DaveFL

Thanks MrC! Sorry for the delayed reply but SP1 didn't want to install. Microsoft's Update Readiness Tool, or whatever Microsoft sent me to, ran a hotfix, then SP1 cooperated nicely. The Clean up went as advertised. Everything seems to be holding together nicely!! I suppose the next 24 hrs or so will tell.... Thanks again for all your help! You are the Best, Mr Charlie! DaveFL

Things still look good... Security check log: Results of screen317's Security Check version 0.99.84 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java version out of Date! Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` Thanks MrC! DaveFL

Thanks MrC! the new roguekiller report: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Marty [Admin rights] Mode : Scan -- Date : 06/14/2014 11:28:16 ¤¤¤ Bad processes : 1 ¤¤¤ [ZeroAccess] mcshield.exe -- [x] -> ERROR [12] ¤¤¤ Registry Entries : 23 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GetSusp -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GetSusp -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GetSusp -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\{9AD52BE1-60AA-41B8-8FC4-A4290EB10F3A} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Marty\AppData\Roaming\v9\UninstallManager.exe -c -ptid=tugs) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103SJ +++++ --- User --- [MBR] 339053ccd380888a513d4babe099a448 [bSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 14142 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06132014_223919.log - RKreport_SCN_06132014_224621.log - RKreport_SCN_06142014_112316.log I've been surfing around and opening and closing IE and so far so good! I'll keep 'test driving' it a little here... DaveFL

Thanks, MrC, for your clear and detailed instructions. Guys like me need that :-). Everything ran as advertised. The mbam scans were clean (but that's probably not a surprise since the computer has been idle except for what we are doing here, and I have no idea what caused the re-emergence of the malware...) I let AdwCleaner remove everything it found. the Logs: Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02 Ran by Marty at 2014-06-14 10:01:43 Run:1 Running from C:\Users\Marty\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [Qoyvf] => "C:\Users\Marty\AppData\Roaming\Foyxheon\haefp.exe" HKLM-x32\...\Run: [] => [X] GroupPolicy: Group Policy on Chrome detected HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...&q={searchTerms} SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Hosts: 54.221.22.25 dmcecclamecbinmplcolhaljlclhbgah FF HKCU\...\Firefox\Extensions: [{54529188-D165-76FA-72F3-FD3CCD7D5709}] - C:\Program Files (x86)\Re-Markable-soft\161.xpi FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi S3 MFE_RR; \??\C:\Users\Marty\AppData\Local\Temp\mfe_rr.sys [X] C:\Users\Marty\jagex_cl_runescape_LIVE.dat C:\Users\Marty\random.dat C:\Users\Marty\AppData\Roaming\Foyxheon C:\Program Files\pcreg DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Task: {2A6240B5-229F-4878-B21F-888BF9F38E12} - System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-7 => C:\Program Files (x86)\HQvidPv1.12\HQvidPv1.12-nova.exe Task: {9FCCD69D-7C99-454E-8D80-7284B6B77B3C} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe Task: {A21EB3E3-4E0C-489E-A560-6318A05D3519} - System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-1 => C:\Program Files (x86)\HQvidPv1.12\HQvidPv1.12-codedownloader.exe ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Qoyvf => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}'=> Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. 'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found. 'HKCR\PROTOCOLS\Handler\skype-ie-addon-data' => Key deleted successfully. 'HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}'=> Key not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. HKCU\Software\Mozilla\Firefox\Extensions\\{54529188-D165-76FA-72F3-FD3CCD7D5709} => value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value deleted successfully. MFE_RR => Service deleted successfully. C:\Users\Marty\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Marty\random.dat => Moved successfully. C:\Users\Marty\AppData\Roaming\Foyxheon => Moved successfully. C:\Program Files\pcreg => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A6240B5-229F-4878-B21F-888BF9F38E12}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A6240B5-229F-4878-B21F-888BF9F38E12}' => Key deleted successfully. C:\Windows\System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-7 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a74f6af7-b4c0-41c3-b53e-2486781d7f40-7' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FCCD69D-7C99-454E-8D80-7284B6B77B3C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCCD69D-7C99-454E-8D80-7284B6B77B3C}' => Key deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A21EB3E3-4E0C-489E-A560-6318A05D3519}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A21EB3E3-4E0C-489E-A560-6318A05D3519}' => Key deleted successfully. C:\Windows\System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-1 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a74f6af7-b4c0-41c3-b53e-2486781d7f40-1' => Key deleted successfully. The system needed a reboot. ==== End of Fixlog ==== Adwcleaner log: # AdwCleaner v3.212 - Report created 14/06/2014 at 10:18:49 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Marty - MARTY-PC # Running from : C:\Users\Marty\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\VisualBee Folder Deleted : C:\Program Files (x86)\Bench Folder Deleted : C:\Program Files (x86)\Information Folder Deleted : C:\Users\Marty\AppData\Local\emaze Folder Deleted : C:\Users\Marty\AppData\Local\PackageAware Folder Deleted : C:\Users\Marty\AppData\LocalLow\iac Folder Deleted : C:\Users\Marty\AppData\LocalLow\mapsgalaxy_39 Folder Deleted : C:\Users\Marty\AppData\Roaming\Activeris Folder Deleted : C:\Users\Marty\AppData\Roaming\SupTab Folder Deleted : C:\Users\Marty\AppData\Roaming\Systweak Folder Deleted : C:\Users\Marty\AppData\Roaming\v9 Folder Deleted : C:\Users\Marty\Documents\PC Speed Maximizer File Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698} Key Deleted : HKCU\Software\Compete Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\visualbee Key Deleted : HKCU\Software\AppDataLow\Software\Compete Key Deleted : HKLM\Software\Bench Key Deleted : HKLM\Software\CompeteInc Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\SupTab Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\V9Software Key Deleted : HKLM\Software\visualbee Key Deleted : HKLM\Software\Wpm Key Deleted : HKLM\Software\Information Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 ************************* AdwCleaner[R0].txt - [4952 octets] - [14/06/2014 10:05:08] AdwCleaner[s0].txt - [4793 octets] - [14/06/2014 10:18:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4853 octets] ########## JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Marty on Sat 06/14/2014 at 10:23:36.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ammyy" Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\Users\Marty\AppData\Roaming\pc cleaners" Successfully deleted: [Folder] "C:\Users\Marty\AppData\Roaming\pcpro" Successfully deleted: [Folder] "C:\Users\Marty\appdata\locallow\recipehub_2j" Successfully deleted: [Folder] "C:\Users\Marty\appdata\locallow\recipehub_2jei" Successfully deleted: [Folder] "C:\Program Files (x86)\recipehub_2jei" Successfully deleted: [Empty Folder] C:\Users\Marty\appdata\local\{280CF035-5285-4C3A-9BF5-91FD805A3C42} Successfully deleted: [Empty Folder] C:\Users\Marty\appdata\local\{DBCB0101-4141-49FF-BBCF-E302023C55D6} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/14/2014 at 10:29:29.21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hope I posted everything correctly! Thanks again. DaveFL

Thanks MrC! I ran malwarebytes with the requested settings and it didn't find anything this time. Here is the Roguekiller log: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Marty [Admin rights] Mode : Scan -- Date : 06/13/2014 22:46:21 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 23 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Qoyvf : "C:\Users\Marty\AppData\Roaming\Foyxheon\haefp.exe" -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GetSusp -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GetSusp -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GetSusp -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-1617529379-2784233811-108745753-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\{9AD52BE1-60AA-41B8-8FC4-A4290EB10F3A} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Marty\AppData\Roaming\v9\UninstallManager.exe -c -ptid=tugs) -> FOUND ¤¤¤ Files : 13 ¤¤¤ [ZeroAccess][Junction] en-US -- C:\Program Files\Windows Defender\en-US [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpAsDesc.dll -- C:\Program Files\Windows Defender\MpAsDesc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpClient.dll -- C:\Program Files\Windows Defender\MpClient.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpCmdRun.exe -- C:\Program Files\Windows Defender\MpCmdRun.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpCommu.dll -- C:\Program Files\Windows Defender\MpCommu.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpEvMsg.dll -- C:\Program Files\Windows Defender\MpEvMsg.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpOAV.dll -- C:\Program Files\Windows Defender\MpOAV.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpRTP.dll -- C:\Program Files\Windows Defender\MpRTP.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MpSvc.dll -- C:\Program Files\Windows Defender\MpSvc.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MSASCui.exe -- C:\Program Files\Windows Defender\MSASCui.exe [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MsMpCom.dll -- C:\Program Files\Windows Defender\MsMpCom.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MsMpLics.dll -- C:\Program Files\Windows Defender\MsMpLics.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND [ZeroAccess][Junction] MsMpRes.dll -- C:\Program Files\Windows Defender\MsMpRes.dll [JUNCTION@ a000000c] >> \systemroot\system32\config -> FOUND ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 54.221.22.25 dmcecclamecbinmplcolhaljlclhbgah ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103SJ +++++ --- User --- [MBR] 339053ccd380888a513d4babe099a448 [bSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 14142 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06132014_223919.log Thanks again! DaveFL

