Wanda

Requested files have been deleted and the programs have been cleaned up. Thank you again for all of your help in cleaning up both computers. Wanda

Unneeded start up programs have been deleted. Here is the log from the ESET Scan: C:\MGtools\Process.exe Win32/PrcView application C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application C:\Users\Wanda\Downloads\audioextractor.exe Win32/InstallMonetizer.AF application C:\Users\Wanda\Downloads\cbsidlm-cbsi5_2_0_83-JetAudio_Basic-ORG2-10013740.exe a variant of Win32/CNETInstaller.A application C:\Users\Wanda\Downloads\cdbxp_setup_4.5.0.3661.exe Win32/OpenCandy application C:\Users\Wanda\Downloads\setup.exe Win32/OutBrowse.C application C:\Users\Zachary\Downloads\CheatEngine62.exe multiple threats

I uninstalled all of the Java programs using Revo and then added back both Java 7 and 6 since my son's friends use my laptop to play multiplayer Minecraft games. Yes, I know this is a security concern just like on the desktop but you know how it doesn't work on Java 6. Temp files were cleaned with CCleaner. The successful Malwarebytes log is below: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 1/13/2013 11:21:53 PM mbam-log-2013-01-13 (23-21-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 282895 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The HiJackthis log is below: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:35:47 PM, on 1/13/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe (file missing) O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe (file missing) O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\SysWOW64\PSIService.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15144 bytes My son's friend played Minecraft this afternoon and didn't report any problems on the laptop. It seems to be running better. Wanda

Thank you for reopening this post. Here is the Combofix scan with the extra commands log Gringo requested me to do. ComboFix 13-01-12.01 - Wanda 01/12/2013 23:12:52.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2392 [GMT -6:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe Command switches used :: c:\users\Wanda\Desktop\CFScript.txt FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanda\AppData\Roaming\Roaming c:\users\Wanda\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Ben\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-13 04:41 . 2013-01-13 05:21 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-13 04:29 . 2012-11-28 16:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-12 20:56 . 2013-01-12 21:05 -------- d-----w- c:\users\Zachary\Warcraft III 1.21b TFT Installer enUS 2013-01-12 20:55 . 2013-01-12 23:03 -------- d-----w- c:\users\Zachary\Warcraft III 2013-01-12 20:55 . 2013-01-12 20:55 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2013-01-12 20:43 . 2013-01-12 20:53 -------- d-----w- c:\users\Zachary\Warcraft III 1.21b ROC Installer enUS 2013-01-11 16:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-10 23:48 . 2013-01-10 23:48 -------- d-----w- c:\users\Zachary\AppData\Local\DimensionU Games 2013-01-09 18:19 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:19 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:18 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:18 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:18 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:18 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:18 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:18 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:18 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 18:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 18:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 18:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 17:16 . 2013-01-09 19:53 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2013-01-09 17:16 . 2013-01-09 17:16 -------- d-----w- c:\program files (x86)\Acronis 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- C:\Plug-ins 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- c:\program files (x86)\MakeMusic 2012-12-31 15:53 . 2012-12-31 15:53 -------- d-----w- c:\program files\iPod 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files\iTunes 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files (x86)\iTunes 2012-12-30 20:28 . 2012-12-30 20:28 -------- d-----w- c:\users\Ben\AppData\Roaming\RealNetworks 2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\RealNetworks 2012-12-24 03:10 . 2012-12-24 03:10 -------- d-----w- c:\users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:07 -------- d-----w- c:\program files (x86)\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\programdata\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-12-24 03:03 . 2012-12-24 03:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03 . 2012-12-24 03:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 19:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 22:04 . 2012-12-15 22:04 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-12-15 21:06 . 2012-12-15 22:08 -------- d-----w- c:\users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03 . 2012-12-15 21:03 -------- d-----w- c:\users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02 . 2012-12-15 21:03 -------- d-----w- c:\program files (x86)\Coupon Companion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 22:41 . 2011-07-03 23:02 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:09 . 2012-04-04 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:09 . 2011-11-01 04:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 22:49 . 2012-06-30 21:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 18:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-15 21:56 . 2012-06-03 15:33 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56 . 2011-03-24 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-14 07:06 . 2012-12-12 16:05 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 16:05 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 16:06 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 16:06 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 16:06 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 16:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 16:06 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 16:06 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 16:06 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 16:06 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 16:06 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 16:06 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 16:06 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 16:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 16:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 16:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 16:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 16:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 15:59 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 15:56 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 15:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 20:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-24 295072] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-10 140672] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "ISW"="" [bU] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 23:46:18 ComboFix-quarantined-files.txt 2013-01-13 05:46 ComboFix2.txt 2013-01-12 15:59 ComboFix3.txt 2012-07-04 15:26 ComboFix4.txt 2012-07-04 00:46 . Pre-Run: 43,775,737,856 bytes free Post-Run: 43,062,157,312 bytes free . - - End Of File - - F28F313539937B6B77E68D32400AC1A9 My son's friend who used the laptop computer for several hours yesterday said it worked better than last weekend and didn't report any problems. Thank you for your assistance in finishing the clean up of this computer.

