TiffGail
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by TiffGail
-
-
C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin\1pEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Mighty Magoo\mmagootl.dll.vir a variant of Win32/Adware.Gamevance.BE application
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\25.06.2012_00.14.39\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\Users\June\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\June\AppData\LocalLow\DictionaryBossEI\Installr\Cache\0FE9788C.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\June\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\5DA63158.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\Users\June\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe Win32/OpenCandy application
C:\Users\June\Downloads\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Users\June\Downloads\halo.exe a variant of Win32/InstallCore.Q application
-
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.06.28.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
June :: JUNE-HP [administrator]
Protection: Enabled
6/28/2012 1:16:57 AM
mbam-log-2012-06-28 (01-16-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221451
Time elapsed: 2 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e001b32e-5acb-4cce-9910-2d379ce0a6d6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\APPID\MightyMagooText.DLL (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2367&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 3
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components (PUP.MightyMagoo) -> Quarantined and deleted successfully.
Files Detected: 8
C:\Users\June\Downloads\GreenGamesAndHam_UnlockGames.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\June\Downloads\Irfanview_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome.manifest (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\install.rdf (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Users\June\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.xpt (PUP.MightyMagoo) -> Quarantined and deleted successfully.
C:\Windows\svchost(184).exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)
HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:19 AM, on 6/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\June\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: FCTBPos00Pos - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO_PROJECT - {9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11608 bytes
Comptuer is doing great.
-
ComboFix 12-06-27.01 - June 06/27/2012 18:04:38.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2658 [GMT -4:00]
Running from: c:\users\June\Downloads\ComboFix.exe
Command switches used :: c:\users\June\Desktop\CFScript.lnk
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-27 16:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1633D531-C6C7-4A6E-9A21-5FC49DF3AEF5}\mpengine.dll
2012-06-27 15:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 04:09 . 2012-06-27 04:09 -------- d-----w- c:\users\June\AppData\Roaming\NewspaperDirect
2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer
2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer
2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod
2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour
2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple
2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec
2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery
2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs
2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files
2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon
2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games
2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab
2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent
2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer
2012-05-30 01:06 . 2012-06-27 04:15 -------- d-----w- c:\program files (x86)\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_03.36.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-03 10:28 . 2012-06-27 21:47 60762 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 21:47 43140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-04 14:27 . 2012-06-27 21:47 13816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1758543969-522351655-1275309373-1000_UserData.bin
- 2009-07-14 05:30 . 2012-06-07 01:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-12-04 13:13 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 13:13 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 13:13 . 2012-06-25 02:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-04 13:13 . 2012-06-27 16:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 16:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-27 14:48 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-25 03:54 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-27 03:35 . 2012-06-27 03:35 3623 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-12-06 08:33 . 2012-06-27 21:45 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 22:09 . 2012-06-27 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 03:36 . 2012-06-27 03:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-04 02:34 . 2012-06-27 20:36 314052 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-27 21:50 662860 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-26 13:36 662860 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 21:50 122430 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-26 13:36 122430 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-06-27 04:12 279360 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-07 01:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-27 04:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-12-04 02:43 . 2012-06-27 21:11 695328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-27 22:09 232380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-11 08:01 . 2010-11-11 08:01 1212416 c:\windows\system32\DriverStore\FileRepository\a323at_x64.inf_amd64_neutral_32d6ab48cec35d83\AVerAVF2.sys
+ 2009-07-14 04:45 . 2012-06-27 04:15 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-25 03:27 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-04 02:43 . 2012-06-27 22:09 6197240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-8192.dat
+ 2011-09-07 22:26 . 2012-06-27 04:11 1455124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1758543969-522351655-1275309373-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880]
.
[HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}]
2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.insightbb.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-27 18:15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 22:15
ComboFix2.txt 2012-06-27 21:24
ComboFix3.txt 2012-06-27 03:42
.
Pre-Run: 917,663,649,792 bytes free
Post-Run: 917,588,402,176 bytes free
.
- - End Of File - - 7453F0F2E801C68977F19E01B21CD856
Computer is doing great.
-
I had no problems running the programs.
TDSSKILLER
10:55:18.0075 3536 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:55:18.0356 3536 ============================================================
10:55:18.0356 3536 Current date / time: 2012/06/27 10:55:18.0356
10:55:18.0356 3536 SystemInfo:
10:55:18.0356 3536
10:55:18.0356 3536 OS Version: 6.1.7601 ServicePack: 1.0
10:55:18.0356 3536 Product type: Workstation
10:55:18.0356 3536 ComputerName: JUNE-HP
10:55:18.0356 3536 UserName: June
10:55:18.0356 3536 Windows directory: C:\Windows
10:55:18.0356 3536 System windows directory: C:\Windows
10:55:18.0356 3536 Running under WOW64
10:55:18.0356 3536 Processor architecture: Intel x64
10:55:18.0356 3536 Number of processors: 2
10:55:18.0356 3536 Page size: 0x1000
10:55:18.0356 3536 Boot type: Normal boot
10:55:18.0356 3536 ============================================================
10:55:19.0511 3536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:55:19.0526 3536 ============================================================
10:55:19.0526 3536 \Device\Harddisk0\DR0:
10:55:19.0526 3536 MBR partitions:
10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72915800
10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72948000, BlocksNum 0x1DBE000
10:55:19.0526 3536 ============================================================