Thanks in advance for any help! I've got a re-occuring pup.optional.searchsafer hit from malwarebytes on my daughter's computer. MBAM will remove 2 instances of pup.optional.searchsafer then the next scan will be clean, then it will find them again, then its clean, etc. Also her homepage gets reset to about:blank every other day or so. The lastest (clean) mbam log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/13/2014 Scan Time: 11:46:48 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.13.06 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Marty Scan Type: Threat Scan Result: Completed Objects Scanned: 271538 Time Elapsed: 9 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SearchSafer, C:\Program Files\pcreg\service.exe, 4412, Delete-on-Reboot, [62505d16d9a262d4abc6432419eb7f81] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.SearchSafer, C:\Program Files\pcreg\service.exe, Quarantined, [62505d16d9a262d4abc6432419eb7f81], Physical Sectors: 0 (No malicious items detected) (end) The FRST.TXT log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by Marty (administrator) on MARTY-PC on 13-06-2014 12:11:55 Running from C:\Users\Marty\Desktop Platform: Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Qoyvf] => "C:\Users\Marty\AppData\Roaming\Foyxheon\haefp.exe" HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] () HKLM-x32\...\RunOnce: [sTToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1617529379-2784233811-108745753-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-06-06] (Adobe Systems Incorporated) HKU\S-1-5-21-1617529379-2784233811-108745753-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1617529379-2784233811-108745753-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1617529379-2784233811-108745753-1001\...\Policies\Explorer: [NoControlPanel] 0 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1399129011&from=tugs&uid=SAMSUNGXHD103SJ_S26BJ90ZB31071B31071&i=psd&t=341f22504&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1399129011&from=tugs&uid=SAMSUNGXHD103SJ_S26BJ90ZB31071B31071&i=psd&t=341f22504&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm156^YY^us&si=CD4572&ptb=C3E0E9CD-6D86-470E-A98B-EB9C7C741BF3&ind=2013042610&n=77fc97b2&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Hosts: 54.221.22.25 dmcecclamecbinmplcolhaljlclhbgah Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-03-31] FF HKCU\...\Firefox\Extensions: [{54529188-D165-76FA-72F3-FD3CCD7D5709}] - C:\Program Files (x86)\Re-Markable-soft\161.xpi FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi ==================== Services (Whitelisted) ================= R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed] ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.) S3 GetSusp; C:\Windows\GetSusp.sys [16680 2013-12-11] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.) U4 Messenger; S3 MFE_RR; \??\C:\Users\Marty\AppData\Local\Temp\mfe_rr.sys [X] S3 pfc; system32\drivers\pfc.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-13 12:11 - 2014-06-13 12:12 - 00013557 _____ () C:\Users\Marty\Desktop\FRST.txt 2014-06-13 12:11 - 2014-06-13 12:11 - 00000000 ____D () C:\FRST 2014-06-13 12:03 - 2014-06-13 12:03 - 02081792 _____ (Farbar) C:\Users\Marty\Desktop\FRST64.exe 2014-06-13 12:03 - 2014-06-13 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-12 21:02 - 2014-06-13 11:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-12 21:01 - 2014-06-12 21:01 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-12 21:01 - 2014-06-12 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-12 21:01 - 2014-06-12 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-12 21:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-12 21:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-12 20:28 - 2014-06-13 11:58 - 00000616 _____ () C:\Windows\setupact.log 2014-06-12 20:28 - 2014-06-12 20:28 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-06 12:28 - 2014-06-06 12:28 - 00000000 ____D () C:\Windows\system32\SPReview 2014-05-30 07:49 - 2014-06-04 12:01 - 00000000 ____D () C:\Users\Marty\AppData\Roaming\Nugyyn ==================== One Month Modified Files and Folders ======= 2014-06-13 12:12 - 2014-06-13 12:11 - 00013557 _____ () C:\Users\Marty\Desktop\FRST.txt 2014-06-13 12:12 - 2014-05-01 13:59 - 00000360 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-1617529379-2784233811-108745753-1001.job 2014-06-13 12:12 - 2011-04-06 15:27 - 00000000 ____D () C:\Users\Marty\AppData\Local\Temp 2014-06-13 12:11 - 2014-06-13 12:11 - 00000000 ____D () C:\FRST 2014-06-13 12:10 - 2009-07-14 00:10 - 02046741 _____ () C:\Windows\WindowsUpdate.log 2014-06-13 12:08 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-13 12:08 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-13 12:03 - 2014-06-13 12:03 - 02081792 _____ (Farbar) C:\Users\Marty\Desktop\FRST64.exe 2014-06-13 12:03 - 2014-06-13 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-13 11:59 - 2014-06-12 21:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-13 11:59 - 2011-03-31 15:42 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-06-13 11:58 - 2014-06-12 20:28 - 00000616 _____ () C:\Windows\setupact.log 2014-06-13 11:58 - 2013-08-15 16:31 - 00557426 _____ () C:\Windows\PFRO.log 2014-06-13 11:58 - 2011-04-06 15:30 - 00000073 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log 2014-06-13 11:58 - 2011-04-06 15:30 - 00000000 ____D () C:\Users\Marty\AppData\Local\SoftThinks 2014-06-13 11:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-13 11:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2014-06-13 11:56 - 2014-05-01 13:56 - 00000000 ____D () C:\Program Files\pcreg 2014-06-13 11:54 - 2013-06-17 11:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-12 21:15 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup 2014-06-12 21:02 - 2013-08-15 16:16 - 00000000 ____D () C:\Users\Marty\AppData\Roaming\Malwarebytes 2014-06-12 21:02 - 2013-08-15 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-12 21:01 - 2014-06-12 21:01 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-12 21:01 - 2014-06-12 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-12 21:01 - 2014-06-12 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-12 20:42 - 2013-08-08 03:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 20:42 - 2011-10-24 14:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 20:42 - 2011-04-22 08:47 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-12 20:28 - 2014-06-12 20:28 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-12 20:16 - 2011-04-09 08:27 - 00000000 ____D () C:\Users\Marty\AppData\Local\Google 2014-06-12 20:16 - 2011-04-09 08:27 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-12 20:14 - 2011-03-31 15:50 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-06-12 20:13 - 2014-05-01 13:49 - 00000000 ____D () C:\Program Files (x86)\Information 2014-06-12 17:48 - 2009-07-14 00:13 - 00727398 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-12 17:43 - 2011-03-31 15:54 - 00000000 ____D () C:\ProgramData\Sonic 2014-06-06 12:28 - 2014-06-06 12:28 - 00000000 ____D () C:\Windows\system32\SPReview 2014-06-06 06:35 - 2013-06-17 11:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-06 06:35 - 2013-06-17 11:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-06 06:35 - 2013-06-17 11:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-04 17:05 - 2013-08-14 07:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-04 12:01 - 2014-05-30 07:49 - 00000000 ____D () C:\Users\Marty\AppData\Roaming\Nugyyn 2014-05-28 15:35 - 2011-03-31 15:50 - 00000000 ____D () C:\Program Files\Common Files\mcafee Files to move or delete: ==================== C:\Users\Marty\jagex_cl_runescape_LIVE.dat C:\Users\Marty\random.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2014-06-12 22:57 ==================== End Of Log ============================ Additional.TXT log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by Marty at 2014-06-13 12:12:28 Running from C:\Users\Marty\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.) Java Auto Updater (HKLM-x32\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: - ) Java 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 06-06-2014 11:37:32 Windows 7 Service Pack 1 06-06-2014 17:27:02 Windows Update 13-06-2014 01:40:27 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2014-05-05 17:21 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts 54.221.22.25 dmcecclamecbinmplcolhaljlclhbgah ==================== Scheduled Tasks (whitelisted) ============= Task: {19F65F47-E9EA-4C57-9E2B-47996338281F} - System32\Tasks\CIMT_S-1-5-21-1617529379-2784233811-108745753-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: {2A6240B5-229F-4878-B21F-888BF9F38E12} - System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-7 => C:\Program Files (x86)\HQvidPv1.12\HQvidPv1.12-nova.exe <==== ATTENTION Task: {393CEA64-4CC8-4D42-BC93-7BB76D4C70FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06] (Adobe Systems Incorporated) Task: {7D678F84-71D1-47FB-888B-0DA4F007B8EF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1617529379-2784233811-108745753-1001 Task: {83874A12-6FE2-4134-AA3B-4D1C1454D32C} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {9FCCD69D-7C99-454E-8D80-7284B6B77B3C} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION Task: {A21EB3E3-4E0C-489E-A560-6318A05D3519} - System32\Tasks\a74f6af7-b4c0-41c3-b53e-2486781d7f40-1 => C:\Program Files (x86)\HQvidPv1.12\HQvidPv1.12-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CIMT_S-1-5-21-1617529379-2784233811-108745753-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-31 15:42 - 2010-08-11 18:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe 2012-03-14 15:53 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe 2011-03-31 15:42 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll 2012-03-14 15:53 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00023776 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll 2011-03-31 15:42 - 2010-08-11 18:19 - 00023776 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll 2013-01-16 17:21 - 2013-01-16 17:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll 2011-03-31 15:34 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNA1100 Smart Wizard.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2014 10:59:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae Faulting module name: homenetsvc.dll, version: 6.8.716.0, time stamp: 0x5321f22a Exception code: 0xc0000005 Fault offset: 0x0000000000226881 Faulting process id: 0x76c Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report Id: McSvHost.exe3 Error: (05/07/2014 07:57:24 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...). Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider Error: (05/05/2014 09:33:30 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY) Description: McShield encountered error while stopping. Error Code:a7f40610 Error: (05/02/2014 00:18:07 PM) (Source: Office Software Protection Platform Service) (EventID: 1062) (User: ) Description: Deposition of Confirmation ID failed. 0xC004F02F Sku Id=09e2d37e-474b-4121-8626-58ad9be5776f Error: (05/01/2014 08:13:20 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: ) Description: Acquisition of Product Certificate failed. hr=0xC004C003 Sku Id=09e2d37e-474b-4121-8626-58ad9be5776f Error: (05/01/2014 08:13:20 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0xC004C003 Error: (05/01/2014 01:57:33 PM) (Source: MsiInstaller) (EventID: 11316) (User: Marty-PC) Description: Product: Consumer Input Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\GoogleUpdateHelper.msi Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt> with error: The specified server cannot perform the requested operation. . Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt> with error: This operation returned because the timeout period expired. . Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt> with error: This operation returned because the timeout period expired. . System errors: ============= Error: (06/13/2014 11:59:42 AM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: D@01010004 Error: (06/13/2014 11:59:42 AM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: D@01010004 Error: (06/13/2014 11:59:40 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/13/2014 11:55:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the pcregservice service. Error: (06/13/2014 11:28:57 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/13/2014 11:28:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: %%1053 Error: (06/13/2014 11:28:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error: (06/13/2014 11:28:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: %%1053 Error: (06/13/2014 11:28:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error: (06/13/2014 11:28:34 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7} Microsoft Office Sessions: ========================= Error: (05/30/2014 10:59:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe3.8.703.051f7deaehomenetsvc.dll6.8.716.05321f22ac0000005000000000022688176c01cf7c1fb7e4eea6C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\COMMON~1\mcafee\mhn\homenetsvc.dll63d28dd9-e813-11e3-b233-b8ac6fe2aca8 Error: (05/07/2014 07:57:24 PM) (Source: VSS) (EventID: 12305) (User: ) Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8,0xc0000000,0x00000003,...) Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider Error: (05/05/2014 09:33:30 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY) Description: a7f40610 Error: (05/02/2014 00:18:07 PM) (Source: Office Software Protection Platform Service) (EventID: 1062) (User: ) Description: 0xC004F02F09e2d37e-474b-4121-8626-58ad9be5776f Error: (05/01/2014 08:13:20 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: ) Description: hr=0xC004C00309e2d37e-474b-4121-8626-58ad9be5776f Error: (05/01/2014 08:13:20 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: ) Description: hr=0xC004C00300010001(0x00000000, 20:13:20:541 - http://go.microsoft.com/fwlink/?LinkID=120751) 00020001(0x00000000, 20:13:20:541) 00030001(0x00000000, 20:13:20:541 - http://go.microsoft.com) 00030002(0x00000000, 20:13:20:541 - 1) 00020005(0x00000000, 20:13:20:541 - 1) 0002000C(0x00000000, 20:13:20:728 - 302) 0002000E(0x00000000, 20:13:20:728 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14) 00020001(0x00000000, 20:13:20:728) 00030001(0x00000000, 20:13:20:728 - https://activation.sls.microsoft.com) 00030002(0x00000000, 20:13:20:728 - 1) 00020005(0x00000000, 20:13:20:728 - 1) 0002000C(0x00000000, 20:13:20:837 - 500) 00010002(0x8004FC01, 20:13:20:837 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>) 00010003(0x8004FC01, 20:13:20:853) Error: (05/01/2014 01:57:33 PM) (Source: MsiInstaller) (EventID: 11316) (User: Marty-PC) Description: Product: Consumer Input Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\GoogleUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crtThe specified server cannot perform the requested operation. Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crtThis operation returned because the timeout period expired. Error: (04/14/2014 08:49:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crtThis operation returned because the timeout period expired. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 4094.98 MB Available physical RAM: 2187.4 MB Total Pagefile: 8188.07 MB Available Pagefile: 6142.34 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:856.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: CB59CF0B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks again for any help! If we can fix this it'll make my daughter Very Happy (and, by extension, me)!! DaveFL

