 12:24:23.0185 5140 Sftvol - ok 12:24:23.0200 5140 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 12:24:23.0200 5140 sftvsa - ok 12:24:23.0232 5140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:24:23.0247 5140 SharedAccess - ok 12:24:23.0294 5140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:24:23.0294 5140 ShellHWDetection - ok 12:24:23.0325 5140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:24:23.0325 5140 SiSRaid2 - ok 12:24:23.0325 5140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 12:24:23.0341 5140 SiSRaid4 - ok 12:24:23.0388 5140 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 12:24:23.0403 5140 SkypeUpdate - ok 12:24:23.0419 5140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:24:23.0419 5140 Smb - ok 12:24:23.0450 5140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:24:23.0450 5140 SNMPTRAP - ok 12:24:23.0466 5140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:24:23.0466 5140 spldr - ok 12:24:23.0512 5140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:24:23.0528 5140 Spooler - ok 12:24:23.0700 5140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:24:23.0746 5140 sppsvc - ok 12:24:23.0824 5140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:24:23.0824 5140 sppuinotify - ok 12:24:23.0871 5140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:24:23.0887 5140 srv - ok 12:24:23.0902 5140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:24:23.0918 5140 srv2 - ok 12:24:23.0934 5140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:24:23.0934 5140 srvnet - ok 12:24:23.0949 5140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:24:23.0965 5140 SSDPSRV - ok 12:24:23.0965 5140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:24:23.0980 5140 SstpSvc - ok 12:24:23.0996 5140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 12:24:23.0996 5140 stexstor - ok 12:24:24.0058 5140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:24:24.0074 5140 stisvc - ok 12:24:24.0105 5140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:24:24.0105 5140 swenum - ok 12:24:24.0136 5140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:24:24.0152 5140 swprv - ok 12:24:24.0246 5140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:24:24.0277 5140 SysMain - ok 12:24:24.0370 5140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:24:24.0370 5140 TabletInputService - ok 12:24:24.0386 5140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:24:24.0402 5140 TapiSrv - ok 12:24:24.0417 5140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:24:24.0417 5140 TBS - ok 12:24:24.0542 5140 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 12:24:24.0573 5140 Tcpip - ok 12:24:24.0682 5140 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 12:24:24.0698 5140 TCPIP6 - ok 12:24:24.0745 5140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:24:24.0745 5140 tcpipreg - ok 12:24:24.0776 5140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:24:24.0776 5140 TDPIPE - ok 12:24:24.0807 5140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:24:24.0807 5140 TDTCP - ok 12:24:24.0838 5140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:24:24.0838 5140 tdx - ok 12:24:24.0885 5140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:24:24.0885 5140 TermDD - ok 12:24:24.0916 5140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:24:24.0932 5140 TermService - ok 12:24:24.0948 5140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:24:24.0948 5140 Themes - ok 12:24:24.0963 5140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:24:24.0963 5140 THREADORDER - ok 12:24:24.0994 5140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:24:24.0994 5140 TrkWks - ok 12:24:25.0041 5140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:24:25.0041 5140 TrustedInstaller - ok 12:24:25.0072 5140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:24:25.0072 5140 tssecsrv - ok 12:24:25.0119 5140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:24:25.0119 5140 TsUsbFlt - ok 12:24:25.0166 5140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:24:25.0166 5140 tunnel - ok 12:24:25.0182 5140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 12:24:25.0182 5140 uagp35 - ok 12:24:25.0213 5140 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 12:24:25.0213 5140 UBHelper - ok 12:24:25.0244 5140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:24:25.0260 5140 udfs - ok 12:24:25.0291 5140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:24:25.0291 5140 UI0Detect - ok 12:24:25.0322 5140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:24:25.0322 5140 uliagpkx - ok 12:24:25.0338 5140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 12:24:25.0338 5140 umbus - ok 12:24:25.0353 5140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 12:24:25.0353 5140 UmPass - ok 12:24:25.0416 5140 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe 12:24:25.0416 5140 Updater Service - ok 12:24:25.0447 5140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:24:25.0462 5140 upnphost - ok 12:24:25.0478 5140 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 12:24:25.0494 5140 USBAAPL64 - ok 12:24:25.0525 5140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:24:25.0525 5140 usbccgp - ok 12:24:25.0556 5140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:24:25.0556 5140 usbcir - ok 12:24:25.0572 5140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:24:25.0572 5140 usbehci - ok 12:24:25.0587 5140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:24:25.0587 5140 usbhub - ok 12:24:25.0603 5140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:24:25.0603 5140 usbohci - ok 12:24:25.0618 5140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:24:25.0634 5140 usbprint - ok 12:24:25.0665 5140 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe 12:24:25.0665 5140 USBS3S4Detection - ok 12:24:25.0696 5140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 12:24:25.0696 5140 usbscan - ok 12:24:25.0743 5140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:24:25.0743 5140 USBSTOR - ok 12:24:25.0759 5140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:24:25.0759 5140 usbuhci - ok 12:24:25.0790 