10:55:19.0542 3536 C: <-> \Device\Harddisk0\DR0\Partition1
10:55:19.0589 3536 D: <-> \Device\Harddisk0\DR0\Partition2
10:55:19.0589 3536 ============================================================
10:55:19.0589 3536 Initialize success
10:55:19.0589 3536 ============================================================
10:55:20.0681 1200 ============================================================
10:55:20.0681 1200 Scan started
10:55:20.0681 1200 Mode: Manual;
10:55:20.0681 1200 ============================================================
10:55:21.0741 1200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:55:21.0741 1200 1394ohci - ok
10:55:21.0788 1200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:55:21.0788 1200 ACPI - ok
10:55:21.0819 1200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:55:21.0819 1200 AcpiPmi - ok
10:55:21.0913 1200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:21.0913 1200 AdobeARMservice - ok
10:55:21.0975 1200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:55:21.0975 1200 adp94xx - ok
10:55:22.0007 1200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:55:22.0007 1200 adpahci - ok
10:55:22.0022 1200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:55:22.0022 1200 adpu320 - ok
10:55:22.0069 1200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:55:22.0069 1200 AeLookupSvc - ok
10:55:22.0131 1200 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
10:55:22.0131 1200 AERTFilters - ok
10:55:22.0194 1200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:55:22.0209 1200 AFD - ok
10:55:22.0225 1200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:55:22.0225 1200 agp440 - ok
10:55:22.0241 1200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:55:22.0241 1200 ALG - ok
10:55:22.0256 1200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:55:22.0256 1200 aliide - ok
10:55:22.0287 1200 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
10:55:22.0287 1200 AMD External Events Utility - ok
10:55:22.0319 1200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:55:22.0319 1200 amdide - ok
10:55:22.0334 1200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:55:22.0334 1200 AmdK8 - ok
10:55:22.0693 1200 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:22.0724 1200 amdkmdag - ok
10:55:22.0802 1200 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
10:55:22.0802 1200 amdkmdap - ok
10:55:22.0818 1200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:55:22.0818 1200 AmdPPM - ok
10:55:22.0849 1200 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
10:55:22.0849 1200 amdsata - ok
10:55:22.0865 1200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:55:22.0865 1200 amdsbs - ok
10:55:22.0880 1200 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
10:55:22.0880 1200 amdxata - ok
10:55:22.0911 1200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:55:22.0911 1200 AppID - ok
10:55:22.0927 1200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:55:22.0927 1200 AppIDSvc - ok
10:55:22.0974 1200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:55:22.0974 1200 Appinfo - ok
10:55:22.0989 1200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:55:22.0989 1200 arc - ok
10:55:23.0005 1200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:55:23.0005 1200 arcsas - ok
10:55:23.0083 1200 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:55:23.0083 1200 aspnet_state - ok
10:55:23.0114 1200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:55:23.0114 1200 AsyncMac - ok
10:55:23.0130 1200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:55:23.0145 1200 atapi - ok
10:55:23.0177 1200 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
10:55:23.0177 1200 AtiPcie - ok
10:55:23.0239 1200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:55:23.0255 1200 AudioEndpointBuilder - ok
10:55:23.0255 1200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:55:23.0270 1200 AudioSrv - ok
10:55:23.0379 1200 AVerAVF2 (086cbbb45324d56aa7239046cd86149a) C:\Windows\system32\DRIVERS\AVerAVF2.sys
10:55:23.0395 1200 AVerAVF2 - ok
10:55:23.0442 1200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:55:23.0442 1200 AxInstSV - ok
10:55:23.0489 1200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:55:23.0489 1200 b06bdrv - ok
10:55:23.0520 1200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:55:23.0520 1200 b57nd60a - ok
10:55:23.0535 1200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:55:23.0535 1200 BDESVC - ok
10:55:23.0551 1200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:55:23.0551 1200 Beep - ok
10:55:23.0645 1200 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:55:23.0660 1200 BFE - ok
10:55:23.0723 1200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:55:23.0723 1200 BITS - ok
10:55:23.0738 1200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:55:23.0738 1200 blbdrive - ok
10:55:23.0769 1200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:55:23.0769 1200 bowser - ok
10:55:23.0769 1200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:55:23.0785 1200 BrFiltLo - ok
10:55:23.0801 1200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:55:23.0801 1200 BrFiltUp - ok
10:55:23.0816 1200 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:55:23.0816 1200 BridgeMP - ok
10:55:23.0847 1200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:55:23.0847 1200 Browser - ok
10:55:23.0879 1200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:55:23.0879 1200 Brserid - ok
10:55:23.0894 1200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:55:23.0894 1200 BrSerWdm - ok
10:55:23.0910 1200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:55:23.0910 1200 BrUsbMdm - ok
10:55:23.0910 1200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:55:23.0910 1200 BrUsbSer - ok
10:55:23.0925 1200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:55:23.0925 1200 BTHMODEM - ok
10:55:23.0957 1200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:55:23.0957 1200 bthserv - ok
10:55:24.0035 1200 CalendarSynchService (28d3d9c47c1f6686f2a2edef0956166c) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
10:55:24.0035 1200 CalendarSynchService - ok
10:55:24.0050 1200 catchme - ok
10:55:24.0081 1200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:55:24.0081 1200 cdfs - ok
10:55:24.0081 1200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:55:24.0097 1200 cdrom - ok
10:55:24.0159 1200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:55:24.0159 1200 CertPropSvc - ok
10:55:24.0253 1200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:55:24.0253 1200 circlass - ok
10:55:24.0300 1200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:55:24.0300 1200 CLFS - ok
10:55:24.0362 1200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:55:24.0362 1200 clr_optimization_v2.0.50727_32 - ok
10:55:24.0409 1200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:55:24.0409 1200 clr_optimization_v2.0.50727_64 - ok
10:55:24.0456 1200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:55:24.0471 1200 clr_optimization_v4.0.30319_32 - ok
10:55:24.0518 1200 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:55:24.0518 1200 clr_optimization_v4.0.30319_64 - ok
10:55:24.0534 1200 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
10:55:24.0534 1200 clwvd - ok
10:55:24.0549 1200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:55:24.0549 1200 CmBatt - ok
10:55:24.0581 1200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:55:24.0581 1200 cmdide - ok
10:55:24.0643 1200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:55:24.0659 1200 CNG - ok
10:55:24.0690 1200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:55:24.0690 1200 Compbatt - ok
10:55:24.0705 1200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:55:24.0705 1200 CompositeBus - ok
10:55:24.0721 1200 COMSysApp - ok
10:55:24.0752 1200 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
10:55:24.0752 1200 CpqDfw - ok
10:55:24.0768 1200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:55:24.0768 1200 crcdisk - ok
10:55:24.0815 1200 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:55:24.0815 1200 CryptSvc - ok
10:55:24.0908 1200 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:55:24.0908 1200 cvhsvc - ok
10:55:25.0002 1200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:55:25.0002 1200 DcomLaunch - ok