Wow it took awhile to run the Combofix but it did finish. I found out while looking at the log file that Windows Defender SP was still on. I didn't know I had this running in addition to my ZoneAlarm. I turned it off after running Combofix. The computer still seems slow in booting up and logging off but maybe that is due to all the extra programs running. I didn't see anything else unusual yesterday but truly didn't see anything unusual except for a bit slow boots and closedowns before I ran the monthly scan. I was actually surprised that it found a virus. Below is the log from the Combofix run: ComboFix 13-01-12.01 - Wanda 01/12/2013 9:19.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2555 [GMT -6:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\server.log . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Ben\AppData\Local\temp 2013-01-11 16:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-10 23:48 . 2013-01-10 23:48 -------- d-----w- c:\users\Zachary\AppData\Local\DimensionU Games 2013-01-09 18:19 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:19 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:18 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:18 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:18 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:18 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:18 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:18 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:18 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 18:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 18:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 18:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 17:16 . 2013-01-09 19:53 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2013-01-09 17:16 . 2013-01-09 17:16 -------- d-----w- c:\program files (x86)\Acronis 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- C:\Plug-ins 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- c:\program files (x86)\MakeMusic 2012-12-31 15:53 . 2012-12-31 15:53 -------- d-----w- c:\program files\iPod 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files\iTunes 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files (x86)\iTunes 2012-12-30 20:28 . 2012-12-30 20:28 -------- d-----w- c:\users\Ben\AppData\Roaming\RealNetworks 2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\RealNetworks 2012-12-24 03:10 . 2012-12-24 03:10 -------- d-----w- c:\users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:07 -------- d-----w- c:\program files (x86)\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\programdata\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-12-24 03:03 . 2012-12-24 03:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03 . 2012-12-24 03:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 19:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 22:04 . 2012-12-15 22:04 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-12-15 21:06 . 2012-12-15 22:08 -------- d-----w- c:\users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03 . 2012-12-15 21:03 -------- d-----w- c:\users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02 . 2012-12-15 21:03 -------- d-----w- c:\program files (x86)\Coupon Companion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 15:35 . 2012-07-04 17:47 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-09 22:41 . 2011-07-03 23:02 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:09 . 2012-04-04 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:09 . 2011-11-01 04:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 22:49 . 2012-06-30 21:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 18:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-15 21:56 . 2012-11-15 21:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:56 . 2012-06-03 15:33 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56 . 2011-03-24 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-14 07:06 . 2012-12-12 16:05 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 16:05 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 16:06 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 16:06 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 16:06 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 16:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 16:06 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 16:06 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 16:06 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 16:06 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 16:06 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 16:06 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 16:06 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 16:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 16:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 16:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 16:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 16:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 15:59 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 15:56 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 15:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 20:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-24 295072] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-10 140672] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "ISW"="" [bU] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 09:59:27 ComboFix-quarantined-files.txt 2013-01-12 15:59 ComboFix2.txt 2012-07-04 15:26 ComboFix3.txt 2012-07-04 00:46 . Pre-Run: 44,014,526,464 bytes free Post-Run: 45,583,974,400 bytes free . - - End Of File - - 453FE3F174364B17AADD16101E31B6E2