5140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:24:25.0790 5140 UxSms - ok 12:24:25.0821 5140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:24:25.0821 5140 VaultSvc - ok 12:24:25.0868 5140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:24:25.0868 5140 vdrvroot - ok 12:24:25.0915 5140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:24:25.0930 5140 vds - ok 12:24:25.0946 5140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:24:25.0946 5140 vga - ok 12:24:25.0962 5140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:24:25.0962 5140 VgaSave - ok 12:24:25.0993 5140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:24:25.0993 5140 vhdmp - ok 12:24:26.0008 5140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:24:26.0008 5140 viaide - ok 12:24:26.0024 5140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:24:26.0024 5140 volmgr - ok 12:24:26.0071 5140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:24:26.0086 5140 volmgrx - ok 12:24:26.0102 5140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:24:26.0118 5140 volsnap - ok 12:24:26.0149 5140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 12:24:26.0149 5140 vsmraid - ok 12:24:26.0242 5140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:24:26.0258 5140 VSS - ok 12:24:26.0336 5140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:24:26.0336 5140 vwifibus - ok 12:24:26.0383 5140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:24:26.0383 5140 vwififlt - ok 12:24:26.0414 5140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:24:26.0430 5140 W32Time - ok 12:24:26.0445 5140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 12:24:26.0445 5140 WacomPen - ok 12:24:26.0492 5140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:24:26.0492 5140 WANARP - ok 12:24:26.0492 5140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:24:26.0492 5140 Wanarpv6 - ok 12:24:26.0570 5140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 12:24:26.0586 5140 WatAdminSvc - ok 12:24:26.0679 5140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:24:26.0710 5140 wbengine - ok 12:24:26.0773 5140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:24:26.0788 5140 WbioSrvc - ok 12:24:26.0835 5140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:24:26.0851 5140 wcncsvc - ok 12:24:26.0851 5140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:24:26.0851 5140 WcsPlugInService - ok 12:24:26.0882 5140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 12:24:26.0882 5140 Wd - ok 12:24:26.0913 5140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:24:26.0913 5140 Wdf01000 - ok 12:24:26.0929 5140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:24:26.0944 5140 WdiServiceHost - ok 12:24:26.0944 5140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:24:26.0944 5140 WdiSystemHost - ok 12:24:26.0960 5140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:24:26.0976 5140 WebClient - ok 12:24:27.0007 5140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:24:27.0007 5140 Wecsvc - ok 12:24:27.0022 5140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:24:27.0022 5140 wercplsupport - ok 12:24:27.0038 5140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:24:27.0038 5140 WerSvc - ok 12:24:27.0085 5140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:24:27.0085 5140 WfpLwf - ok 12:24:27.0100 5140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:24:27.0100 5140 WIMMount - ok 12:24:27.0132 5140 WinDefend - ok 12:24:27.0147 5140 WinHttpAutoProxySvc - ok 12:24:27.0194 5140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:24:27.0194 5140 Winmgmt - ok 12:24:27.0319 5140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:24:27.0334 5140 WinRM - ok 12:24:27.0444 5140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 12:24:27.0444 5140 WinUsb - ok 12:24:27.0506 5140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:24:27.0522 5140 Wlansvc - ok 12:24:27.0709 5140 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:24:27.0724 5140 wlidsvc - ok 12:24:27.0818 5140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:24:27.0818 5140 WmiAcpi - ok 12:24:27.0865 5140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:24:27.0880 5140 wmiApSrv - ok 12:24:27.0912 5140 WMPNetworkSvc - ok 12:24:27.0927 5140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:24:27.0927 5140 WPCSvc - ok 12:24:27.0974 5140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:24:27.0974 5140 WPDBusEnum - ok 12:24:28.0005 5140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:24:28.0005 5140 ws2ifsl - ok 12:24:28.0005 5140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 12:24:28.0021 5140 wscsvc - ok 12:24:28.0021 5140 WSearch - ok 12:24:28.0146 5140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:24:28.0177 5140 wuauserv - ok 12:24:28.0270 5140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:24:28.0270 5140 WudfPf - ok 12:24:28.0302 5140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:24:28.0302 5140 WUDFRd - ok 12:24:28.0333 5140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:24:28.0348 5140 wudfsvc - ok 12:24:28.0380 5140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:24:28.0380 5140 WwanSvc - ok 12:24:28.0411 5140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:24:28.0598 5140 \Device\Harddisk0\DR0 - ok 12:24:28.0598 5140 Boot (0x1200) (f48fe5e54eef36d0caa4fe543d2d2877) \Device\Harddisk0\DR0\Partition0 12:24:28.0598 5140 \Device\Harddisk0\DR0\Partition0 - ok 12:24:28.0614 5140 Boot (0x1200) (850031bd94980a1f6578b1d71178137f) \Device\Harddisk0\DR0\Partition1 12:24:28.0614 5140 \Device\Harddisk0\DR0\Partition1 - ok 12:24:28.0614 5140 ============================================================ 12:24:28.0614 5140 Scan finished 12:24:28.0614 5140 ============================================================ 12:24:28.0614 3316 Detected object count: 0 12:24:28.0614 3316 Actual detected object count: 0 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-17 12:27:23 ----------------------------- 12:27:23.731 OS Version: Windows x64 6.1.7601 Service Pack 1 12:27:23.731 Number of processors: 4 586 0x1E05 12:27:23.731 ComputerName: SCOTT-PC UserName: Scott 12:27:25.119 Initialize success 12:28:00.259 AVAST engine defs: 12061700 12:28:12.