10:55:25.0033 1200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:55:25.0049 1200 defragsvc - ok
10:55:25.0064 1200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:55:25.0064 1200 DfsC - ok
10:55:25.0142 1200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:55:25.0142 1200 Dhcp - ok
10:55:25.0158 1200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:55:25.0158 1200 discache - ok
10:55:25.0189 1200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:55:25.0189 1200 Disk - ok
10:55:25.0236 1200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:55:25.0236 1200 Dnscache - ok
10:55:25.0267 1200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:55:25.0283 1200 dot3svc - ok
10:55:25.0314 1200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:55:25.0314 1200 DPS - ok
10:55:25.0345 1200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:55:25.0345 1200 drmkaud - ok
10:55:25.0376 1200 DTSRVC (b1a72a497951217ae862117e8304f4e8) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
10:55:25.0376 1200 DTSRVC - ok
10:55:25.0470 1200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:55:25.0485 1200 DXGKrnl - ok
10:55:25.0532 1200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:55:25.0532 1200 EapHost - ok
10:55:25.0719 1200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:55:25.0735 1200 ebdrv - ok
10:55:25.0829 1200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:55:25.0829 1200 EFS - ok
10:55:25.0907 1200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:55:25.0922 1200 ehRecvr - ok
10:55:25.0953 1200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:55:25.0953 1200 ehSched - ok
10:55:26.0000 1200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:55:26.0000 1200 elxstor - ok
10:55:26.0031 1200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:55:26.0031 1200 ErrDev - ok
10:55:26.0078 1200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:55:26.0094 1200 EventSystem - ok
10:55:26.0109 1200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:55:26.0109 1200 exfat - ok
10:55:26.0141 1200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:55:26.0141 1200 fastfat - ok
10:55:26.0219 1200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:55:26.0219 1200 Fax - ok
10:55:26.0234 1200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:55:26.0234 1200 fdc - ok
10:55:26.0250 1200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:55:26.0250 1200 fdPHost - ok
10:55:26.0265 1200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:55:26.0265 1200 FDResPub - ok
10:55:26.0281 1200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:55:26.0281 1200 FileInfo - ok
10:55:26.0281 1200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:55:26.0281 1200 Filetrace - ok
10:55:26.0297 1200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:55:26.0297 1200 flpydisk - ok
10:55:26.0343 1200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:55:26.0343 1200 FltMgr - ok
10:55:26.0421 1200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:55:26.0421 1200 FontCache - ok
10:55:26.0468 1200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:55:26.0468 1200 FontCache3.0.0.0 - ok
10:55:26.0499 1200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:55:26.0499 1200 FsDepends - ok
10:55:26.0531 1200 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:55:26.0531 1200 fssfltr - ok
10:55:26.0718 1200 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:55:26.0749 1200 fsssvc - ok
10:55:26.0858 1200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:55:26.0874 1200 Fs_Rec - ok
10:55:26.0921 1200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:55:26.0921 1200 fvevol - ok
10:55:26.0936 1200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:55:26.0936 1200 gagp30kx - ok
10:55:27.0014 1200 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:55:27.0014 1200 GamesAppService - ok
10:55:27.0123 1200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:55:27.0123 1200 gpsvc - ok
10:55:27.0139 1200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:55:27.0139 1200 hcw85cir - ok
10:55:27.0201 1200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:55:27.0217 1200 HdAudAddService - ok
10:55:27.0233 1200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:55:27.0233 1200 HDAudBus - ok
10:55:27.0248 1200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:55:27.0248 1200 HidBatt - ok
10:55:27.0264 1200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:55:27.0264 1200 HidBth - ok
10:55:27.0295 1200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:55:27.0295 1200 HidIr - ok
10:55:27.0326 1200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:55:27.0326 1200 hidserv - ok
10:55:27.0326 1200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:55:27.0326 1200 HidUsb - ok
10:55:27.0357 1200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:55:27.0373 1200 hkmsvc - ok
10:55:27.0404 1200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:55:27.0404 1200 HomeGroupListener - ok
10:55:27.0435 1200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:55:27.0435 1200 HomeGroupProvider - ok
10:55:27.0482 1200 HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:55:27.0482 1200 HP Health Check Service - ok
10:55:27.0545 1200 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:55:27.0545 1200 hpqwmiex - ok
10:55:27.0560 1200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:55:27.0560 1200 HpSAMD - ok
10:55:27.0638 1200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:55:27.0638 1200 HTTP - ok
10:55:27.0669 1200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:55:27.0669 1200 hwpolicy - ok
10:55:27.0701 1200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:55:27.0701 1200 i8042prt - ok
10:55:27.0732 1200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:55:27.0732 1200 iaStorV - ok
10:55:27.0857 1200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:55:27.0872 1200 idsvc - ok
10:55:27.0888 1200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:55:27.0888 1200 iirsp - ok
10:55:27.0950 1200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:55:27.0950 1200 IKEEXT - ok
10:55:28.0106 1200 IntcAzAudAddService (1c11e5d258bc374e7fbd598d75e49b75) C:\Windows\system32\drivers\RTKVHD64.sys
10:55:28.0122 1200 IntcAzAudAddService - ok
10:55:28.0231 1200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:55:28.0231 1200 intelide - ok
10:55:28.0247 1200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:55:28.0247 1200 intelppm - ok
10:55:28.0278 1200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:55:28.0278 1200 IPBusEnum - ok
10:55:28.0309 1200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:55:28.0309 1200 IpFilterDriver - ok
10:55:28.0356 1200 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:55:28.0371 1200 iphlpsvc - ok
10:55:28.0387 1200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:55:28.0387 1200 IPMIDRV - ok
10:55:28.0403 1200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:55:28.0403 1200 IPNAT - ok
10:55:28.0403 1200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:55:28.0403 1200 IRENUM - ok
10:55:28.0418 1200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:55:28.0418 1200 isapnp - ok
10:55:28.0449 1200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:55:28.0449 1200 iScsiPrt - ok
10:55:28.0481 1200 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
10:55:28.0481 1200 itecir - ok
10:55:28.0496 1200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:55:28.0496 1200 kbdclass - ok
10:55:28.0527 1200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:55:28.0527 1200 kbdhid - ok
10:55:28.0559 1200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:55:28.0559 1200 KeyIso - ok
10:55:28.0574 1200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:55:28.0574 1200 KSecDD - ok
10:55:28.0590 1200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:55:28.0590 1200 KSecPkg - ok
10:55:28.0605 1200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:55:28.0605 1200 ksthunk - ok
10:55:28.0637 1200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:55:28.0637 1200 KtmRm - ok
10:55:28.0699 1200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:55:28.0699 1200 LanmanServer - ok
10:55:28.0746 1200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:55:28.0761 1200 LanmanWorkstation - ok