Again, my apologies Maniac. I still haven't gotten back into town yet. My Boss may keep me out of town another day or 2. I appreciate all the help you've given me and would still like to finish this up if you'll stay with me... I'll run the requested scans when I get home and Post back... Thanks Maniac for bearing with me (If you can)! Again, my apologies for the confusion! Thanks, DaveFL

Maniac, my apologies to you. I got called out of town on work. when I return in a day (or two) I will run those scans and post back. Thank you so much for your help so far! I really appreciate it! DaveFL

Thanks again Maniac! The ESET scanner ran fine. It didn't report finding anything in the after scan report. The log isn't very revealing. It had just 2 lines related to registration. Interesting that you haven't found anything. Is it possible that Mbam cleared the infection both times, but that it was reinfected from the same external source (infected email, Website, thumb drive, etc.)? I wasn't there either time it was infected, and she's not very tech-smart! Maybe we are Clear of it on this computer? ;-) Thanks again, Maniac! ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK

Thanks again Maniac! Combofix also ran as it was supposed to... The Log: ComboFix 12-10-10.02 - End User 10/10/2012 10:02:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1728 [GMT -5:00] Running from: c:\users\End User\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 ))))))))))))))))))))))))))))))) . . 2012-10-10 15:12 . 2012-10-10 15:12 -------- d-----w- c:\users\Molly\AppData\Local\temp 2012-10-10 15:12 . 2012-10-10 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-09 20:01 . 2012-10-09 20:01 -------- d-----w- C:\FRST 2012-10-09 14:58 . 2012-10-09 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-09 14:58 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 17:57 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-21 14:34 . 2012-09-21 14:34 -------- d-----w- C:\06c33aa9e93f77da9b45cec4e03782 2012-09-12 12:54 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 12:54 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 12:54 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 12:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 12:54 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 12:54 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 12:54 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 14:54 . 2010-12-28 16:46 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-08-25 05:47 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-18 18:15 . 2012-08-25 19:28 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll" [2011-03-16 214840] "{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7}"= "c:\program files (x86)\Radio_1.1\prxtbRadi.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CLASSES_ROOT\clsid\{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Radio_1.1\prxtbRadi.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7}"= "c:\program files (x86)\Radio_1.1\prxtbRadi.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248] . c:\users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584] SentriLockCardUtility.lnk - c:\windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe [2011-5-27 91648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-11-12 69376] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121009.001\IDSvia64.sys [2012-09-01 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-01-03 20360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe [2012-08-28 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-25 138912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-22 287232] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04] . 2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?ilc=34 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-10 10:27:15 ComboFix-quarantined-files.txt 2012-10-10 15:27 . Pre-Run: 238,495,875,072 bytes free Post-Run: 239,114,252,288 bytes free . - - End Of File - - F4A3A0800289CDE33D8ABAC7B59597D3