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:28:12.218 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3 12:28:12.234 Disk 0 MBR read successfully 12:28:12.234 Disk 0 MBR scan 12:28:12.249 Disk 0 Windows 7 default MBR code 12:28:12.249 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048 12:28:12.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632 12:28:12.280 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432 12:28:12.280 Disk 0 scanning C:\Windows\system32\drivers 12:28:20.829 Service scanning 12:28:40.485 Modules scanning 12:28:40.485 Disk 0 trace - called modules: 12:28:40.501 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 12:28:40.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e24060] 12:28:40.517 3 CLASSPNP.SYS[fffff88001b5343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b71050] 12:28:41.905 AVAST engine scan C:\Windows 12:28:45.181 AVAST engine scan C:\Windows\system32 12:28:48.535 File: C:\Windows\system32\autoHost64.dll **INFECTED** Win32:Trojan-gen 12:30:48.178 AVAST engine scan C:\Windows\system32\drivers 12:30:59.223 AVAST engine scan C:\Users\Scott 12:38:33.826 AVAST engine scan C:\ProgramData 12:40:40.892 Scan finished successfully 12:40:55.197 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\Malwarebytes notes\MBR.dat" 12:40:55.197 The log file has been saved successfully to "C:\Users\Scott\Desktop\Malwarebytes notes\aswMBR.txt"

Sorry.. just reread the instructions and saw to reboot computer to get rid of that error message. Rebooted and I can access the programs. So far I have been online for a few minutes with no pop up warnings from Malwarebytes which used to come up every few seconds. All issues seem to be OK now... no problems with opening Excel documents or Windows Live attachments. Here is the log: ComboFix 12-06-16.02 - Scott 17/06/2012 9:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.6459 [GMT -7:00] Running from: c:\users\Scott\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87} c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\00000004.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\1afb2d56 c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\80000032.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\n c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000004.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000008.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\000000cb.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000000.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000032.@ c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000064.@ c:\users\Scott\AppData\Local\Temp\ireyln.dll c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))) . . 2012-06-17 16:53 . 2012-06-17 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-17 16:53 . 2012-06-17 16:53 -------- d-----w- c:\users\Hot Blonde Babe\AppData\Local\temp 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\programdata\HP Photo Creations 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\program files (x86)\HP Photo Creations 2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\users\Scott\AppData\Roaming\HpUpdate 2012-06-16 22:47 . 2012-06-16 22:47 -------- d-----w- c:\programdata\HP Product Assistant 2012-06-16 22:28 . 2012-06-16 22:28 -------- d-----w- c:\windows\Hewlett-Packard 2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-16 17:17 . 2012-06-16 17:21 -------- d-----w- c:\programdata\PLAV 2012-06-16 17:17 . 2012-06-16 17:17 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS 2012-06-16 15:35 . 2012-06-16 15:35 -------- d-----w- c:\windows\system32\Macromed 2012-06-15 10:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll 2012-06-12 07:44 . 2012-06-12 07:44 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-12 07:44 . 2012-05-09 19:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-30 23:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-30 23:37 . 2012-05-30 23:37 62464 ---ha-w- c:\windows\system32\autoHost64.dll 2012-05-30 23:36 . 2012-05-30 23:36 -------- d-----w- c:\programdata\B7E8587100017DC3000BDF33B4EB2367 2012-05-30 23:36 . 2012-05-31 00:36 -------- d-----w- c:\users\Scott\AppData\Local\CMI 2012-05-30 13:19 . 2012-06-16 15:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-30 13:19 . 2012-06-16 15:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-22 01:48 . 2012-05-22 01:48 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 19:21 . 2010-07-06 15:57 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-30 11:35 . 2012-05-12 08:18 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-01 39408] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] . c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 15:35] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36] . 2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?AF=108980&babsrc=HP_ss&mntrId=14c9424a000000000000701a04ef5b08 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-compeout - c:\windows\system32\autoHost64.dll SafeBoot-44738816.sys Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-06-17 10:06:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-17 17:06 . Pre-Run: 789,514,678,272 bytes free Post-Run: 794,949,332,992 bytes free . - - End Of File - - ABCEC3191E5813606778B13DE535F1D0

I don't have the log as I can no longer open things on my computer... am working from another one now to send this. I ran the combofix from my documents folder not directly on the desktop (no option to save to desktop when I download it does it automatically as soon as I click on the link, not sure if that makes any difference). The program ran and rebooted the computer, then generated a log. I am now unable to open most programs (Windows Live; Chrome; Internet Explorer; Excel; Word). I get an error message "Illegal operations attempted on a registry key that has been marked for deletion" when attempting to open those programs (not sure if there are others as well). I did not save the log to a thumbdrive or anything as I was worried that if I put it on this computer I would infect it as well. Not sure how to get you the log without being able to access those programs.