10:55:28.0808 1200 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:55:28.0808 1200 LightScribeService - ok
10:55:28.0839 1200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:55:28.0839 1200 lltdio - ok
10:55:28.0886 1200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:55:28.0902 1200 lltdsvc - ok
10:55:28.0917 1200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:55:28.0917 1200 lmhosts - ok
10:55:28.0949 1200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:55:28.0949 1200 LSI_FC - ok
10:55:28.0964 1200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:55:28.0964 1200 LSI_SAS - ok
10:55:28.0980 1200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:55:28.0980 1200 LSI_SAS2 - ok
10:55:29.0011 1200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:55:29.0011 1200 LSI_SCSI - ok
10:55:29.0011 1200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:55:29.0027 1200 luafv - ok
10:55:29.0058 1200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:55:29.0058 1200 Mcx2Svc - ok
10:55:29.0073 1200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:55:29.0073 1200 megasas - ok
10:55:29.0089 1200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:55:29.0089 1200 MegaSR - ok
10:55:29.0105 1200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:55:29.0105 1200 MMCSS - ok
10:55:29.0120 1200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:55:29.0120 1200 Modem - ok
10:55:29.0136 1200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:55:29.0136 1200 monitor - ok
10:55:29.0151 1200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:55:29.0151 1200 mouclass - ok
10:55:29.0167 1200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:55:29.0167 1200 mouhid - ok
10:55:29.0198 1200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:55:29.0198 1200 mountmgr - ok
10:55:29.0276 1200 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:55:29.0276 1200 MpFilter - ok
10:55:29.0307 1200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:55:29.0307 1200 mpio - ok
10:55:29.0323 1200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:55:29.0323 1200 mpsdrv - ok
10:55:29.0432 1200 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:55:29.0448 1200 MpsSvc - ok
10:55:29.0479 1200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:55:29.0479 1200 MRxDAV - ok
10:55:29.0510 1200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:55:29.0510 1200 mrxsmb - ok
10:55:29.0557 1200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:55:29.0557 1200 mrxsmb10 - ok
10:55:29.0573 1200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:55:29.0573 1200 mrxsmb20 - ok
10:55:29.0604 1200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:55:29.0604 1200 msahci - ok
10:55:29.0604 1200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:55:29.0604 1200 msdsm - ok
10:55:29.0619 1200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:55:29.0635 1200 MSDTC - ok
10:55:29.0651 1200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:55:29.0651 1200 Msfs - ok
10:55:29.0666 1200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:55:29.0666 1200 mshidkmdf - ok
10:55:29.0682 1200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:55:29.0682 1200 msisadrv - ok
10:55:29.0697 1200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:55:29.0697 1200 MSiSCSI - ok
10:55:29.0713 1200 msiserver - ok
10:55:29.0729 1200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:55:29.0729 1200 MSKSSRV - ok
10:55:29.0775 1200 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:55:29.0775 1200 MsMpSvc - ok
10:55:29.0807 1200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:55:29.0807 1200 MSPCLOCK - ok
10:55:29.0807 1200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:55:29.0807 1200 MSPQM - ok
10:55:29.0869 1200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:55:29.0869 1200 MsRPC - ok
10:55:29.0885 1200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:55:29.0885 1200 mssmbios - ok
10:55:29.0900 1200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:55:29.0900 1200 MSTEE - ok
10:55:29.0900 1200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:55:29.0900 1200 MTConfig - ok
10:55:29.0931 1200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:55:29.0931 1200 Mup - ok
10:55:29.0994 1200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:55:29.0994 1200 napagent - ok
10:55:30.0041 1200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:55:30.0041 1200 NativeWifiP - ok
10:55:30.0087 1200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:55:30.0087 1200 NDIS - ok
10:55:30.0119 1200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:55:30.0119 1200 NdisCap - ok
10:55:30.0134 1200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:55:30.0134 1200 NdisTapi - ok
10:55:30.0165 1200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:55:30.0165 1200 Ndisuio - ok
10:55:30.0212 1200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:55:30.0212 1200 NdisWan - ok
10:55:30.0259 1200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:55:30.0259 1200 NDProxy - ok
10:55:30.0259 1200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:55:30.0259 1200 NetBIOS - ok
10:55:30.0306 1200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:55:30.0306 1200 NetBT - ok
10:55:30.0337 1200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:55:30.0337 1200 Netlogon - ok
10:55:30.0384 1200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:55:30.0384 1200 Netman - ok
10:55:30.0493 1200 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:30.0493 1200 NetMsmqActivator - ok
10:55:30.0509 1200 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:30.0509 1200 NetPipeActivator - ok
10:55:30.0540 1200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:55:30.0540 1200 netprofm - ok
10:55:30.0633 1200 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
10:55:30.0649 1200 netr28x - ok
10:55:30.0696 1200 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:30.0711 1200 NetTcpActivator - ok
10:55:30.0711 1200 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:30.0711 1200 NetTcpPortSharing - ok
10:55:30.0758 1200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:55:30.0758 1200 nfrd960 - ok
10:55:30.0789 1200 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:55:30.0805 1200 NisDrv - ok
10:55:30.0836 1200 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:55:30.0836 1200 NisSrv - ok
10:55:30.0867 1200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:55:30.0867 1200 NlaSvc - ok
10:55:30.0883 1200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:55:30.0883 1200 Npfs - ok
10:55:30.0899 1200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:55:30.0899 1200 nsi - ok
10:55:30.0899 1200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:55:30.0899 1200 nsiproxy - ok
10:55:31.0055 1200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:55:31.0070 1200 Ntfs - ok
10:55:31.0133 1200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:55:31.0133 1200 Null - ok
10:55:31.0148 1200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:55:31.0148 1200 nvraid - ok
10:55:31.0164 1200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:55:31.0164 1200 nvstor - ok
10:55:31.0195 1200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:55:31.0195 1200 nv_agp - ok
10:55:31.0211 1200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:55:31.0211 1200 ohci1394 - ok
10:55:31.0273 1200 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:55:31.0273 1200 ose - ok
10:55:31.0632 1200 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:55:31.0663 1200 osppsvc - ok
10:55:31.0725 1200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:55:31.0725 1200 p2pimsvc - ok
10:55:31.0757 1200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:55:31.0772 1200 p2psvc - ok
10:55:31.0788 1200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:55:31.0788 1200 Parport - ok
10:55:31.0819 1200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:55:31.0819 1200 partmgr - ok
10:55:31.0850 1200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:55:31.0850 1200 PcaSvc - ok
10:55:31.0897 1200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:55:31.0897 1200 pci - ok
10:55:31.0913 1200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:55:31.0913 1200 pciide - ok