Thanks Maniac! I need all the help I can get ;-) Farbar ran as advertised! here is the log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012 Ran by SYSTEM at 09-10-2012 12:01:54 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2010-04-28] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation) HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-05-27] (Apple Inc.) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin) HKU\Molly\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] Winlogon\Notify\ScCertProp: wlnotify.dll [X] Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) Startup: C:\Users\All Users\Start Menu\Programs\Startup\SentriLockCardUtility.lnk ShortcutTarget: SentriLockCardUtility.lnk -> C:\windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe () Startup: C:\Users\End User\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 atashost; "C:\windows\SysWOW64\atashost.exe" [20360 2011-01-03] (WebEx Communications, Inc.) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe /s [123320 2012-08-28] (Symantec Corporation) 2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-24] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-24] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121006.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121009.003\ENG64.SYS [126112 2012-09-13] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121009.003\EX64.SYS [2084000 2012-09-13] (Symantec Corporation) 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-10] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-10-09 12:01 - 2012-10-09 12:01 - 00000000 ____D C:\FRST 2012-10-09 08:02 - 2012-10-09 08:02 - 00022671 ____A C:\Users\End User\Desktop\DDS.txt 2012-10-09 08:02 - 2012-10-09 08:02 - 00014090 ____A C:\Users\End User\Desktop\Attach.txt 2012-10-09 07:51 - 2012-10-09 07:51 - 00607260 ____R (Swearware) C:\Users\End User\Desktop\dds.scr 2012-10-09 06:58 - 2012-10-09 06:58 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-09 06:58 - 2012-10-09 06:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-09 06:58 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-10-09 06:57 - 2012-10-09 06:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\End User\Downloads\mbam-setup-1.65.0.1400.exe 2012-10-03 13:36 - 2012-10-03 13:36 - 02939029 ____A C:\Users\End User\Downloads\6272.xml 2012-10-03 12:15 - 2012-10-03 12:15 - 03193867 ____A C:\Users\End User\Downloads\6271.xml 2012-10-02 11:21 - 2012-10-02 11:21 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02 (2).zip 2012-10-02 11:09 - 2012-10-02 11:09 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02 (1).zip 2012-10-02 09:56 - 2012-10-02 09:56 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02.zip 2012-10-01 14:35 - 2012-10-01 14:35 - 03122324 ____A C:\Users\End User\Downloads\6262 (1).xml 2012-10-01 13:48 - 2012-10-01 13:48 - 02965587 ____A C:\Users\End User\Downloads\6266 (3).xml 2012-10-01 12:03 - 2012-10-01 12:03 - 02965813 ____A C:\Users\End User\Downloads\6266 (2).xml 2012-10-01 08:44 - 2012-10-01 08:44 - 02965587 ____A C:\Users\End User\Downloads\6266 (1).xml 2012-09-28 12:24 - 2012-09-28 12:24 - 02684905 ____A C:\Users\End User\Downloads\6265 (1).xml 2012-09-28 12:22 - 2012-09-28 12:22 - 01977870 ____A C:\Users\End User\Downloads\6260 (1).xml 2012-09-28 11:30 - 2012-09-28 11:30 - 02006269 ____A C:\Users\End User\Downloads\6259 (1).xml 2012-09-26 09:57 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-25 12:57 - 2012-09-25 12:57 - 02684501 ____A C:\Users\End User\Downloads\6265.xml 2012-09-25 11:34 - 2012-09-25 11:34 - 02967446 ____A C:\Users\End User\Downloads\6266.xml 2012-09-25 05:01 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-25 05:01 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-25 05:01 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-25 05:01 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-25 05:01 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-25 05:01 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-25 05:01 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-25 05:01 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-25 05:01 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-25 05:01 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-25 05:01 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-25 05:01 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-25 05:01 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-25 05:01 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-25 05:01 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-25 05:01 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-25 05:01 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-25 05:01 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-25 05:01 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-25 05:01 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-25 05:01 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-25 05:01 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-25 05:01 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-25 05:01 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-25 05:01 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-25 05:01 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-25 05:01 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-25 05:01 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-25 05:01 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-25 05:01 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-25 05:01 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-25 05:01 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-23 20:04 - 2012-09-23 20:05 - 03891360 ____A C:\Users\End User\Downloads\6256 (1).xml 2012-09-21 06:34 - 2012-09-21 06:34 - 00000000 ____D C:\06c33aa9e93f77da9b45cec4e03782 2012-09-19 20:22 - 2012-09-19 20:23 - 03122263 ____A C:\Users\End User\Downloads\6262.xml 2012-09-18 11:35 - 2012-09-18 11:35 - 03071242 ____A C:\Users\End User\Downloads\6263 (3).xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263.xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263 (2).xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263 (1).xml 2012-09-17 13:16 - 2012-09-17 13:17 - 03382825 ____A C:\Users\End User\Downloads\6229 (1).xml 2012-09-15 13:18 - 2012-09-15 13:18 - 02928992 ____A C:\Users\End User\Downloads\6253 (2).xml 2012-09-15 13:18 - 2012-09-15 13:18 - 02928992 ____A C:\Users\End User\Downloads\6253 (1).xml 2012-09-12 07:14 - 2012-09-12 07:16 - 02117503 ____A C:\Users\End User\Downloads\6255 (3).xml 2012-09-12 04:54 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-12 04:54 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-12 04:54 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-12 04:54 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-12 04:54 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-12 04:54 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-12 04:54 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-11 14:41 - 2012-09-11 14:41 - 01978012 ____A C:\Users\End User\Downloads\6260.xml 2012-09-11 11:36 - 2012-09-11 11:36 - 02006417 ____A C:\Users\End User\Downloads\6259.xml 2012-09-11 11:06 - 2012-09-11 11:06 - 02117503 ____A C:\Users\End User\Downloads\6255 (2).xml ==================== 3 Months Modified Files ================== 2012-10-09 08:56 - 2010-11-26 17:22 - 02091332 ____A C:\Windows\WindowsUpdate.log 2012-10-09 08:56 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-09 08:56 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-09 08:54 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-09 08:53 - 2009-07-13 20:51 - 00044303 ____A C:\Windows\setupact.log 2012-10-09 08:02 - 2012-10-09 08:02 - 00022671 ____A C:\Users\End User\Desktop\DDS.txt 2012-10-09 08:02 - 2012-10-09 08:02 - 00014090 ____A C:\Users\End User\Desktop\Attach.txt 2012-10-09 08:00 - 2010-10-14 20:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-10-09 07:51 - 2012-10-09 07:51 - 00607260 ____R (Swearware) C:\Users\End User\Desktop\dds.scr 2012-10-09 07:48 - 2010-10-14 20:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-10-09 07:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-09 07:47 - 2010-10-14 20:32 - 00452164 ____A C:\Windows\PFRO.log 2012-10-09 06:58 - 2012-10-09 06:58 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-09 06:57 - 2012-10-09 06:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\End User\Downloads\mbam-setup-1.65.0.1400.exe 2012-10-03 13:36 - 2012-10-03 13:36 - 02939029 ____A C:\Users\End User\Downloads\6272.xml 2012-10-03 13:33 - 2011-01-04 12:42 - 00000080 ____A C:\Windows\SysWOW64\PDFWRITR.INI 2012-10-03 13:33 - 2011-01-04 12:42 - 00000080 ____A C:\Windows\SysWOW64\__PDF.INI 2012-10-03 13:33 - 2009-07-13 18:34 - 00000558 ____A C:\Windows\win.ini 2012-10-03 12:15 - 2012-10-03 12:15 - 03193867 ____A C:\Users\End User\Downloads\6271.xml 2012-10-02 11:21 - 2012-10-02 11:21 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02 (2).zip 2012-10-02 11:09 - 2012-10-02 11:09 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02 (1).zip 2012-10-02 09:56 - 2012-10-02 09:56 - 03166341 ____A C:\Users\End User\Downloads\attachments_2012_10_02.zip 2012-10-01 14:35 - 2012-10-01 14:35 - 03122324 ____A C:\Users\End User\Downloads\6262 (1).xml 2012-10-01 13:48 - 2012-10-01 13:48 - 02965587 ____A C:\Users\End User\Downloads\6266 (3).xml 2012-10-01 12:03 - 2012-10-01 12:03 - 02965813 ____A C:\Users\End User\Downloads\6266 (2).xml 2012-10-01 08:44 - 2012-10-01 08:44 - 02965587 ____A C:\Users\End User\Downloads\6266 (1).xml 2012-09-28 12:24 - 2012-09-28 12:24 - 02684905 ____A C:\Users\End User\Downloads\6265 (1).xml 2012-09-28 12:22 - 2012-09-28 12:22 - 01977870 ____A C:\Users\End User\Downloads\6260 (1).xml 2012-09-28 11:30 - 2012-09-28 11:30 - 02006269 ____A C:\Users\End User\Downloads\6259 (1).xml 2012-09-27 08:09 - 2011-12-04 20:49 - 00002385 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-09-25 12:57 - 2012-09-25 12:57 - 02684501 ____A C:\Users\End User\Downloads\6265.xml 2012-09-25 11:34 - 2012-09-25 11:34 - 02967446 ____A C:\Users\End User\Downloads\6266.xml 2012-09-23 20:05 - 2012-09-23 20:04 - 03891360 ____A C:\Users\End User\Downloads\6256 (1).xml 2012-09-21 06:34 - 2010-12-28 08:46 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-19 20:23 - 2012-09-19 20:22 - 03122263 ____A C:\Users\End User\Downloads\6262.xml 2012-09-18 11:35 - 2012-09-18 11:35 - 03071242 ____A C:\Users\End User\Downloads\6263 (3).xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263.xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263 (2).xml 2012-09-17 17:33 - 2012-09-17 17:33 - 03277856 ____A C:\Users\End User\Downloads\6263 (1).xml 2012-09-17 13:17 - 2012-09-17 13:16 - 03382825 ____A C:\Users\End User\Downloads\6229 (1).xml 2012-09-15 13:18 - 2012-09-15 13:18 - 02928992 ____A C:\Users\End User\Downloads\6253 (2).xml 2012-09-15 13:18 - 2012-09-15 13:18 - 02928992 ____A C:\Users\End User\Downloads\6253 (1).xml 2012-09-15 12:51 - 2011-01-12 10:49 - 00028733 ____A C:\Users\End User\Documents\WindsorOrg2010(1).xlsx 2012-09-12 07:16 - 2012-09-12 07:14 - 02117503 ____A C:\Users\End User\Downloads\6255 (3).xml 2012-09-11 14:41 - 2012-09-11 14:41 - 01978012 ____A C:\Users\End User\Downloads\6260.xml 2012-09-11 11:36 - 2012-09-11 11:36 - 02006417 ____A C:\Users\End User\Downloads\6259.xml 2012-09-11 11:06 - 2012-09-11 11:06 - 02117503 ____A C:\Users\End User\Downloads\6255 (2).xml 2012-09-08 13:11 - 2012-09-08 13:11 - 02063370 ____A C:\Users\End User\Downloads\6255 (1).xml 2012-09-07 14:04 - 2012-10-09 06:58 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-06 09:52 - 2012-09-06 09:52 - 02743602 ____A C:\Users\End User\Downloads\6256.xml 2012-09-05 06:57 - 2012-09-05 06:53 - 03193377 ____A C:\Users\End User\Downloads\6258.xml 2012-08-31 09:12 - 2012-08-31 09:12 - 02062559 ____A C:\Users\End User\Downloads\6255.xml 2012-08-30 14:13 - 2012-08-30 14:13 - 03466082 ____A C:\Users\End User\Downloads\6245 (2).xml 2012-08-28 10:25 - 2012-08-28 10:25 - 02819934 ____A C:\Users\End User\Downloads\6251 (1).xml 2012-08-26 07:24 - 2009-07-13 20:45 - 00416736 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-24 09:11 - 2012-08-24 09:11 - 02930711 ____A C:\Users\End User\Downloads\6253.xml 2012-08-24 03:15 - 2012-09-25 05:01 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-25 05:01 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-25 05:01 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-25 05:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-25 05:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-25 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-25 05:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-25 05:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-25 05:01 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-25 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-25 05:01 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-25 05:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-25 05:01 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-25 05:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-25 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-25 05:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-25 05:01 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-25 05:01 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-25 05:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-25 05:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-25 05:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-25 05:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-25 05:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-25 05:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-25 05:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-25 05:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-25 05:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-25 05:01 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-25 05:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-25 05:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-25 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-25 05:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:42 - 2012-08-22 10:42 - 01001264 ____A (Solid State Networks) C:\Users\End User\Downloads\install_flashplayer11x32ax_gtbp_chra_aih (1).exe 2012-08-22 10:12 - 2012-09-12 04:54 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 04:54 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-12 04:54 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 04:54 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-22 07:27 - 2012-08-22 07:27 - 02924085 ____A C:\Users\End User\Downloads\6247 (3).xml 2012-08-22 07:26 - 2012-08-22 07:26 - 02924085 ____A C:\Users\End User\Downloads\6247 (2).xml 2012-08-22 07:07 - 2012-08-22 07:07 - 02924081 ____A C:\Users\End User\Downloads\6247 (1).xml 2012-08-22 06:51 - 2012-08-22 06:51 - 00000942 ____A C:\Users\End User\Documents\riverton.txt 2012-08-21 13:01 - 2012-09-26 09:57 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-20 09:26 - 2012-08-20 09:25 - 02819342 ____A C:\Users\End User\Downloads\6251.xml 2012-08-18 08:35 - 2012-08-18 08:35 - 02227541 ____A C:\Users\End User\Downloads\6252.xml 2012-08-14 13:40 - 2012-08-14 13:40 - 02976544 ____A C:\Users\End User\Downloads\6250.xml 2012-08-14 07:53 - 2012-08-14 07:53 - 02744977 ____A C:\Users\End User\Downloads\6249.xml 2012-08-13 06:42 - 2012-08-13 06:42 - 03092748 ____A C:\Users\End User\Downloads\6242 (1).xml 2012-08-10 13:57 - 2012-08-10 13:57 - 03466033 ____A C:\Users\End User\Downloads\6245 (1).xml 2012-08-10 12:59 - 2012-08-10 12:59 - 03011271 ____A C:\Users\End User\Downloads\6247.xml 2012-08-10 05:54 - 2012-08-10 05:54 - 03164633 ____A C:\Users\End User\Downloads\6245.xml 2012-08-08 06:44 - 2012-08-08 06:44 - 02750488 ____A C:\Users\End User\Downloads\6242.xml 2012-08-02 09:58 - 2012-09-12 04:54 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-12 04:54 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-27 13:56 - 2012-07-27 13:56 - 03754002 ____A C:\Users\End User\Downloads\6238.xml 2012-07-24 18:28 - 2012-07-24 18:28 - 02143581 ____A C:\Users\End User\Downloads\6231 (1).xml 2012-07-23 16:36 - 2012-07-23 16:36 - 03826209 ____A C:\Users\End User\Downloads\6230.xml 2012-07-23 14:02 - 2012-07-23 14:02 - 01891349 ____A C:\Users\End User\Downloads\6231.xml 2012-07-23 08:51 - 2012-07-23 08:51 - 06477390 ____A C:\Users\End User\Downloads\attachments_2012_07_23.zip 2012-07-20 07:02 - 2012-07-20 07:01 - 02840679 ____A C:\Users\End User\Downloads\6229.xml 2012-07-19 11:31 - 2012-07-19 11:31 - 00000110 ____A C:\Users\End User\Desktop\Capital Area Association of REALTORS.url 2012-07-18 10:15 - 2012-08-25 11:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 00:17 - 2012-07-13 00:17 - 02982456 ____A C:\Users\End User\Downloads\6218.xml 2012-07-12 09:35 - 2012-07-12 09:35 - 02818781 ____A C:\Users\End User\Downloads\6213 (1).xml ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-24 21:37:39 Restore point made on: 2012-08-28 04:53:21 Restore point made on: 2012-09-20 11:39:49 Restore point made on: 2012-09-21 06:43:56 Restore point made on: 2012-09-25 05:01:35 Restore point made on: 2012-09-28 08:18:04 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3893.86 MB Available physical RAM: 3332.14 MB Total Pagefile: 3892.01 MB Available Pagefile: 3321.8 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:211.52 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (PKBACK# 001) (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7643 MB 0 B Disk 2 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 284 GB 1501 MB Partition 3 Primary 11 GB 286 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI106033W0C NTFS Partition 284 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7643 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F PKBACK# 001 FAT32 Removable 7643 MB Healthy ========================================================= Last Boot: 2012-06-01 06:25 ==================== End Of Log =============================

Hi! I was helping a family member with a virus on Sunday. Her computer was seized up on a black 'FBI' screen demanding money. I rebooted to safe mode, ran MBAM, and it found and removed several objects. I rebooted out of safe mode and succesfully opened IE and browsed a few pages. Everything seemed fine. I re-ran MBAM and it didn't report any problems. I rebooted again, opened a few more web pages, and then re-ran MBAM a 3rd time. Again it reported no problems. I thought we were in the clear! Unfortunately, She was in tears this morning because the Black FBI screen was back! I Rebooted into safe mode and ran Mbam again. It found (and removed) a further 2 objects. Thanks in advance for any Help I can get! I've included this morning's MBAM log along with the two DDS Logs: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.09.07 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 End User :: ENDUSER-PC [administrator] 10/9/2012 10:00:29 AM mbam-log-2012-10-09 (10-00-29).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 385868 Time elapsed: 41 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleChrome (Trojan.Ransom.ANC) -> Data: C:\Users\ENDUSE~1\AppData\Local\Temp\sdjutta.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\End User\AppData\Local\Temp\sdjutta.exe (Trojan.Ransom.ANC) -> Quarantined and deleted successfully. (end) Attach.txt DDS.txt

Thanks again, Mr Charlie!