Problems with the computer so far: difficulty opening files in Excel (says unable to create temp environment... and short of memory, even if nothing is open); Audio Ads running even when no browser open; unable to open attachment files in Windows Live; slow internet and page loading; randomly find browser open to websites I haven't opened (and I live alone) after having left computer on and not been on it. Here are the three logs requested: Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 33 Java version out of date! Adobe Reader X (10.1.3) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Scott at 23:27:46 on 2012-06-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.5844 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe Q:\140061.enu\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Scott\Downloads\SecurityCheck.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\SysWOW64\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=108980&babsrc=HP_ss&mntrId=14c9424a000000000000701a04ef5b08 uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [compeout] rundll32 "C:\Windows\system32\autoHost64.dll",CreateProcessNotify uRun: [ireyln] rundll32.exe "C:\Users\Scott\AppData\Local\Temp\ireyln.dll",StopFeedLoad mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: mswsock.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.114.238.141/activex/AxisCamControl.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9A775B56-1982-4132-A5E9-F06243D11877} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D}\3534F44545D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1 Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-30 654408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 257224] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-16 22:48:36 -------- d-----w- C:\ProgramData\HP Photo Creations 2012-06-16 22:48:36 -------- d-----w- C:\Program Files (x86)\HP Photo Creations 2012-06-16 22:48:30 -------- d-----w- C:\Users\Scott\AppData\Roaming\HpUpdate 2012-06-16 22:28:30 -------- d-----w- C:\Windows\Hewlett-Packard 2012-06-16 22:16:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-16 19:35:53 -------- d-----w- C:\Users\Scott\AppData\Local\{C93DCBC3-3AEA-4B9A-AB74-EA2BA1937A21} 2012-06-16 19:20:58 -------- d-----w- C:\Users\Scott\AppData\Local\{2CB05255-50F7-443F-BE68-57A2C9C04C54} 2012-06-16 17:17:36 -------- d-----w- C:\ProgramData\PLAV 2012-06-16 17:17:10 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS 2012-06-16 06:10:15 -------- d-----w- C:\Users\Scott\AppData\Local\{0C75FC1C-4299-4ED6-A4FB-9E852EB52F3D} 2012-06-15 18:10:10 -------- d-----w- C:\Users\Scott\AppData\Local\{B18A0E0E-3AA8-4AAE-8C9D-62FEFBE087FD} 2012-06-15 10:37:14 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll 2012-06-15 06:10:06 -------- d-----w- C:\Users\Scott\AppData\Local\{5A16661B-BF30-42D4-9B25-8CA38D75989B} 2012-06-14 18:09:54 -------- d-----w- C:\Users\Scott\AppData\Local\{535C103F-A3B1-4D54-9992-38EC8EE8E721} 2012-06-14 18:09:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B06762F5-5D75-4231-A37F-07F31C3DB369} 2012-06-14 06:08:54 -------- d-----w- C:\Users\Scott\AppData\Local\{8C5FCB2D-6F22-4CB2-AEF3-CB64386F1856} 2012-06-14 06:08:26 -------- d-----w- C:\Users\Scott\AppData\Local\{C06E069C-4BD1-4D3F-9FA2-14B459AE604F} 2012-06-13 18:08:06 -------- d-----w- C:\Users\Scott\AppData\Local\{1BA35862-CC19-450F-81AF-CED1733EAEA4} 2012-06-13 18:07:35 -------- d-----w- C:\Users\Scott\AppData\Local\{EA624360-C83D-455A-8E12-B4E655E06C52} 2012-06-13 06:07:33 -------- d-----w- C:\Users\Scott\AppData\Local\{F4EF1050-723D-4066-8434-6F7588B6EC5B} 2012-06-13 06:07:18 -------- d-----w- C:\Users\Scott\AppData\Local\{88E03411-DC6F-4C90-B47E-A09B16150737} 2012-06-12 18:07:04 -------- d-----w- C:\Users\Scott\AppData\Local\{5ADA9CE7-4FEB-47AD-B436-08A6F9EEF2FF} 2012-06-12 18:07:00 -------- d-----w- C:\Users\Scott\AppData\Local\{C66B034E-FDA8-41AD-B3AA-C96AA998ACB4} 