10:55:31.0944 1200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:55:31.0944 1200 pcmcia - ok
10:55:31.0959 1200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:55:31.0959 1200 pcw - ok
10:55:31.0975 1200 pdfcDispatcher - ok
10:55:32.0006 1200 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
10:55:32.0006 1200 PdiService - ok
10:55:32.0053 1200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:55:32.0069 1200 PEAUTH - ok
10:55:32.0115 1200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:55:32.0115 1200 PerfHost - ok
10:55:32.0225 1200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:55:32.0225 1200 pla - ok
10:55:32.0287 1200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:55:32.0303 1200 PlugPlay - ok
10:55:32.0318 1200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:55:32.0318 1200 PNRPAutoReg - ok
10:55:32.0349 1200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:55:32.0349 1200 PNRPsvc - ok
10:55:32.0396 1200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:55:32.0396 1200 PolicyAgent - ok
10:55:32.0443 1200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:55:32.0443 1200 Power - ok
10:55:32.0490 1200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:55:32.0490 1200 PptpMiniport - ok
10:55:32.0505 1200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:55:32.0505 1200 Processor - ok
10:55:32.0552 1200 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:55:32.0552 1200 ProfSvc - ok
10:55:32.0583 1200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:55:32.0583 1200 ProtectedStorage - ok
10:55:32.0615 1200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:55:32.0615 1200 Psched - ok
10:55:32.0661 1200 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:55:32.0661 1200 PSI_SVC_2 - ok
10:55:32.0802 1200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:55:32.0817 1200 ql2300 - ok
10:55:32.0895 1200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:55:32.0895 1200 ql40xx - ok
10:55:32.0927 1200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:55:32.0927 1200 QWAVE - ok
10:55:32.0942 1200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:55:32.0942 1200 QWAVEdrv - ok
10:55:32.0942 1200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:55:32.0942 1200 RasAcd - ok
10:55:32.0958 1200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:55:32.0958 1200 RasAgileVpn - ok
10:55:32.0973 1200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:55:32.0973 1200 RasAuto - ok
10:55:33.0005 1200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:55:33.0005 1200 Rasl2tp - ok
10:55:33.0067 1200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:55:33.0067 1200 RasMan - ok
10:55:33.0098 1200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:55:33.0098 1200 RasPppoe - ok
10:55:33.0114 1200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:55:33.0114 1200 RasSstp - ok
10:55:33.0145 1200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:55:33.0145 1200 rdbss - ok
10:55:33.0176 1200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:55:33.0176 1200 rdpbus - ok
10:55:33.0192 1200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:55:33.0192 1200 RDPCDD - ok
10:55:33.0207 1200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:55:33.0207 1200 RDPENCDD - ok
10:55:33.0223 1200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:55:33.0223 1200 RDPREFMP - ok
10:55:33.0270 1200 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:55:33.0270 1200 RDPWD - ok
10:55:33.0317 1200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:55:33.0317 1200 rdyboost - ok
10:55:33.0332 1200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:55:33.0332 1200 RemoteAccess - ok
10:55:33.0348 1200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:55:33.0348 1200 RemoteRegistry - ok
10:55:33.0363 1200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:55:33.0363 1200 RpcEptMapper - ok
10:55:33.0379 1200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:55:33.0379 1200 RpcLocator - ok
10:55:33.0426 1200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:55:33.0441 1200 RpcSs - ok
10:55:33.0441 1200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:55:33.0441 1200 rspndr - ok
10:55:33.0504 1200 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:55:33.0504 1200 RTL8167 - ok
10:55:33.0519 1200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:55:33.0519 1200 SamSs - ok
10:55:33.0551 1200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:55:33.0551 1200 sbp2port - ok
10:55:33.0566 1200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:55:33.0566 1200 SCardSvr - ok
10:55:33.0597 1200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:55:33.0597 1200 scfilter - ok
10:55:33.0707 1200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:55:33.0722 1200 Schedule - ok
10:55:33.0769 1200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:55:33.0769 1200 SCPolicySvc - ok
10:55:33.0800 1200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:55:33.0816 1200 SDRSVC - ok
10:55:33.0816 1200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:55:33.0816 1200 secdrv - ok
10:55:33.0847 1200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:55:33.0847 1200 seclogon - ok
10:55:33.0863 1200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:55:33.0863 1200 SENS - ok
10:55:33.0878 1200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:55:33.0878 1200 SensrSvc - ok
10:55:33.0909 1200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:55:33.0909 1200 Serenum - ok
10:55:33.0925 1200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:55:33.0925 1200 Serial - ok
10:55:33.0941 1200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:55:33.0941 1200 sermouse - ok
10:55:33.0987 1200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:55:33.0987 1200 SessionEnv - ok
10:55:34.0019 1200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:55:34.0019 1200 sffdisk - ok
10:55:34.0019 1200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:55:34.0019 1200 sffp_mmc - ok
10:55:34.0034 1200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:55:34.0034 1200 sffp_sd - ok
10:55:34.0050 1200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:55:34.0050 1200 sfloppy - ok
10:55:34.0128 1200 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:55:34.0143 1200 Sftfs - ok
10:55:34.0237 1200 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:55:34.0237 1200 sftlist - ok
10:55:34.0487 1200 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:55:34.0502 1200 Sftplay - ok
10:55:34.0533 1200 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:55:34.0533 1200 Sftredir - ok
10:55:34.0549 1200 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:55:34.0549 1200 Sftvol - ok
10:55:34.0565 1200 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:55:34.0565 1200 sftvsa - ok
10:55:34.0596 1200 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:55:34.0611 1200 SharedAccess - ok
10:55:34.0658 1200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:55:34.0674 1200 ShellHWDetection - ok
10:55:34.0721 1200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:55:34.0721 1200 SiSRaid2 - ok
10:55:34.0736 1200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:55:34.0736 1200 SiSRaid4 - ok
10:55:34.0799 1200 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:55:34.0799 1200 SkypeUpdate - ok
10:55:34.0830 1200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:55:34.0830 1200 Smb - ok
10:55:34.0861 1200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:55:34.0861 1200 SNMPTRAP - ok
10:55:34.0877 1200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:55:34.0877 1200 spldr - ok
10:55:34.0923 1200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:55:34.0923 1200 Spooler - ok
10:55:35.0111 1200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:55:35.0126 1200 sppsvc - ok
10:55:35.0204 1200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:55:35.0204 1200 sppuinotify - ok
10:55:35.0282 1200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:55:35.0298 1200 srv - ok
10:55:35.0329 1200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:55:35.0329 1200 srv2 - ok
10:55:35.0345 1200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:55:35.0360 1200 srvnet - ok