Thanks Mr Charlie! MBAM scan was Clean! I rebooted afterwords, opened IE, scanned again, and it was clean! Am I Fixed? the MBAM log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Judith :: JUDITH-PC [administrator] 6/27/2012 3:36:47 PM mbam-log-2012-06-27 (15-36-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209807 Time elapsed: 3 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Thanks again Mr C! Combofix ran as advertised. The Report: ComboFix 12-06-27.01 - Judith 06/27/2012 14:31:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2321 [GMT -4:00] Running from: c:\users\Judith\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-27 18:39 . 2012-06-27 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-26 20:06 . 2012-06-27 16:06 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2012-06-22 14:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 14:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 14:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 14:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 14:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 14:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 14:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 14:58 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 14:58 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 23:18 . 2012-06-21 23:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-21 23:18 . 2012-06-21 23:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-12 19:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2010-01-25 22:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-13 15:29 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-11 22:37 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-11 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-11 1104440] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . c:\users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257224] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 iYogiURLHit.exe;iYogi Hit Agent;c:\program files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe [2010-12-03 17408] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 SupportDockClientService.exe;iYogi Communication Agent;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe [2010-12-07 55296] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-11 935480] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-21 413800] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 23:19] . 2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] . 2012-06-26 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 408600] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "EPSON Stylus CX6000 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIBIA.EXE" [2006-02-13 131072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://m.www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:43,54,e4,3b,2d,26,cd,01 . [HKEY_USERS\S-1-5-21-1495080282-3682843450-985909605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1495080282-3682843450-985909605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2012-06-27 14:55:20 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 18:55 . Pre-Run: 16,540,893,184 bytes free Post-Run: 16,460,296,192 bytes free . - - End Of File - - 79D2C357C7427A992E14F87C7E1F2791