2012-06-12 07:44:35 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-12 06:06:46 -------- d-----w- C:\Users\Scott\AppData\Local\{A4BCAC10-ACF8-4271-9260-5E2D65149DC5} 2012-06-12 06:06:36 -------- d-----w- C:\Users\Scott\AppData\Local\{90DE1452-F67C-44C9-AB8B-C2CF9FD67BF5} 2012-06-11 18:05:21 -------- d-----w- C:\Users\Scott\AppData\Local\{0986028B-A32F-40A6-BD51-8A54BEBC4966} 2012-06-11 18:05:06 -------- d-----w- C:\Users\Scott\AppData\Local\{8C6221F6-B8C2-4EE7-B28B-A66069AD8496} 2012-06-11 06:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{4FE44F11-6235-49E8-965F-6DA86B7FDEB0} 2012-06-11 06:04:33 -------- d-----w- C:\Users\Scott\AppData\Local\{EC4CB617-8C59-4803-8EB4-2A2925FAA0D7} 2012-06-10 18:02:58 -------- d-----w- C:\Users\Scott\AppData\Local\{39557910-2BC3-4813-BCB7-6ABA39D74E8D} 2012-06-10 18:01:51 -------- d-----w- C:\Users\Scott\AppData\Local\{E83B8D09-2EB1-4C03-87A8-17BF197CC436} 2012-06-10 06:01:29 -------- d-----w- C:\Users\Scott\AppData\Local\{7542F8FA-7022-42C5-8ECA-7EE9B0AC4AF2} 2012-06-10 06:01:28 -------- d-----w- C:\Users\Scott\AppData\Local\{512DAE1F-2F21-494F-A6F9-4AD85499395E} 2012-06-09 18:01:05 -------- d-----w- C:\Users\Scott\AppData\Local\{9626F434-25EC-49E9-BA00-FA7B8CAFAA0E} 2012-06-09 18:00:10 -------- d-----w- C:\Users\Scott\AppData\Local\{EA85FAC9-7DF1-45C0-8E91-77E1016F9AED} 2012-06-09 06:00:02 -------- d-----w- C:\Users\Scott\AppData\Local\{404F45D9-CFEF-4508-B27B-7051BB5FE1E2} 2012-06-09 05:59:41 -------- d-----w- C:\Users\Scott\AppData\Local\{F7CE12E3-17C5-493E-9578-D870F412535A} 2012-06-08 17:59:20 -------- d-----w- C:\Users\Scott\AppData\Local\{E0D84AB7-692C-4C6E-B17D-13A51B030C82} 2012-06-08 17:59:10 -------- d-----w- C:\Users\Scott\AppData\Local\{751598FE-220F-4DC6-862D-AE9AD7CEEBDB} 2012-06-08 05:58:47 -------- d-----w- C:\Users\Scott\AppData\Local\{9F593E2D-8891-4B24-878F-6E0D18F5B559} 2012-06-08 05:58:46 -------- d-----w- C:\Users\Scott\AppData\Local\{7E3C549D-9830-416A-ABFF-6A574992AF10} 2012-06-07 17:58:22 -------- d-----w- C:\Users\Scott\AppData\Local\{29697314-BE75-4DF4-B1D0-1103A4203555} 2012-06-07 17:58:10 -------- d-----w- C:\Users\Scott\AppData\Local\{2813E5D2-6E9E-43ED-94FC-C79A754F58F1} 2012-06-07 05:57:55 -------- d-----w- C:\Users\Scott\AppData\Local\{1E524980-CFB4-4CD8-A9A7-04F5ED374EED} 2012-06-07 05:57:34 -------- d-----w- C:\Users\Scott\AppData\Local\{258D21E4-A0A9-482C-8D10-2C5D5B5DE3A5} 2012-06-06 17:57:29 -------- d-----w- C:\Users\Scott\AppData\Local\{5EE28E85-899E-455A-BE49-F292967C37FB} 2012-06-06 17:57:16 -------- d-----w- C:\Users\Scott\AppData\Local\{7C07E5C8-2A9C-43AD-A2F4-4777ACF84AF2} 2012-06-06 05:57:11 -------- d-----w- C:\Users\Scott\AppData\Local\{8BE43308-CE1D-46B2-AEF3-1D859BF180F8} 2012-06-06 05:56:47 -------- d-----w- C:\Users\Scott\AppData\Local\{F3C67B90-530B-4436-B7DA-7C4F49FD3996} 2012-06-05 17:56:41 -------- d-----w- C:\Users\Scott\AppData\Local\{6CB677C5-5D9E-40B8-9504-481E9076ED14} 2012-06-05 17:56:38 -------- d-----w- C:\Users\Scott\AppData\Local\{4337AE5E-3C2A-45CA-9E0B-360F8374CAA1} 2012-06-05 05:56:24 -------- d-----w- C:\Users\Scott\AppData\Local\{0AAA06B0-1C8B-418A-BA60-DBD882B3FAAB} 2012-06-05 05:56:14 -------- d-----w- C:\Users\Scott\AppData\Local\{401F392B-9589-40D8-8704-7779599EEEE3} 2012-06-04 17:56:03 -------- d-----w- C:\Users\Scott\AppData\Local\{BE205F1D-96E5-421F-A49A-4FD75695FD72} 2012-06-04 17:55:56 -------- d-----w- C:\Users\Scott\AppData\Local\{B2197C9B-A0E0-4436-845C-96A2C3DB3FD6} 2012-06-04 05:55:30 -------- d-----w- C:\Users\Scott\AppData\Local\{15DC787A-113B-46BD-9DB3-A0B12B6A001C} 2012-06-04 05:55:26 -------- d-----w- C:\Users\Scott\AppData\Local\{09847DEA-A1BC-4040-9191-7DC036951485} 2012-06-03 17:54:26 -------- d-----w- C:\Users\Scott\AppData\Local\{919C69FB-6AF9-4048-BDD6-1EA02CE954F0} 2012-06-03 17:53:50 -------- d-----w- C:\Users\Scott\AppData\Local\{E8E328CC-C131-445F-A420-F47B478D7BFA} 