10:55:35.0391 1200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:55:35.0407 1200 SSDPSRV - ok
10:55:35.0423 1200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:55:35.0423 1200 SstpSvc - ok
10:55:35.0438 1200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:55:35.0438 1200 stexstor - ok
10:55:35.0501 1200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:55:35.0501 1200 stisvc - ok
10:55:35.0532 1200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:55:35.0532 1200 swenum - ok
10:55:35.0579 1200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:55:35.0594 1200 swprv - ok
10:55:35.0719 1200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:55:35.0735 1200 SysMain - ok
10:55:35.0813 1200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:55:35.0813 1200 TabletInputService - ok
10:55:35.0875 1200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:55:35.0891 1200 TapiSrv - ok
10:55:35.0906 1200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:55:35.0906 1200 TBS - ok
10:55:36.0047 1200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:55:36.0047 1200 Tcpip - ok
10:55:36.0187 1200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:55:36.0187 1200 TCPIP6 - ok
10:55:36.0265 1200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:55:36.0265 1200 tcpipreg - ok
10:55:36.0281 1200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:55:36.0281 1200 TDPIPE - ok
10:55:36.0312 1200 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:55:36.0312 1200 TDTCP - ok
10:55:36.0343 1200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:55:36.0343 1200 tdx - ok
10:55:36.0359 1200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:55:36.0359 1200 TermDD - ok
10:55:36.0405 1200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:55:36.0405 1200 TermService - ok
10:55:36.0421 1200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:55:36.0421 1200 Themes - ok
10:55:36.0437 1200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:55:36.0437 1200 THREADORDER - ok
10:55:36.0468 1200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:55:36.0468 1200 TrkWks - ok
10:55:36.0515 1200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:55:36.0515 1200 TrustedInstaller - ok
10:55:36.0561 1200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:55:36.0577 1200 tssecsrv - ok
10:55:36.0608 1200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:55:36.0608 1200 TsUsbFlt - ok
10:55:36.0655 1200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:55:36.0655 1200 tunnel - ok
10:55:36.0671 1200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:55:36.0671 1200 uagp35 - ok
10:55:36.0717 1200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:55:36.0717 1200 udfs - ok
10:55:36.0764 1200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:55:36.0764 1200 UI0Detect - ok
10:55:36.0780 1200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:55:36.0795 1200 uliagpkx - ok
10:55:36.0842 1200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:55:36.0842 1200 umbus - ok
10:55:36.0858 1200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:55:36.0858 1200 UmPass - ok
10:55:36.0905 1200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:55:36.0905 1200 upnphost - ok
10:55:36.0920 1200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:55:36.0920 1200 usbccgp - ok
10:55:36.0967 1200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:55:36.0983 1200 usbcir - ok
10:55:36.0998 1200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:55:36.0998 1200 usbehci - ok
10:55:37.0029 1200 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:55:37.0029 1200 usbfilter - ok
10:55:37.0061 1200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:55:37.0061 1200 usbhub - ok
10:55:37.0076 1200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:55:37.0092 1200 usbohci - ok
10:55:37.0107 1200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:55:37.0107 1200 usbprint - ok
10:55:37.0154 1200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:55:37.0154 1200 usbscan - ok
10:55:37.0185 1200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:55:37.0185 1200 USBSTOR - ok
10:55:37.0201 1200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:55:37.0201 1200 usbuhci - ok
10:55:37.0217 1200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:55:37.0217 1200 usbvideo - ok
10:55:37.0232 1200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:55:37.0232 1200 UxSms - ok
10:55:37.0263 1200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:55:37.0263 1200 VaultSvc - ok
10:55:37.0279 1200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:55:37.0279 1200 vdrvroot - ok
10:55:37.0326 1200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:55:37.0326 1200 vds - ok
10:55:37.0341 1200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:55:37.0341 1200 vga - ok
10:55:37.0341 1200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:55:37.0341 1200 VgaSave - ok
10:55:37.0373 1200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:55:37.0373 1200 vhdmp - ok
10:55:37.0388 1200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:55:37.0404 1200 viaide - ok
10:55:37.0419 1200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:55:37.0419 1200 volmgr - ok
10:55:37.0466 1200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:55:37.0466 1200 volmgrx - ok
10:55:37.0497 1200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:55:37.0497 1200 volsnap - ok
10:55:37.0529 1200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:55:37.0529 1200 vsmraid - ok
10:55:37.0685 1200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:55:37.0700 1200 VSS - ok
10:55:37.0794 1200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:55:37.0809 1200 vwifibus - ok
10:55:37.0825 1200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:55:37.0825 1200 vwififlt - ok
10:55:37.0856 1200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:55:37.0856 1200 W32Time - ok
10:55:37.0887 1200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:55:37.0887 1200 WacomPen - ok
10:55:37.0903 1200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:55:37.0903 1200 WANARP - ok
10:55:37.0919 1200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:55:37.0919 1200 Wanarpv6 - ok
10:55:38.0043 1200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:55:38.0059 1200 WatAdminSvc - ok
10:55:38.0153 1200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:55:38.0168 1200 wbengine - ok
10:55:38.0215 1200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:55:38.0215 1200 WbioSrvc - ok
10:55:38.0277 1200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:55:38.0277 1200 wcncsvc - ok
10:55:38.0293 1200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:55:38.0293 1200 WcsPlugInService - ok
10:55:38.0309 1200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:55:38.0309 1200 Wd - ok
10:55:38.0355 1200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:55:38.0355 1200 Wdf01000 - ok
10:55:38.0371 1200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:55:38.0371 1200 WdiServiceHost - ok
10:55:38.0387 1200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:55:38.0387 1200 WdiSystemHost - ok
10:55:38.0418 1200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:55:38.0433 1200 WebClient - ok
10:55:38.0449 1200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:55:38.0449 1200 Wecsvc - ok
10:55:38.0465 1200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:55:38.0465 1200 wercplsupport - ok
10:55:38.0480 1200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:55:38.0480 1200 WerSvc - ok
10:55:38.0496 1200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:55:38.0496 1200 WfpLwf - ok
10:55:38.0511 1200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:55:38.0511 1200 WIMMount - ok
10:55:38.0527 1200 WinDefend - ok
10:55:38.0543 1200 WinHttpAutoProxySvc - ok
10:55:38.0605 1200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:55:38.0605 1200 Winmgmt - ok
10:55:38.0761 1200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:55:38.0777 1200 WinRM - ok
10:55:38.0823 1200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:55:38.0823 1200 WinUsb - ok
10:55:38.0886 1200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:55:38.0886 1200 Wlansvc - ok
10:55:38.0948 1200 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:55:38.0948 1200 wlcrasvc - ok