Thank you for your quick response to my virus issue. Below are the logs that you requested: Security Check Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ZoneAlarm Extreme Security Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Spybot - Search & Destroy Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 37 Java 7 Update 9 Java SE Development Kit 6 Update 32 Java SE Development Kit 6 Update 33 Java SE Development Kit 6 Update 35 Java SE Development Kit 6 Update 37 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! BillP Studios WinPatrol WinPatrol.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log`````````````````````` Adware Cleaner # AdwCleaner v2.105 - Logfile created 01/11/2013 at 14:22:02 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Wanda - TOSHIBALAPTOP # Boot Mode : Normal # Running from : C:\Users\Wanda\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\user.js Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Wanda\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Wanda\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Wanda\AppData\Roaming\yourfiledownloader Folder Deleted : C:\Users\Zachary\AppData\Local\Conduit Folder Deleted : C:\Users\Zachary\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Zachary\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\SweetIM Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Zachary\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3719 octets] - [11/01/2013 14:22:02] ########## EOF - C:\AdwCleaner[s1].txt - [3779 octets] ########## Rouge Killer Report 1 RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Wanda [Admin rights] Mode : Scan -- Date : 01/11/2013 14:33:49 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 12 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Craftbukkit server - Shortcut.lnk @Zachary : C:\Users\Zachary\Desktop\Craftbukkit server -> FOUND [sTARTUP][sUSP PATH] Play Roblox.lnk @Zachary : C:\Users\Wanda\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\Roblox.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++ --- User --- [MBR] 9a16b4edb03fb02adc82e492c63f619a [bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289686 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01112013_02d1433.txt >> RKreport[1]_S_01112013_02d1433.txt Rouge Killer Report 2 RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Wanda [Admin rights] Mode : Remove -- Date : 01/11/2013 14:34:35 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED [sTARTUP][sUSP PATH] Craftbukkit server - Shortcut.lnk @Zachary : C:\Users\Zachary\Desktop\Craftbukkit server -> DELETED [sTARTUP][sUSP PATH] Play Roblox.lnk @Zachary : C:\Users\Wanda\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\Roblox.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++ --- User --- [MBR] 9a16b4edb03fb02adc82e492c63f619a [bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289686 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01112013_02d1434.txt >> RKreport[1]_S_01112013_02d1433.txt ; RKreport[2]_D_01112013_02d1434.txt