Thanks! I ran TDSSKiller and I skipped the 4 items that it flagged. It found nothing like: \device\harddisk0\DR0. The report: 13:14:55.0772 3320 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 13:14:57.0628 3320 ============================================================ 13:14:57.0628 3320 Current date / time: 2012/06/27 13:14:57.0628 13:14:57.0628 3320 SystemInfo: 13:14:57.0628 3320 13:14:57.0628 3320 OS Version: 6.1.7601 ServicePack: 1.0 13:14:57.0628 3320 Product type: Workstation 13:14:57.0628 3320 ComputerName: JUDITH-PC 13:14:57.0628 3320 UserName: Judith 13:14:57.0628 3320 Windows directory: C:\Windows 13:14:57.0628 3320 System windows directory: C:\Windows 13:14:57.0628 3320 Running under WOW64 13:14:57.0628 3320 Processor architecture: Intel x64 13:14:57.0628 3320 Number of processors: 4 13:14:57.0628 3320 Page size: 0x1000 13:14:57.0628 3320 Boot type: Normal boot 13:14:57.0628 3320 ============================================================ 13:14:59.0079 3320 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:14:59.0094 3320 ============================================================ 13:14:59.0094 3320 \Device\Harddisk0\DR0: 13:14:59.0094 3320 MBR partitions: 13:14:59.0094 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000 13:14:59.0094 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000 13:14:59.0110 3320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800 13:14:59.0110 3320 ============================================================ 13:14:59.0126 3320 C: <-> \Device\Harddisk0\DR0\Partition1 13:14:59.0157 3320 D: <-> \Device\Harddisk0\DR0\Partition2 13:14:59.0157 3320 ============================================================ 13:14:59.0157 3320 Initialize success 13:14:59.0157 3320 ============================================================ 13:15:29.0686 3772 ============================================================ 13:15:29.0686 3772 Scan started 13:15:29.0686 3772 Mode: Manual; SigCheck; TDLFS; 13:15:29.0686 3772 ============================================================ 13:15:30.0809 3772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:15:30.0950 3772 1394ohci - ok 13:15:31.0012 3772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:15:31.0059 3772 ACPI - ok 13:15:31.0090 3772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:15:31.0184 3772 AcpiPmi - ok 13:15:31.0340 3772 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 13:15:31.0355 3772 AdobeActiveFileMonitor8.0 - ok 13:15:31.0558 3772 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:15:31.0620 3772 AdobeFlashPlayerUpdateSvc - ok 13:15:31.0698 3772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:15:31.0745 3772 adp94xx - ok 13:15:31.0792 3772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:15:31.0823 3772 adpahci - ok 13:15:31.0839 3772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:15:31.0854 3772 adpu320 - ok 13:15:31.0886 3772 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 13:15:32.0057 3772 AeLookupSvc - ok 13:15:32.0104 3772 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 13:15:32.0229 3772 AERTFilters - ok 13:15:32.0244 3772 Afc - ok 13:15:32.0338 3772 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 13:15:32.0385 3772 AFD - ok 13:15:32.0447 3772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:15:32.0463 3772 agp440 - ok 13:15:32.0478 3772 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 13:15:32.0541 3772 ALG - ok 13:15:32.0572 3772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:15:32.0572 3772 aliide - ok 13:15:32.0619 3772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:15:32.0634 3772 amdide - ok 13:15:32.0666 3772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:15:32.0744 3772 AmdK8 - ok 13:15:32.0759 3772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:15:32.0806 3772 AmdPPM - ok 13:15:32.0853 3772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:15:32.0884 3772 amdsata - ok 13:15:32.0931 3772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:15:32.0978 3772 amdsbs - ok 13:15:32.0993 3772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:15:33.0024 3772 amdxata - ok 13:15:33.0087 3772 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys 13:15:33.0134 3772 ApfiltrService - ok 13:15:33.0180 3772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:15:33.0336 3772 AppID - ok 13:15:33.0368 3772 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 13:15:33.0461 3772 AppIDSvc - ok 13:15:33.0508 3772 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 13:15:33.0602 3772 Appinfo - ok 13:15:33.0695 3772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:15:33.0711 3772 arc - ok 13:15:33.0726 3772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:15:33.0742 3772 arcsas - ok 13:15:33.0758 3772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:15:33.0836 3772 AsyncMac - ok 13:15:33.0851 3772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:15:33.0867 3772 atapi - ok 13:15:33.0976 3772 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:15:34.0054 3772 AudioEndpointBuilder - ok 13:15:34.0054 3772 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:15:34.0101 3772 AudioSrv - ok 13:15:34.0226 3772 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe 13:15:34.0257 3772 AVG Security Toolbar Service - ok 13:15:34.0319 3772 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys 13:15:34.0350 3772 Avgfwfd - ok 13:15:34.0631 3772 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe 13:15:34.0694 3772 avgfws - ok 13:15:35.0474 3772 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 13:15:35.0708 3772 AVGIDSAgent - ok 13:15:35.0926 3772 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 13:15:35.0957 3772 AVGIDSDriver - ok 13:15:36.0051 3772 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 13:15:36.0082 3772 AVGIDSEH - ok 13:15:36.0113 3772 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 13:15:36.0129 3772 AVGIDSFilter - ok 13:15:36.0176 3772 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys 13:15:36.0207 3772 Avgldx64 - ok 13:15:36.0238 3772 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys 13:15:36.0254 3772 Avgmfx64 - ok 13:15:36.0285 3772 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys 13:15:36.0300 3772 Avgrkx64 - ok 13:15:36.0363 3772 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys 13:15:36.0410 3772 Avgtdia - ok 13:15:36.0722 3772 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe 13:15:36.0737 3772 avgwd - ok 13:15:36.0815 3772 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 13:15:36.0878 3772 AxInstSV - ok 13:15:36.0940 3772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:15:37.0018 3772 b06bdrv - ok 13:15:37.0080 3772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:15:37.0143 3772 b57nd60a - ok 13:15:37.0174 3772 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys 13:15:37.0190 3772 BCM42RLY - ok 13:15:37.0439 3772 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys 13:15:37.0548 3772 BCM43XX - ok 13:15:37.0751 3772 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 13:15:37.0829 3772 BDESVC - ok 13:15:37.0876 3772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:15:37.0954 3772 Beep - ok 13:15:38.0063 3772 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 13:15:38.0126 3772 BFE - ok 13:15:38.0297 3772 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 13:15:38.0422 3772 BITS - ok 13:15:38.0469 3772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:15:38.0500 3772 blbdrive - ok 13:15:38.0547 3772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:15:38.0594 3772 bowser - ok 13:15:38.0609 3772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:15:38.0687 3772 BrFiltLo - ok 13:15:38.0703 3772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:15:38.0718 3772 BrFiltUp - ok 13:15:38.0750 3772 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 13:15:38.0859 3772 Browser - ok 13:15:38.0906 3772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:15:38.0968 3772 Brserid - ok 13:15:38.0984 3772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:15:39.0015 3772 BrSerWdm - ok 13:15:39.0030 3772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:15:39.0062 3772 BrUsbMdm - ok 13:15:39.0062 3772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:15:39.0108 3772 BrUsbSer - ok 13:15:39.0124 3772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:15:39.0155 3772 BTHMODEM - ok 13:15:39.0202 3772 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 13:15:39.0280 3772 bthserv - ok 13:15:39.0311 3772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:15:39.0405 3772 cdfs - ok 13:15:39.0467 3772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 13:15:39.0530 3772 cdrom - ok 13:15:39.0576 3772 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:15:39.0654 3772 CertPropSvc - ok 13:15:39.0686 3772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:15:39.0717 3772 circlass - ok 13:15:39.0795 3772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:15:39.0857 3772 CLFS - ok 13:15:39.0920 3772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:15:39.0951 3772 clr_optimization_v2.0.50727_32 - ok 13:15:40.0013 3772 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:15:40.0044 3772 clr_optimization_v2.0.50727_64 - ok 13:15:40.0169 3772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:15:40.0200 3772 clr_optimization_v4.0.30319_32 - ok 13:15:40.0263 3772 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:15:40.0294 3772 clr_optimization_v4.0.30319_64 - ok 13:15:40.0325 3772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:15:40.0372 3772 CmBatt - ok 13:15:40.0403 3772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:15:40.0419 3772 cmdide - ok 13:15:40.0497 3772 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:15:40.0590 3772 CNG - ok 13:15:40.0606 3772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:15:40.0622 3772 Compbatt - ok 13:15:40.0684 3772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:15:40.0731 3772 CompositeBus - ok 13:15:40.0731 3772 COMSysApp - ok 13:15:40.0762 3772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:15:40.0762 3772 crcdisk - ok 13:15:40.0840 3772 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 13:15:40.0918 3772 CryptSvc - ok 13:15:40.0965 3772 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 13:15:41.0012 3772 CtClsFlt - ok 13:15:41.0105 3772 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:15:41.0168 3772 DcomLaunch - ok 13:15:41.0214 3772 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 13:15:41.0277 3772 defragsvc - ok 13:15:41.0308 3772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:15:41.0386 3772 DfsC - ok 13:15:41.0448 3772 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 13:15:41.0542 3772 Dhcp - ok 13:15:41.0589 3772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:15:41.0636 3772 discache - ok 13:15:41.0667 3772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:15:41.0698 3772 Disk - ok 13:15:41.0729 3772 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 13:15:41.0823 3772 Dnscache - ok 13:15:41.0901 3772 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 13:15:41.0979 3772 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 13:15:41.0979 3772 DockLoginService - detected UnsignedFile.Multi.Generic (1) 13:15:42.0026 3772 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 13:15:42.0119 3772 dot3svc - ok 13:15:42.0150 3772 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 13:15:42.0228 3772 DPS - ok 13:15:42.0260 3772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:15:42.0291 3772 drmkaud - ok 13:15:42.0478 3772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:15:42.0556 3772 DXGKrnl - ok 13:15:42.0587 3772 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 13:15:42.0665 3772 EapHost - ok 13:15:43.0008 3772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:15:43.0196 3772 ebdrv - ok 13:15:43.0367 3772 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 13:15:43.0398 3772 EFS - ok 13:15:43.0508 3772 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 13:15:43.0570 3772 ehRecvr - ok 13:15:43.0601 3772 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 13:15:43.0648 3772 ehSched - ok 13:15:43.0742 3772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:15:43.0773 3772 elxstor - ok 13:15:43.0820 3772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:15:43.0851 3772 ErrDev - ok 13:15:43.0929 3772 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 13:15:44.0007 3772 EventSystem - ok 13:15:44.0054 3772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:15:44.0100 3772 exfat - ok 13:15:44.0132 3772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:15:44.0194 3772 fastfat - ok 13:15:44.0303 3772 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 13:15:44.0350 3772 Fax - ok 13:15:44.0366 3772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:15:44.0397 3772 fdc - ok 13:15:44.0459 3772 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 13:15:44.0537 3772 fdPHost - ok 13:15:44.0553 3772 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 13:15:44.0600 3772 FDResPub - ok 13:15:44.0631 3772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:15:44.0662 3772 FileInfo - ok 13:15:44.0678 3772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:15:44.0756 3772 Filetrace - ok 13:15:44.0896 3772 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:15:44.0943 3772 FLEXnet Licensing Service - ok 13:15:45.0021 3772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:15:45.0036 3772 flpydisk - ok 13:15:45.0099 3772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:15:45.0161 3772 FltMgr - ok 13:15:45.0348 3772 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 13:15:45.0442 3772 FontCache - ok 13:15:45.0614 3772 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:15:45.0629 3772 FontCache3.0.0.0 - ok 13:15:45.0738 3772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:15:45.0754 3772 FsDepends - ok 13:15:45.0785 3772 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 13:15:45.0816 3772 Fs_Rec - ok 13:15:45.0863 3772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:15:45.0910 3772 fvevol - ok 13:15:45.0957 3772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:15:45.0972 3772 gagp30kx - ok 13:15:46.0097 3772 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 13:15:46.0128 3772 GameConsoleService - ok 13:15:46.0144 3772 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 13:15:46.0160 3772 GoToAssist - ok 13:15:46.0253 3772 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 13:15:46.0331 3772 gpsvc - ok 13:15:46.0362 3772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:15:46.0378 3772 hcw85cir - ok 13:15:46.0425 3772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:15:46.0487 3772 HDAudBus - ok 13:15:46.0534 3772 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 13:15:46.0565 3772 HECIx64 - ok 13:15:46.0565 3772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:15:46.0596 3772 HidBatt - ok 13:15:46.0612 3772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:15:46.0628 3772 HidBth - ok 13:15:46.0690 3772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:15:46.0721 3772 HidIr - ok 13:15:46.0737 3772 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 13:15:46.0799 3772 hidserv - ok 13:15:46.0830 3772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 13:15:46.0846 3772 HidUsb - ok 13:15:46.0877 3772 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 13:15:46.0924 3772 hkmsvc - ok 13:15:46.0986 3772 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 13:15:47.0049 3772 HomeGroupListener - ok 13:15:47.0096 3772 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 13:15:47.0142 3772 HomeGroupProvider - ok 13:15:47.0189 3772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:15:47.0220 3772 HpSAMD - ok 13:15:47.0298 3772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:15:47.0361 3772 HTTP - ok 13:15:47.0392 3772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:15:47.0392 3772 hwpolicy - ok 13:15:47.0439 3772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:15:47.0470 3772 i8042prt - ok 13:15:47.0548 3772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:15:47.0595 3772 iaStorV - ok 13:15:47.0813 3772 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:15:47.0876 3772 idsvc - ok 13:15:48.0671 3772 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys 13:15:48.0952 3772 igfx - ok 13:15:49.0139 3772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:15:49.0155 3772 iirsp - ok 13:15:49.0358 3772 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 13:15:49.0436 3772 IKEEXT - ok 13:15:49.0467 3772 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys 13:15:49.0498 3772 Impcd - ok 13:15:49.0701 3772 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys 13:15:49.0810 3772 IntcAzAudAddService - ok 13:15:50.0044 3772 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 13:15:50.0122 3772 IntcDAud - ok 13:15:50.0169 3772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:15:50.0184 3772 intelide - ok 13:15:50.0216 3772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:15:50.0262 3772 intelppm - ok 13:15:50.0294 3772 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 13:15:50.0387 3772 IPBusEnum - ok 13:15:50.0418 3772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:15:50.0481 3772 IpFilterDriver - ok 13:15:50.0559 3772 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 13:15:50.0621 3772 iphlpsvc - ok 13:15:50.0652 3772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:15:50.0684 3772 IPMIDRV - ok 13:15:50.0715 3772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:15:50.0793 3772 IPNAT - ok 13:15:50.0855 3772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:15:50.0949 3772 IRENUM - ok 13:15:50.0996 3772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:15:51.0011 3772 isapnp - ok 13:15:51.0058 3772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:15:51.0105 3772 iScsiPrt - ok 13:15:51.0245 3772 iYogiURLHit.exe (0b7b4a7f60880382789084ba02d142b7) C:\Program Files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe 13:15:51.0276 3772 iYogiURLHit.exe ( UnsignedFile.Multi.Generic ) - warning 13:15:51.0276 3772 iYogiURLHit.exe - detected UnsignedFile.Multi.Generic (1) 13:15:51.0292 3772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:15:51.0323 3772 kbdclass - ok 13:15:51.0370 3772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:15:51.0401 3772 kbdhid - ok 13:15:51.0417 3772 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:15:51.0448 3772 KeyIso - ok 13:15:51.0479 3772 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:15:51.0526 3772 KSecDD - ok 13:15:51.0557 3772 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:15:51.0588 3772 KSecPkg - ok 13:15:51.0620 3772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:15:51.0698 3772 ksthunk - ok 13:15:51.0760 3772 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 13:15:51.0854 3772 KtmRm - ok 13:15:51.0900 3772 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 13:15:51.0978 3772 LanmanServer - ok 13:15:52.0041 3772 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 13:15:52.0119 3772 LanmanWorkstation - ok 13:15:52.0166 3772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:15:52.0228 3772 lltdio - ok 13:15:52.0275 3772 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 13:15:52.0353 3772 lltdsvc - ok 13:15:52.0368 3772 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 13:15:52.0415 3772 lmhosts - ok 13:15:52.0431 3772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:15:52.0478 3772 LSI_FC - ok 13:15:52.0493 3772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:15:52.0524 3772 LSI_SAS - ok 13:15:52.0540 3772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:15:52.0540 3772 LSI_SAS2 - ok 13:15:52.0571 3772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:15:52.0634 3772 LSI_SCSI - ok 13:15:52.0649 3772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:15:52.0712 3772 luafv - ok 13:15:52.0743 3772 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 13:15:52.0805 3772 Mcx2Svc - ok 13:15:52.0836 3772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:15:52.0852 3772 megasas - ok 13:15:52.0883 3772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:15:52.0899 3772 MegaSR - ok 13:15:52.0930 3772 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:15:52.0977 3772 MMCSS - ok 13:15:53.0039 3772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:15:53.0102 3772 Modem - ok 13:15:53.0117 3772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:15:53.0148 3772 monitor - ok 13:15:53.0211 3772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:15:53.0242 3772 mouclass - ok 13:15:53.0258 3772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:15:53.0304 3772 mouhid - ok 13:15:53.0336 3772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:15:53.0367 3772 mountmgr - ok 13:15:53.0460 3772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:15:53.0507 3772 mpio - ok 13:15:53.0538 3772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:15:53.0601 3772 mpsdrv - ok 13:15:53.0788 3772 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 13:15:53.0850 3772 MpsSvc - ok 13:15:53.0882 3772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:15:53.0928 3772 MRxDAV - ok 13:15:53.0975 3772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:15:54.0006 3772 mrxsmb - ok 13:15:54.0069 3772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:15:54.0100 3772 mrxsmb10 - ok 13:15:54.0147 3772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:15:54.0178 3772 mrxsmb20 - ok 13:15:54.0209 3772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:15:54.0209 3772 msahci - ok 13:15:54.0240 3772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:15:54.0272 3772 msdsm - ok 13:15:54.0303 3772 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 13:15:54.0334 3772 MSDTC - ok 13:15:54.0381 3772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:15:54.0412 3772 Msfs - ok 13:15:54.0443 3772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:15:54.0474 3772 mshidkmdf - ok 13:15:54.0490 3772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:15:54.0506 3772 msisadrv - ok 13:15:54.0552 3772 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 13:15:54.0615 3772 MSiSCSI - ok 13:15:54.0615 3772 msiserver - ok 13:15:54.0646 3772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:15:54.0693 3772 MSKSSRV - ok 13:15:54.0708 3772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:15:54.0771 3772 MSPCLOCK - ok 13:15:54.0786 3772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:15:54.0849 3772 MSPQM - ok 13:15:54.0880 3772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:15:54.0911 3772 MsRPC - ok 13:15:54.0942 3772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:15:54.0958 3772 mssmbios - ok 13:15:54.0989 3772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:15:55.0036 3772 MSTEE - ok 13:15:55.0052 3772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:15:55.0067 3772 MTConfig - ok 13:15:55.0083 3772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:15:55.0098 3772 Mup - ok 13:15:55.0161 3772 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 13:15:55.0208 3772 napagent - ok 13:15:55.0270 3772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:15:55.0301 3772 NativeWifiP - ok 13:15:55.0395 3772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:15:55.0426 3772 NDIS - ok 13:15:55.0457 3772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:15:55.0488 3772 NdisCap - ok 13:15:55.0520 3772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:15:55.0551 3772 NdisTapi - ok 13:15:55.0582 3772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:15:55.0644 3772 Ndisuio - ok 13:15:55.0660 3772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:15:55.0754 3772 NdisWan - ok 13:15:55.0785 3772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:15:55.0832 3772 NDProxy - ok 13:15:55.0847 3772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:15:55.0894 3772 NetBIOS - ok 13:15:55.0956 3772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:15:56.0050 3772 NetBT - ok 13:15:56.0081 3772 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:15:56.0097 3772 Netlogon - ok 13:15:56.0159 3772 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 13:15:56.0222 3772 Netman - ok 13:15:56.0253 3772 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 13:15:56.0315 3772 netprofm - ok 13:15:56.0424 3772 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:15:56.0440 3772 NetTcpPortSharing - ok 13:15:56.0487 3772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:15:56.0502 3772 nfrd960 - ok 13:15:56.0549 3772 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 13:15:56.0643 3772 NlaSvc - ok 13:15:56.0658 3772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:15:56.0705 3772 Npfs - ok 13:15:56.0721 3772 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 13:15:56.0768 3772 nsi - ok 13:15:56.0783 3772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:15:56.0814 3772 nsiproxy - ok 13:15:56.0955 3772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:15:57.0017 3772 Ntfs - ok 13:15:57.0142 3772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:15:57.0189 3772 Null - ok 13:15:57.0236 3772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:15:57.0267 3772 nvraid - ok 13:15:57.0314 3772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:15:57.0345 3772 nvstor - ok 13:15:57.0392 3772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:15:57.0423 3772 nv_agp - ok 13:15:57.0438 3772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:15:57.0470 3772 ohci1394 - ok 13:15:57.0516 3772 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:15:57.0548 3772 p2pimsvc - ok 13:15:57.0610 3772 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 13:15:57.0626 3772 p2psvc - ok 13:15:57.0657 3772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:15:57.0672 3772 Parport - ok 13:15:57.0719 3772 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 13:15:57.0750 3772 partmgr - ok 13:15:57.0766 3772 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 13:15:57.0797 3772 PcaSvc - ok 13:15:57.0922 3772 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms 13:15:57.0938 3772 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok 13:15:57.0984 3772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:15:58.0016 3772 pci - ok 13:15:58.0047 3772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:15:58.0062 3772 pciide - ok 13:15:58.0125 3772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:15:58.0156 3772 pcmcia - ok 13:15:58.0187 3772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:15:58.0203 3772 pcw - ok 13:15:58.0250 3772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:15:58.0312 3772 PEAUTH - ok 13:15:58.0390 3772 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 13:15:58.0421 3772 PerfHost - ok 13:15:58.0530 3772 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 13:15:58.0655 3772 pla - ok 13:15:58.0733 3772 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 13:15:58.0764 3772 PlugPlay - ok 13:15:58.0796 3772 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 13:15:58.0842 3772 PNRPAutoReg - ok 13:15:58.0889 3772 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:15:58.0889 3772 PNRPsvc - ok 13:15:58.0952 3772 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 13:15:59.0030 3772 PolicyAgent - ok 13:15:59.0061 3772 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 13:15:59.0108 3772 Power - ok 13:15:59.0170 3772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:15:59.0232 3772 PptpMiniport - ok 13:15:59.0264 3772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:15:59.0295 3772 Processor - ok 13:15:59.0326 3772 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 13:15:59.0373 3772 ProfSvc - ok 13:15:59.0404 3772 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:15:59.0420 3772 ProtectedStorage - ok 13:15:59.0482 3772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:15:59.0529 3772 Psched - ok 13:15:59.0591 3772 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 13:15:59.0591 3772 PxHlpa64 - ok 13:15:59.0716 3772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:15:59.0763 3772 ql2300 - ok 13:15:59.0903 3772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:15:59.0934 3772 ql40xx - ok 13:15:59.0981 3772 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 13:16:00.0012 3772 QWAVE - ok 13:16:00.0028 3772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:16:00.0075 3772 QWAVEdrv - ok 13:16:00.0090 3772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:16:00.0137 3772 RasAcd - ok 13:16:00.0184 3772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:16:00.0231 3772 RasAgileVpn - ok 13:16:00.0246 3772 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 13:16:00.0309 3772 RasAuto - ok 13:16:00.0340 3772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:16:00.0402 3772 Rasl2tp - ok 13:16:00.0449 3772 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 13:16:00.0512 3772 RasMan - ok 13:16:00.0527 3772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:16:00.0574 3772 RasPppoe - ok 13:16:00.0605 3772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:16:00.0668 3772 RasSstp - ok 13:16:00.0683 3772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:16:00.0761 3772 rdbss - ok 13:16:00.0777 3772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:16:00.0839 3772 rdpbus - ok 13:16:00.0870 3772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:16:00.0917 3772 RDPCDD - ok 13:16:00.0933 3772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:16:00.0964 3772 RDPENCDD - ok 13:16:01.0011 3772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:16:01.0042 3772 RDPREFMP - ok 13:16:01.0089 3772 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 13:16:01.0120 3772 RDPWD - ok 13:16:01.0198 3772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:16:01.0229 3772 rdyboost - ok 13:16:01.0260 3772 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 13:16:01.0323 3772 RemoteAccess - ok 13:16:01.0370 3772 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 13:16:01.0432 3772 RemoteRegistry - ok 13:16:01.0448 3772 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 13:16:01.0494 3772 RpcEptMapper - ok 13:16:01.0526 3772 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 13:16:01.0541 3772 RpcLocator - ok 13:16:01.0604 3772 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:16:01.0666 3772 RpcSs - ok 13:16:01.0697 3772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:16:01.0760 3772 rspndr - ok 13:16:01.0806 3772 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys 13:16:01.0838 3772 RSUSBSTOR - ok 13:16:01.0884 3772 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys 13:16:01.0947 3772 RTL8167 - ok 13:16:01.0978 3772 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:16:01.0994 3772 SamSs - ok 13:16:02.0025 3772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:16:02.0072 3772 sbp2port - ok 13:16:02.0243 3772 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 13:16:02.0290 3772 SBSDWSCService - ok 13:16:02.0337 3772 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 13:16:02.0399 3772 SCardSvr - ok 13:16:02.0477 3772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:16:02.0540 3772 scfilter - ok 13:16:02.0664 3772 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 