2012-06-03 05:53:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B5753C9C-4D2E-457B-B258-9B5778098D94} 2012-06-03 05:52:45 -------- d-----w- C:\Users\Scott\AppData\Local\{D5B224FB-9683-4797-81F5-2B38DD4C8419} 2012-06-02 17:51:16 -------- d-----w- C:\Users\Scott\AppData\Local\{A0CF5F7E-F9DB-4824-9785-7250DF5332DB} 2012-06-02 17:51:13 -------- d-----w- C:\Users\Scott\AppData\Local\{D9606D23-CB20-4673-B435-71B9A3F2DFBC} 2012-06-02 05:50:34 -------- d-----w- C:\Users\Scott\AppData\Local\{396C50B9-6A7A-4E9A-A131-04AF53A74E25} 2012-06-02 05:50:10 -------- d-----w- C:\Users\Scott\AppData\Local\{16623201-41E1-4354-967E-4B0D1A29CE76} 2012-06-01 17:49:35 -------- d-----w- C:\Users\Scott\AppData\Local\{59DFAEE8-F18B-4C30-B8CA-57E118CF6380} 2012-06-01 17:49:04 -------- d-----w- C:\Users\Scott\AppData\Local\{2780F154-8ED8-4068-9B61-4AD2F12E8CAF} 2012-06-01 05:48:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A0141189-1CC6-4437-9AD1-DA7BF5F24C30} 2012-06-01 05:48:35 -------- d-----w- C:\Users\Scott\AppData\Local\{D5833D70-64C1-4A6A-B0C9-0A6C7B2098D4} 2012-05-31 17:48:17 -------- d-----w- C:\Users\Scott\AppData\Local\{72C11EED-DFFE-4945-B8E5-3FBF550FBB4C} 2012-05-31 17:48:14 -------- d-----w- C:\Users\Scott\AppData\Local\{2575106B-CBE1-490F-B23E-C704359F4301} 2012-05-31 05:47:56 -------- d-----w- C:\Users\Scott\AppData\Local\{0B561BEC-0052-45AD-B6B9-5A0473441BAF} 2012-05-31 05:47:53 -------- d-----w- C:\Users\Scott\AppData\Local\{14F22FDD-5541-4EAF-A086-89EA8BDB777A} 2012-05-30 23:55:18 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes 2012-05-30 23:55:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-30 23:55:12 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-30 23:55:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-30 23:37:18 62464 ---ha-w- C:\Windows\System32\autoHost64.dll 2012-05-30 23:36:43 -------- d-----w- C:\ProgramData\B7E8587100017DC3000BDF33B4EB2367 2012-05-30 23:36:42 -------- d-----w- C:\Users\Scott\AppData\Local\CMI 2012-05-30 17:47:27 -------- d-----w- C:\Users\Scott\AppData\Local\{97319CC9-3CEF-4F1C-A9B8-44266A89A03E} 2012-05-30 17:46:38 -------- d-----w- C:\Users\Scott\AppData\Local\{9DB9C3C1-585D-4161-A3DF-186F4ED30382} 2012-05-30 13:19:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-30 13:19:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-30 05:46:00 -------- d-----w- C:\Users\Scott\AppData\Local\{729BCA00-5710-4801-B5F8-6BEE8E7E3052} 2012-05-30 05:45:32 -------- d-----w- C:\Users\Scott\AppData\Local\{9FDF9337-98AE-48E1-9DE3-46E6B258D7A2} 2012-05-29 17:44:54 -------- d-----w- C:\Users\Scott\AppData\Local\{4D740241-808B-47B2-A38C-DFEB90DDCBBB} 2012-05-29 17:43:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A293AB6A-E624-4955-8D9D-1449998001B8} 2012-05-29 05:42:37 -------- d-----w- C:\Users\Scott\AppData\Local\{F023DE7B-E034-4AE0-88B2-CB30FCB0E4DE} 2012-05-29 05:42:27 -------- d-----w- C:\Users\Scott\AppData\Local\{0890C58C-D548-4F2F-B27D-879C54D4C17C} 2012-05-28 17:42:25 -------- d-----w- C:\Users\Scott\AppData\Local\{E4D86CFA-0C91-4F59-B1A7-AEFF1DC8E6AE} 2012-05-28 17:42:00 -------- d-----w- C:\Users\Scott\AppData\Local\{F112A2CC-8421-4C04-9E3E-AA0C332AC568} 2012-05-28 05:41:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B46944E6-7901-4DE3-A19E-7C0E55171BE8} 2012-05-28 05:40:19 -------- d-----w- C:\Users\Scott\AppData\Local\{CD926C96-683F-4514-9131-B07D4C783617} 2012-05-27 17:39:04 -------- d-----w- C:\Users\Scott\AppData\Local\{BA71E710-B902-41AF-B919-E22EB2ECCB38} 2012-05-27 17:38:31 -------- d-----w- C:\Users\Scott\AppData\Local\{3CA7194B-796F-492E-890A-FB1E5C14A01D} 2012-05-27 05:38:02 -------- d-----w- C:\Users\Scott\AppData\Local\{6F240847-821A-42E8-AD4D-F41FAE6F629A} 2012-05-27 05:37:28 -------- d-----w- C:\Users\Scott\AppData\Local\{DB952665-DDF3-4378-BE0B-E097FAAF577F} 2012-05-26 