When I did my monthly full computer Malwarebytes scan yesterday, it found the PUP.Crossfire.SA virus in two registry values. It quarantined and removed these entries but I am not sure if the full virus problem has been cleaned up by Malwarebytes. The computer was been a bit slow and having occasional popup blank messages but don't know if the virus is causing that. Sorry I don't have much details since the last month has been crazy with the holidays and I just try to quickly do what I need to on the computer and then get off. Thank you for you assistance in verifying the virus has been fully cleaned from my computer. Wanda Below is the original Malwarebytes scan log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 1/10/2013 12:21:12 PM mbam-log-2013-01-10 (12-21-12).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 644315 Time elapsed: 3 hour(s), 6 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Below is the requested dds.txt log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Wanda at 11:59:24 on 2013-01-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1959 [GMT -6:00] . AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\System32\svchost.exe -k netsvcs C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Prey\platform\windows\cronsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\windows\SysWOW64\PSIService.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\windows\system32\vssvc.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k swprv C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\windows\system32\UI0Detect.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\windows\splwow64.exe C:\windows\system32\taskeng.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{07B503F0-69D1-418D-B7C9-9AB8B8DF3E4A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{3747888A-9252-4A1E-AB08-0CF43D921E1E} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [iSW] <no file> x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2010-10-14 11864] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-10-19 827520] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-10-20 2823512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-5 1153368] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-21 2656280] R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-21 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\System32\drivers\stdriver64.sys [2011-9-15 103512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-7-5 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-22 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-22 307304] S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-3 1255736] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-11 16:32:45 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-09 18:19:28 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-09 18:19:28 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 18:18:32 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-09 18:18:32 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-09 18:18:31 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-09 18:18:31 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-09 18:18:28 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-09 18:18:28 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18:23 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-09 18:18:23 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-09 18:12:47 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-01-09 18:10:39 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-09 18:10:37 3149824 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 17:10:45 -------- d-----w- C:\Plug-ins 2013-01-04 17:10:41 -------- d-----w- C:\Program Files (x86)\MakeMusic 2012-12-31 15:53:26 -------- d-----w- C:\Program Files\iPod 2012-12-31 15:53:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53:25 -------- d-----w- C:\Program Files\iTunes 2012-12-31 15:53:25 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-24 03:10:07 -------- d-----w- C:\Users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06:58 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-12-24 03:06:47 -------- d-----w- C:\ProgramData\RealNetworks 2012-12-24 03:06:00 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-12-24 03:03:52 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03:52 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33:43 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 19:33:43 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 19:33:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 19:33:42 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05:15 -------- d-----w- C:\ProgramData\Canneverbe Limited 2012-12-15 22:05:14 -------- d-----w- C:\Users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 21:06:36 -------- d-----w- C:\Users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03:07 -------- d-----w- C:\Users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02:52 -------- d-----w- C:\Program Files (x86)\Coupon Companion . ==================== Find3M ==================== . 2013-01-11 17:50:12 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-09 19:09:30 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 19:09:30 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 22:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-15 21:56:13 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:56:11 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56:11 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-08 17:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll 2012-11-08 03:07:56 2880 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-25 09:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll . ============= FINISH: 12:02:17.76 =============== Attached is the DDS Attach Log File. attach.txt

Yes I planned to change all of our accounts passwords once both machines were as clean as possible. That appears to be now the case with all of your assistance. Thank you again for all your help and assistance.

Sorry for the delay. I ran the Dr. Web Cure-It express scan under my son's account and it didn't find anything that needed to be cured. There was no scan report in the Menu bar's File report list. I did find the detailed scan log in a DoctorWeb folder under my son's C:/Users account. It is too large to paste into one post since it lists every file checked. Below is the summary results at the end: ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Scanned: 26049 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1287 Kb/s Scan time: 0:19:22 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 26050 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1294 Kb/s Scan time: 0:19:22 ============================================================================= Thank you for your time.

Ok, the Eset Online Scan is not running correctly like on the other machine. My son did the first scan under his ID and then I did it again under my ID but we both were not able to get a full scan log to write. Once the scan downloaded the virus file updates and started, I even turned off our wireless internet access and then all firewalls and antivirus programs to make sure none of them were stopping the writing of the log. It looked like the initial part of the log was written. Here it is below: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 We also saved the reported found items displayed at the end of the scan: C:\Users\Ben\Desktop\Training\Oracle PeopleSoft\speedupmypc.exe Win32/SpeedUpMyPC application C:\Users\Big Disk Backup\Laptop SyncBack\Wanda\Local Settings\Apps\2.0\712G7RZB.1KW\VGQKYAMZ.VQJ\inst..tion_d0587fc617210d12_0000.0001_fd40a442e685358f\installiqexe.exe probably a variant of Win32/InstallIQ application I am sure that I followed your directions and did it the same as the laptop scan. Any ideas on why a full log is not writing? Wanda

Sorry for the delay in getting back with you. We have been dealing with my stepfather-in-laws hospitalization and then passing this weekend. I will try and get my son to do the scan tomorrow.