10:55:39.0167 1200 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:55:39.0167 1200 wlidsvc - ok
10:55:39.0245 1200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:55:39.0245 1200 WmiAcpi - ok
10:55:39.0276 1200 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:55:39.0276 1200 wmiApSrv - ok
10:55:39.0307 1200 WMPNetworkSvc - ok
10:55:39.0307 1200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:55:39.0323 1200 WPCSvc - ok
10:55:39.0338 1200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:55:39.0338 1200 WPDBusEnum - ok
10:55:39.0354 1200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:55:39.0354 1200 ws2ifsl - ok
10:55:39.0385 1200 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:55:39.0385 1200 wscsvc - ok
10:55:39.0385 1200 WSearch - ok
10:55:39.0557 1200 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:55:39.0572 1200 wuauserv - ok
10:55:39.0635 1200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:55:39.0635 1200 WudfPf - ok
10:55:39.0650 1200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:55:39.0666 1200 WUDFRd - ok
10:55:39.0681 1200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:55:39.0697 1200 wudfsvc - ok
10:55:39.0697 1200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:55:39.0713 1200 WwanSvc - ok
10:55:39.0744 1200 MBR (0x1B8) (e62d1f7a164f13bb434daf9173afb16b) \Device\Harddisk0\DR0
10:55:40.0025 1200 \Device\Harddisk0\DR0 - ok
10:55:40.0040 1200 Boot (0x1200) (1a6501080d7111e2df229062b3312adf) \Device\Harddisk0\DR0\Partition0
10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition0 - ok
10:55:40.0040 1200 Boot (0x1200) (7e17c48520d17e5ad06e0499b297a32a) \Device\Harddisk0\DR0\Partition1
10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition1 - ok
10:55:40.0071 1200 Boot (0x1200) (b5f145794c9b417a00d6cd0a4de1c5c2) \Device\Harddisk0\DR0\Partition2
10:55:40.0071 1200 \Device\Harddisk0\DR0\Partition2 - ok
10:55:40.0071 1200 ============================================================
10:55:40.0071 1200 Scan finished
10:55:40.0071 1200 ============================================================
10:55:40.0087 4844 Detected object count: 0
10:55:40.0087 4844 Actual detected object count: 0
ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 10:49:48
-----------------------------
10:49:48.924 OS Version: Windows x64 6.1.7601 Service Pack 1
10:49:48.924 Number of processors: 2 586 0x603
10:49:48.924 ComputerName: JUNE-HP UserName: June
10:49:50.577 Initialize success
10:51:39.263 AVAST engine defs: 12062700
10:52:11.898 The log file has been saved successfully to "C:\Users\June\Documents\aswMBR.txt"
-
ComboFix 12-06-26.02 - June 06/26/2012 23:28:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2479 [GMT -4:00]
Running from: c:\users\June\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DictionaryBossEI
c:\program files (x86)\FunWebProducts
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files (x86)\Mighty Magoo
c:\program files (x86)\Mighty Magoo\ars.cfg
c:\program files (x86)\Mighty Magoo\icon.ico
c:\program files (x86)\Mighty Magoo\mmagootl.dll
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\ShopToWin.exe
c:\program files (x86)\Shop to Win\unins000.exe
c:\programdata\308007g1s132n444o284o2iin6y7
c:\users\June\AppData\Roaming\Anti-Malware Lab
c:\users\June\AppData\Roaming\Anti-Malware Lab\Instructions.ini
c:\users\June\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anti-Malware Lab.lnk
c:\users\June\AppData\Roaming\PriceGong
c:\users\June\AppData\Roaming\PriceGong\Data\1.xml
c:\users\June\AppData\Roaming\PriceGong\Data\a.xml
c:\users\June\AppData\Roaming\PriceGong\Data\b.xml
c:\users\June\AppData\Roaming\PriceGong\Data\c.xml
c:\users\June\AppData\Roaming\PriceGong\Data\d.xml
c:\users\June\AppData\Roaming\PriceGong\Data\e.xml
c:\users\June\AppData\Roaming\PriceGong\Data\f.xml
c:\users\June\AppData\Roaming\PriceGong\Data\g.xml
c:\users\June\AppData\Roaming\PriceGong\Data\h.xml
c:\users\June\AppData\Roaming\PriceGong\Data\i.xml
c:\users\June\AppData\Roaming\PriceGong\Data\j.xml
c:\users\June\AppData\Roaming\PriceGong\Data\k.xml
c:\users\June\AppData\Roaming\PriceGong\Data\l.xml
c:\users\June\AppData\Roaming\PriceGong\Data\m.xml
c:\users\June\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\June\AppData\Roaming\PriceGong\Data\n.xml
c:\users\June\AppData\Roaming\PriceGong\Data\o.xml
c:\users\June\AppData\Roaming\PriceGong\Data\p.xml
c:\users\June\AppData\Roaming\PriceGong\Data\q.xml
c:\users\June\AppData\Roaming\PriceGong\Data\r.xml
c:\users\June\AppData\Roaming\PriceGong\Data\s.xml
c:\users\June\AppData\Roaming\PriceGong\Data\t.xml
c:\users\June\AppData\Roaming\PriceGong\Data\u.xml
c:\users\June\AppData\Roaming\PriceGong\Data\v.xml
c:\users\June\AppData\Roaming\PriceGong\Data\w.xml
c:\users\June\AppData\Roaming\PriceGong\Data\x.xml
c:\users\June\AppData\Roaming\PriceGong\Data\y.xml
c:\users\June\AppData\Roaming\PriceGong\Data\z.xml
c:\users\June\Desktop\Anti-Malware Lab.lnk
c:\users\June\Documents\ShopToWin
c:\windows\svchost.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 13:42 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll
2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer
2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer
2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod
2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour
2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple
2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec
2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery
2012-06-06 14:58 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\SuperFish
2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs
2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files
2012-06-06 14:52 . 2012-06-06 14:52 -------- d-----w- c:\program files (x86)\Funmoods
2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon
2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon
2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games
2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab
2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent
2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer
2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Common Files\Kodak
2012-05-30 01:06 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Kodak
2012-05-28 19:26 . 2012-05-28 19:26 -------- d-----w- c:\program files (x86)\IrfanView
2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\PriceGong
2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Shop to Win 29
2012-05-28 19:25 . 2012-05-28 19:25 -------- d-----w- c:\program files (x86)\OApps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880]
.
[HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}]
2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Recipe Hub Search Scope Monitor"="c:\progra~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" [2011-10-31 38440]
"RecipeHub_2j Browser Plugin Loader"="c:\progra~2\RECIPE~2\bar\1.bin\2jbrmon.exe" [2011-10-31 30096]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 RecipeHub_2jService;Recipe HubService;c:\progra~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.insightbb.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SuperFish\Superfish.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{8413196d-e290-4418-b5c6-a3b1379a909c} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe
WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{06BA1354-9686-4136-B2F2-99CE8B1C2F18}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-26 23:42:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 03:42
.
Pre-Run: 915,164,041,216 bytes free
Post-Run: 915,949,461,504 bytes free
.
- - End Of File - - C33CBBEA5B99F7799549C321AE1A665A
I did not have any problems at all..
& the computer is doing GREAT!!
-
Nevermind I just seen the last note.. I am sorry..
-
After I ran the program.. My computer booted back up.. And now I cannot get on my internet.. It deleted it.. I can't even get on my anti virus program.. What happened!?!? I am using my phone to reply back.. How do I get my internet to open back up?? That program deleted it.. It says "illegal operation attempted on a registry key that has been marked for deletion." But I do believe the spyware is gone.. How do I get my internet back!?