17:36:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B80B225D-1337-4843-AF9E-576DCA2CFF1B} 2012-05-26 17:36:04 -------- d-----w- C:\Users\Scott\AppData\Local\{20E768A2-5116-4F52-84A7-2E10F93061A4} 2012-05-26 05:35:05 -------- d-----w- C:\Users\Scott\AppData\Local\{AEBD821D-A9EB-4002-BF2D-902797CB93A7} 2012-05-26 05:34:58 -------- d-----w- C:\Users\Scott\AppData\Local\{F1A13E5C-6DA6-4AAD-8A75-69D789EA072C} 2012-05-25 17:34:32 -------- d-----w- C:\Users\Scott\AppData\Local\{D85B6C9B-C80B-4D26-AEED-D8C25139182F} 2012-05-25 17:34:29 -------- d-----w- C:\Users\Scott\AppData\Local\{B44A83E9-A784-459A-9E65-A2C413F972C5} 2012-05-25 05:33:57 -------- d-----w- C:\Users\Scott\AppData\Local\{1C8391EE-ED3A-4F38-B60D-DA4D1F81F137} 2012-05-25 05:33:05 -------- d-----w- C:\Users\Scott\AppData\Local\{CD48811E-F2A0-447F-9E55-DEC47C766A93} 2012-05-24 17:06:55 -------- d-----w- C:\Users\Scott\AppData\Local\{73F1FF57-E7F9-4AD3-9043-1632FC6C0D6A} 2012-05-24 17:05:51 -------- d-----w- C:\Users\Scott\AppData\Local\{D4AA4094-17D6-4C05-9961-78DA12D53863} 2012-05-24 05:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{50E479EE-AB33-47AD-A650-F3CF525BEB19} 2012-05-24 05:03:09 -------- d-----w- C:\Users\Scott\AppData\Local\{0B7CD0D0-8565-4F74-9E12-E2254552EC8F} 2012-05-23 14:02:00 -------- d-----w- C:\Users\Scott\AppData\Local\{E6FBDF86-5507-4551-A9CD-F2FFE76DF81D} 2012-05-23 14:01:56 -------- d-----w- C:\Users\Scott\AppData\Local\{06AEC37A-2F6E-490B-8712-C8A185026FE5} 2012-05-22 22:38:27 -------- d-----w- C:\Users\Scott\AppData\Local\{3BA6661D-3AC1-4B28-8022-F10B01D559D0} 2012-05-22 22:37:33 -------- d-----w- C:\Users\Scott\AppData\Local\{E28D6063-AF1A-4CC3-BA45-511442F61EDC} 2012-05-22 10:37:31 -------- d-----w- C:\Users\Scott\AppData\Local\{28DA9D53-2DE3-4281-A3A6-2738F8EC00B7} 2012-05-22 10:37:30 -------- d-----w- C:\Users\Scott\AppData\Local\{0E01A5B3-16F1-47F1-925D-D9FD3E313FC0} 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-21 22:36:30 -------- d-----w- C:\Users\Scott\AppData\Local\{24BA3F2C-6E22-49B2-9143-BF3D53F3EF2C} 2012-05-21 22:36:08 -------- d-----w- C:\Users\Scott\AppData\Local\{C0674A10-8B91-4C49-AC2E-73612A5CB755} 2012-05-18 18:08:23 -------- d-----w- C:\Users\Scott\AppData\Local\{D11E18E9-5393-4638-9247-0E7648B5BED5} 2012-05-18 18:07:08 -------- d-----w- C:\Users\Scott\AppData\Local\{E8B5D218-4BE5-4BFB-AA22-8E5CD36C090C} . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 19:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 23:28:08.40 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 15/04/2010 10:16:32 AM System Uptime: 16/06/2012 10:12:25 PM (1 hours ago) . Motherboard: Gateway | | H57M01 Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 914 GiB total, 735.444 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP288: 04/06/2012 3:00:12 AM - Windows Update RP289: 08/06/2012 4:35:10 AM - Windows Update RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32 RP291: 13/06/2012 4:33:00 PM - Windows Update RP292: 14/06/2012 3:00:12 AM - Windows Update RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33 . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Advertising Center AMD DnD V1.0.19 Apple Application Support Apple Software Update Babylon toolbar on IE Backup Manager Advance BufferChm C4700 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catan - Cities and Knights Catan Online World ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system D3DX10 Destinations DeviceDiscovery Dropbox eBay Worldwide EPS Viewer Gateway Games Gateway InfoCentre Gateway MyBackup Gateway Photo Frame 4.2.3.10 Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Photo Creations HP Update HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller Identity Card ImagXpress Intel® Management Engine Components Java Auto Updater Java 6 Update 33 JMicron JMB36X Driver Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch Microsoft Office Click-to-Run 2010 Microsoft