13:16:02.0758 3772 Schedule - ok 13:16:02.0789 3772 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:16:02.0836 3772 SCPolicySvc - ok 13:16:02.0883 3772 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 13:16:02.0930 3772 SDRSVC - ok 13:16:03.0039 3772 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 13:16:03.0070 3772 SeaPort - ok 13:16:03.0117 3772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:16:03.0148 3772 secdrv - ok 13:16:03.0179 3772 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 13:16:03.0242 3772 seclogon - ok 13:16:03.0257 3772 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 13:16:03.0304 3772 SENS - ok 13:16:03.0320 3772 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 13:16:03.0351 3772 SensrSvc - ok 13:16:03.0366 3772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:16:03.0398 3772 Serenum - ok 13:16:03.0444 3772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:16:03.0491 3772 Serial - ok 13:16:03.0538 3772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:16:03.0554 3772 sermouse - ok 13:16:03.0600 3772 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 13:16:03.0663 3772 SessionEnv - ok 13:16:03.0694 3772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:16:03.0725 3772 sffdisk - ok 13:16:03.0741 3772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:16:03.0756 3772 sffp_mmc - ok 13:16:03.0772 3772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:16:03.0788 3772 sffp_sd - ok 13:16:03.0819 3772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:16:03.0834 3772 sfloppy - ok 13:16:03.0881 3772 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 13:16:03.0959 3772 SharedAccess - ok 13:16:04.0022 3772 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 13:16:04.0084 3772 ShellHWDetection - ok 13:16:04.0100 3772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:16:04.0115 3772 SiSRaid2 - ok 13:16:04.0131 3772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:16:04.0146 3772 SiSRaid4 - ok 13:16:04.0178 3772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:16:04.0224 3772 Smb - ok 13:16:04.0256 3772 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 13:16:04.0287 3772 SNMPTRAP - ok 13:16:04.0302 3772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:16:04.0318 3772 spldr - ok 13:16:04.0380 3772 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 13:16:04.0443 3772 Spooler - ok 13:16:04.0786 3772 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 13:16:04.0895 3772 sppsvc - ok 13:16:05.0036 3772 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 13:16:05.0098 3772 sppuinotify - ok 13:16:05.0176 3772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:16:05.0238 3772 srv - ok 13:16:05.0301 3772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:16:05.0348 3772 srv2 - ok 13:16:05.0363 3772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:16:05.0394 3772 srvnet - ok 13:16:05.0441 3772 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 13:16:05.0519 3772 SSDPSRV - ok 13:16:05.0535 3772 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 13:16:05.0613 3772 SstpSvc - ok 13:16:05.0628 3772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:16:05.0644 3772 stexstor - ok 13:16:05.0706 3772 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 13:16:05.0769 3772 stisvc - ok 13:16:05.0925 3772 SupportDockClientService.exe (3d9deca9db329aa22db331d060b5a1c3) C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe 13:16:05.0925 3772 SupportDockClientService.exe ( UnsignedFile.Multi.Generic ) - warning 13:16:05.0925 3772 SupportDockClientService.exe - detected UnsignedFile.Multi.Generic (1) 13:16:05.0987 3772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:16:06.0003 3772 swenum - ok 13:16:06.0346 3772 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 13:16:06.0424 3772 swprv - ok 13:16:06.0861 3772 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 13:16:06.0954 3772 SysMain - ok 13:16:07.0126 3772 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 13:16:07.0173 3772 TabletInputService - ok 13:16:07.0235 3772 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 13:16:07.0298 3772 TapiSrv - ok 13:16:07.0329 3772 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 13:16:07.0360 3772 TBS - ok 13:16:07.0563 3772 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 13:16:07.0610 3772 Tcpip - ok 13:16:07.0890 3772 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 13:16:07.0937 3772 TCPIP6 - ok 13:16:08.0046 3772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:16:08.0124 3772 tcpipreg - ok 13:16:08.0156 3772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:16:08.0202 3772 TDPIPE - ok 13:16:08.0234 3772 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 13:16:08.0280 3772 TDTCP - ok 13:16:08.0312 3772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:16:08.0374 3772 tdx - ok 13:16:08.0624 3772 TeamViewer5 (2a64c802f4c8aa00ac8472c771688e00) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe 13:16:08.0702 3772 TeamViewer5 - ok 13:16:08.0842 3772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:16:08.0858 3772 TermDD - ok 13:16:08.0951 3772 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 13:16:09.0029 3772 TermService - ok 13:16:09.0045 3772 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 13:16:09.0076 3772 Themes - ok 13:16:09.0092 3772 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:16:09.0123 3772 THREADORDER - ok 13:16:09.0154 3772 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 13:16:09.0232 3772 TrkWks - ok 13:16:09.0294 3772 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 13:16:09.0372 3772 TrustedInstaller - ok 13:16:09.0388 3772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:16:09.0450 3772 tssecsrv - ok 13:16:09.0497 3772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:16:09.0528 3772 TsUsbFlt - ok 13:16:09.0560 3772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:16:09.0653 3772 tunnel - ok 13:16:09.0669 3772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:16:09.0684 3772 uagp35 - ok 13:16:09.0731 3772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:16:09.0809 3772 udfs - ok 13:16:09.0840 3772 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 13:16:09.0872 3772 UI0Detect - ok 13:16:09.0918 3772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:16:09.0950 3772 uliagpkx - ok 13:16:10.0012 3772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:16:10.0059 3772 umbus - ok 13:16:10.0121 3772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:16:10.0152 3772 UmPass - ok 13:16:10.0199 3772 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 13:16:10.0262 3772 upnphost - ok 13:16:10.0293 3772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:16:10.0324 3772 usbccgp - ok 13:16:10.0371 3772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:16:10.0433 3772 usbcir - ok 13:16:10.0464 3772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 13:16:10.0496 3772 usbehci - ok 13:16:10.0558 3772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:16:10.0605 3772 usbhub - ok 13:16:10.0636 3772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 13:16:10.0667 3772 usbohci - ok 13:16:10.0714 3772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:16:10.0745 3772 usbprint - ok 13:16:10.0761 3772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 13:16:10.0792 3772 usbscan - ok 13:16:10.0823 3772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:16:10.0854 3772 USBSTOR - ok 13:16:10.0886 3772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 13:16:10.0917 3772 usbuhci - ok 13:16:10.0979 3772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 13:16:11.0010 3772 usbvideo - ok 13:16:11.0057 3772 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 13:16:11.0120 3772 UxSms - ok 13:16:11.0135 3772 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:16:11.0151 3772 VaultSvc - ok 13:16:11.0229 3772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:16:11.0260 3772 vdrvroot - ok 13:16:11.0322 3772 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 13:16:11.0385 3772 vds - ok 13:16:11.0416 3772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:16:11.0447 3772 vga - ok 13:16:11.0447 3772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:16:11.0494 3772 VgaSave - ok 13:16:11.0541 3772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:16:11.0572 3772 vhdmp - ok 13:16:11.0619 3772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:16:11.0634 3772 viaide - ok 13:16:11.0666 3772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:16:11.0697 3772 volmgr - ok 13:16:11.0790 3772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:16:11.0837 3772 volmgrx - ok 13:16:11.0884 3772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:16:11.0931 3772 volsnap - ok 13:16:11.0978 3772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:16:12.0009 3772 vsmraid - ok 13:16:12.0180 3772 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 13:16:12.0274 3772 VSS - ok 13:16:12.0508 3772 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe 13:16:12.0555 3772 vToolbarUpdater11.1.0 - ok 13:16:12.0711 3772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:16:12.0758 3772 vwifibus - ok 13:16:12.0773 3772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:16:12.0804 3772 vwififlt - ok 13:16:12.0851 3772 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:16:12.0914 3772 W32Time - ok 13:16:12.0929 3772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:16:12.0945 3772 WacomPen - ok 13:16:12.0992 3772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:16:13.0054 3772 WANARP - ok 13:16:13.0070 3772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:16:13.0116 3772 Wanarpv6 - ok 13:16:13.0257 3772 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 13:16:13.0350 3772 WatAdminSvc - ok 13:16:13.0491 3772 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 13:16:13.0538 3772 wbengine - ok 13:16:13.0678 3772 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:16:13.0725 3772 WbioSrvc - ok 13:16:13.0772 3772 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 13:16:13.0834 3772 wcncsvc - ok 13:16:13.0850 3772 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 13:16:13.0865 3772 WcsPlugInService - ok 13:16:13.0896 3772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:16:13.0912 3772 Wd - ok 13:16:13.0974 3772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:16:14.0037 3772 Wdf01000 - ok 13:16:14.0068 3772 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:16:14.0115 3772 WdiServiceHost - ok 13:16:14.0115 3772 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:16:14.0146 3772 WdiSystemHost - ok 13:16:14.0177 3772 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 13:16:14.0255 3772 WebClient - ok 13:16:14.0286 3772 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:16:14.0364 3772 Wecsvc - ok 13:16:14.0396 3772 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:16:14.0442 3772 wercplsupport - ok 13:16:14.0474 3772 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:16:14.0505 3772 WerSvc - ok 13:16:14.0567 3772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:16:14.0630 3772 WfpLwf - ok 13:16:14.0645 3772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:16:14.0661 3772 WIMMount - ok 13:16:14.0692 3772 WinDefend - ok 13:16:14.0692 3772 WinHttpAutoProxySvc - ok 13:16:14.0754 3772 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:16:14.0817 3772 Winmgmt - ok 13:16:15.0020 3772 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 13:16:15.0113 3772 WinRM - ok 13:16:15.0332 3772 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:16:15.0410 3772 Wlansvc - ok 13:16:15.0659 3772 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:16:15.0722 3772 wlidsvc - ok 13:16:15.0784 3772 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 13:16:15.0800 3772 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 13:16:15.0800 3772 wltrysvc - detected UnsignedFile.Multi.Generic (1) 13:16:15.0940 3772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:16:15.0971 3772 WmiAcpi - ok 13:16:16.0034 3772 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:16:16.0080 3772 wmiApSrv - ok 13:16:16.0112 3772 WMPNetworkSvc - ok 13:16:16.0143 3772 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:16:16.0158 3772 WPCSvc - ok 13:16:16.0205 3772 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 13:16:16.0252 3772 WPDBusEnum - ok 13:16:16.0299 3772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:16:16.0346 3772 ws2ifsl - ok 13:16:16.0377 3772 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 13:16:16.0408 3772 wscsvc - ok 13:16:16.0408 3772 WSearch - ok 13:16:16.0626 3772 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 13:16:16.0704 3772 wuauserv - ok 13:16:16.0860 3772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:16:16.0923 3772 WudfPf - ok 13:16:16.0970 3772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:16:17.0032 3772 WUDFRd - ok 13:16:17.0048 3772 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 13:16:17.0094 3772 wudfsvc - ok 13:16:17.0126 3772 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 13:16:17.0172 3772 WwanSvc - ok 13:16:17.0204 3772 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:16:17.0672 3772 \Device\Harddisk0\DR0 - ok 13:16:17.0672 3772 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0 13:16:17.0672 3772 \Device\Harddisk0\DR0\Partition0 - ok 13:16:17.0687 3772 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1 13:16:17.0703 3772 \Device\Harddisk0\DR0\Partition1 - ok 13:16:17.0718 3772 Boot (0x1200) (5ea90ad8fd976695ced9d65df11e398f) \Device\Harddisk0\DR0\Partition2 13:16:17.0718 3772 \Device\Harddisk0\DR0\Partition2 - ok 13:16:17.0718 3772 ============================================================ 13:16:17.0718 3772 Scan finished 13:16:17.0718 3772 ============================================================ 13:16:17.0734 0208 Detected object count: 4 13:16:17.0734 0208 Actual detected object count: 4 13:18:46.0200 0208 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:46.0200 0208 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:46.0200 0208 iYogiURLHit.exe ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:46.0200 0208 iYogiURLHit.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:46.0200 0208 SupportDockClientService.exe ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:46.0200 0208 SupportDockClientService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:18:46.0200 0208 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:18:46.0200 0208 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:16.0682 1704 Deinitialize success

Thanks MrC! Here is the roguekiller report: RogueKiller V7.6.0 [06/26/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Judith [Admin rights] Mode: Scan -- Date: 06/27/2012 12:47:12 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [ROGUE ST] HKLM\[...]\Policies\Explorer\Run : 63726 (C:\PROGRA~3\LOCALS~1\Temp\ydmopeomydw.cmd) -> FOUND [ROGUE ST] HKLM\[...]\Wow6432Node\Policies\Explorer\Run : 63726 (C:\PROGRA~3\LOCALS~1\Temp\ydmopeomydw.cmd) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\WLXPGSS.SCR) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75ZAT0 ATA Device +++++ --- User --- [MBR] 3ba969ee2cc047bdb3b710487d5dcce1 [bSP] 679622b6581f2beb419270d0e98cd78d : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20686848 | Size: 60000 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143566848 | Size: 406838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hi. I sure would appreciate some help on this one... Mbam succesfully removes trojan.agent only to have it reappear again! Thanks for any insight into this one.... DaveFL DDS.txt Attach.txt