-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by June at 10:17:38 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2303 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.insightbb.com/
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Shop to Win: {5abd6c72-ffd7-b634-a92b-d77d5960e009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
BHO: Superfish: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SuperFish\Superfish.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VideoFileDownload: {9194649f-7143-4308-90c1-d6a35b0e354e} - C:\Program Files (x86)\OApps\bho_project.dll
BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h
mRun: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SuperFish\Superfish.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{817F7676-B2EF-46C7-8D49-265CE9F30C90} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C972CA1-E083-4FFB-8137-3846DBC9E974} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Shop to Win: {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Superfish: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SuperFish\Superfish.dll
BHO-X64: Superfish - No File
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Mighty Magoo Text: {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll
BHO-X64: Mighty Magoo Text - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h
mRun-x64: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-5 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-7-14 22072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-10-5 109168]
R2 RecipeHub_2jService;Recipe HubService;C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 13:42:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll
2012-06-25 07:22:57 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-06-25 04:16:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 02:59:35 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 02:52:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 02:52:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 02:51:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 02:51:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 02:48:25 20480 ----a-w- C:\Windows\svchost.exe
2012-06-25 02:04:06 20480 ----a-w- C:\Windows\svchost(184).exe
2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4F00.tmp
2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4E72.tmp.dat
2012-06-20 21:17:52 -------- d-----w- C:\Users\June\AppData\Local\Apple Computer
2012-06-20 21:16:43 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 21:16:43 -------- d-----w- C:\Program Files\iPod
2012-06-20 21:16:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-20 21:15:33 -------- d-----w- C:\Users\June\AppData\Local\Apple
2012-06-20 21:14:45 -------- d-----w- C:\Program Files\Bonjour
2012-06-20 21:14:45 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-14 00:06:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:34:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll
2012-06-10 13:34:39 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9EAD.tmp.dat
2012-06-09 13:21:08 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\E208.tmp.dat
2012-06-07 19:16:13 -------- d-----w- C:\ProgramData\Symantec
2012-06-07 17:16:21 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-06-07 01:36:52 -------- d-----w- C:\Users\June\AppData\Local\KodakGallery
2012-06-06 14:58:45 -------- d-----w- C:\Program Files (x86)\SuperFish
2012-06-06 14:56:54 -------- d-----w- C:\Remote Programs
2012-06-06 14:56:33 -------- d--h--w- C:\ProgramData\Common Files
2012-06-06 14:52:45 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-06-06 14:51:15 -------- d-----w- C:\Users\June\AppData\Roaming\Babylon
2012-06-06 14:51:15 -------- d-----w- C:\ProgramData\Babylon
2012-06-06 14:03:36 -------- d-----w- C:\Users\June\AppData\Local\Microsoft Games
2012-06-06 13:26:22 -------- d-----w- C:\Users\June\AppData\Roaming\Gamelab
2012-06-06 13:08:05 -------- d-----w- C:\ProgramData\Wild Tangent
2012-06-06 12:41:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-06-01 00:19:58 63080 ----a-r- C:\Users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-01 00:19:56 -------- d-----w- C:\Users\June\AppData\Local\DIRECTV Player
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-30 01:08:26 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2012-05-30 01:06:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-05-30 01:06:49 -------- d-----w- C:\Program Files (x86)\Kodak
2012-05-28 19:26:38 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-05-28 19:26:32 -------- d-----w- C:\Program Files (x86)\PriceGong
2012-05-28 19:26:00 -------- d-----w- C:\Program Files (x86)\Shop to Win 29
2012-05-28 19:25:57 -------- d-----w- C:\Program Files (x86)\Shop To Win
2012-05-28 19:25:40 -------- d-----w- C:\Program Files (x86)\OApps
.
==================== Find3M ====================
.
2012-06-17 14:16:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 14:16:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-21 14:20:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-21 14:20:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:18:10.76 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2010 5:26:36 AM
System Uptime: 6/26/2012 9:31:57 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 2AAC
Processor: AMD Athlon II X2 240e Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 853.088 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.838 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Video Controller
Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000
Service:
.
==== System Restore Points ===================
.
RP339: 6/13/2012 8:07:03 PM - Windows Update
RP340: 6/16/2012 10:33:33 PM - Windows Update
RP341: 6/20/2012 10:25:48 AM - Windows Update
RP342: 6/20/2012 5:15:36 PM - Installed iTunes
RP343: 6/21/2012 5:18:26 AM - Windows Update
RP344: 6/23/2012 5:36:04 PM - Windows Update
RP345: 6/24/2012 10:12:55 PM - Removed ITE Infrared Transceiver
RP346: 6/24/2012 10:34:40 PM - Restore Operation
RP347: 6/24/2012 10:50:54 PM - Windows Update
RP348: 6/24/2012 10:58:18 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Airport Mania
Ancient Hearts
Azteca
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Bob the Builder Can-Do-Zoo
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Chuzzle Deluxe
Corel Paint it! touch - IPM
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
DIRECTV Player
DirectX for Managed Code Update (Summer 2004)
Dora's Carnival Adventure
Dora's World Adventure
DVD Menu Pack for HP TouchSmart Video
EA Download Manager
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Facebook for HP TouchSmart
FATE
FrostWire 4.21.6
Funmoods on IE and Chrome
Gem Shop
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hoyle Casino
HP Advisor
HP AppsCenter 1.00
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart/TouchSmart Netflix
HP My Display TouchSmart Edition
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Default Magnets
HP TouchSmart DVD
HP TouchSmart Live TV
HP TouchSmart Music
HP TouchSmart Notes
HP TouchSmart Paint it! by Corel
HP TouchSmart Paint it! by Corel - Content
HP TouchSmart Paint it! by Corel - Core
HP TouchSmart Paint it! by Corel - ICA
HP TouchSmart Paint it! by Corel - Langauge
HP TouchSmart Photo
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Video
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
IrfanView (remove only)
ITE Infrared Transceiver
Java Auto Updater
Java 6 Update 26
Jewel Quest Solitaire 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LabelPrint
LightScribe System Software
Mah Jong Medley
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2010 - English
Microsoft Office Outlook Connector
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Movie Theme Pack for HP TouchSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Notifier
OfotoXMI
PCDADDIN
PCDHELP
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Polar Bowler
Polar Golfer
Poppit To Go
Power2Go
PowerDirector
PressReader
PriceGong 2.6.4
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recipe Hub
Recovery Manager
Roads of Rome
Roxio CinemaNow 2.0
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SFR
SHASTA
Shop To Win
SKIN0001
SKINXSDK
Skip-Bo - Castaway Caper
Skype Click to Call
Skype™ 5.9
Slingo Deluxe
staticcr
swMSM
The Sims™ 3
tooltips
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VideoFileDownload
Virtual Villagers - The Secret City
VPRINTOL
Where's Waldo The Fantastic Journey
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WindowShopper
WIRELESS
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 9:37:31 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/25/2012 12:11:36 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 11:53:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 11:25:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
6/24/2012 10:47:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.66.0;1.129.66.0 Engine version: 1.1.8502.0
6/24/2012 10:36:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\062412-26145-01.dmp. Report Id: 062412-26145-01.
6/24/2012 10:08:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fc66ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\062412-23212-01.dmp. Report Id: 062412-23212-01.
6/24/2012 1:32:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffa80400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cd3915). A dump was saved in: C:\Windows\Minidump\062412-18283-01.dmp. Report Id: 062412-18283-01.
6/20/2012 4:47:23 PM, Error: Disk [11] - The driver detected a controller error on \...\DR6.
.
==== End Of File ===========================
-
Ok, Nevermind.. I chose to run it anyway..
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 26
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
-
Security check will not let me run it.. it says it could do harm and not letting me open it
-
There are ads playing in the background of my computer,, Help!!! Please.. Idk where I should post this.
Ads playing in background of PC
in Resolved Malware Removal Logs
Posted
Thank you so much!