Office Home and Student 2010 - English Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Suite Activation Assistant Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml PS_AIO_06_C4700_SW_Min QuickTime QuickTransfer Realtek High Definition Audio Driver RoE Power Tools Safari Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Sid Meier's Civilization 4 Complete Sid Meier's Civilization IV Colonization Skype Click to Call Skype™ 5.8 SmartWebPrinting SolutionCenter Star Wars: The Old Republic StarCraft II Status Toolbox TrayApp TurboTax 2010 TurboTax 2011 TurboTax Business Incorporated 2011 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 16/06/2012 4:05:05 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 16/06/2012 11:55:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 16/06/2012 11:06:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 16/06/2012 11:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 16/06/2012 11:05:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 15/06/2012 5:59:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. . ==== End Of File ===========================

I am getting outgoing block pop-ups from my pro version of Malwarebytes every few seconds to a few IPs. I followed the instructions for creating a DDS log and here it is.... please form any responses in a way a 5 year old would understand as I am a relative luddite when it comes to this stuff. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 15/04/2010 10:16:32 AM System Uptime: 16/06/2012 12:29:29 PM (1 hours ago) . Motherboard: Gateway | | H57M01 Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 914 GiB total, 736.867 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP288: 04/06/2012 3:00:12 AM - Windows Update RP289: 08/06/2012 4:35:10 AM - Windows Update RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32 RP291: 13/06/2012 4:33:00 PM - Windows Update RP292: 14/06/2012 3:00:12 AM - Windows Update RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33 . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Advertising Center AMD DnD V1.0.19 Apple Application Support Apple Software Update Babylon toolbar on IE Backup Manager Advance BufferChm C4700 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catan - Cities and Knights Catan Online World ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system D3DX10 Destinations DeviceDiscovery Dropbox eBay Worldwide EPS Viewer Gateway Games Gateway InfoCentre Gateway MyBackup Gateway Photo Frame 4.2.3.10 Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Update HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller Identity Card ImagXpress Intel® Management Engine Components Java Auto Updater Java 6 Update 33 JMicron JMB36X Driver Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch Microsoft Office Click-to-Run 2010 Microsoft Office Home and Student 2010 - English Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Suite Activation Assistant Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml PS_AIO_06_C4700_SW_Min QuickTime Realtek High Definition Audio Driver RoE Power Tools Safari Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Sid Meier's Civilization 4 Complete Sid Meier's Civilization IV Colonization Skype Click to Call Skype™ 5.8 SmartWebPrinting SolutionCenter Star Wars: The Old Republic StarCraft II Status Toolbox TrayApp TurboTax 2010 TurboTax 2011 TurboTax Business Incorporated 2011 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 16/06/2012 11:55:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 16/06/2012 11:06:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 16/06/2012 11:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 16/06/2012 11:05:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 15/06/2012 5:59:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. . ==== End Of File ===========================