Yes this is a post for the second computer, my son's, and the not the one you already help me clean up. I ran the ComboFix scan on this computer this morning. It ran much faster than my first laptop scan. Below is the log from the scan: ComboFix 12-07-07.04 - Zachary 07/07/2012 10:46:35.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.3957 [GMT -5:00] Running from: c:\users\Zachary\Desktop\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanda\Documents\~WRL2629.tmp c:\users\Zachary\AppData\Local\Temp\IswTmp\WH\0 . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 15:58 . 2012-07-07 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 19:37 . 2012-07-02 19:37 -------- d-----w- c:\users\Wanda\AppData\Roaming\Sony 2012-07-02 19:37 . 2012-07-02 19:37 -------- d-----w- c:\users\Wanda\AppData\Local\Sony 2012-07-02 19:30 . 2012-07-02 19:30 -------- d-----w- c:\users\Wanda\AppData\Roaming\Roxio Log Files 2012-07-02 17:21 . 2012-07-02 17:21 -------- d-----w- c:\users\Wanda\AppData\Roaming\PDAppFlex 2012-07-01 13:05 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-07-01 13:05 . 2012-07-01 13:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-28 20:25 . 2012-06-28 20:25 -------- d-----w- c:\users\Zachary\AppData\Roaming\Malwarebytes 2012-06-26 13:32 . 2012-06-26 13:32 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-06-25 16:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 16:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 16:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 16:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 16:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 16:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 16:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 16:45 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 16:45 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 20:18 . 2012-05-04 23:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 15:05 . 2012-06-26 23:52 -------- d-----w- c:\users\Zachary\AppData\Local\Eclipse 2012-06-19 15:04 . 2012-06-22 20:31 -------- d-----w- c:\users\Zachary\workspace 2012-06-18 21:38 . 2012-06-18 21:38 -------- d-----w- c:\users\Zachary\AppData\Roaming\CodeBlocks 2012-06-18 21:29 . 2012-06-19 00:54 -------- d-----w- c:\program files (x86)\The Game Creators 2012-06-14 18:00 . 2012-07-07 15:31 -------- d-----w- c:\users\Zachary\AppData\Roaming\Skype 2012-06-14 18:00 . 2012-07-07 15:30 -------- d-----r- c:\program files (x86)\Skype 2012-06-14 18:00 . 2012-06-14 18:00 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-06-14 01:37 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 01:37 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 01:37 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 01:36 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 01:36 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 01:36 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 01:36 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 01:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 01:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 01:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 01:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 01:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:34 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 01:34 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 01:34 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 17:28 . 2012-06-22 15:52 -------- d-----w- c:\users\Zachary\AppData\Local\WMTools Downloaded Files 2012-06-12 17:13 . 2012-06-12 17:13 -------- d-----w- c:\program files (x86)\Movie Maker 2.6 2012-06-12 15:48 . 2012-06-12 15:48 -------- d-----w- c:\users\Zachary\AppData\Roaming\Verizon 2012-06-12 15:48 . 2012-06-12 15:48 -------- d-----w- c:\programdata\Verizon 2012-06-12 15:38 . 2012-06-12 15:38 -------- d-----w- c:\program files (x86)\Verizon 2012-06-11 20:27 . 2012-06-11 20:48 -------- d-----w- c:\users\Zachary\AppData\Local\Roblox 2012-06-11 16:20 . 2012-06-11 16:20 -------- d-----w- c:\users\Zachary\AppData\Local\APN 2012-06-11 16:03 . 2012-07-02 19:30 -------- d-----w- c:\program files (x86)\Port Forwarding Wizard 2012-06-11 15:06 . 2012-06-11 15:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-06-11 15:02 . 2012-06-18 15:04 -------- d-----w- c:\programdata\NCH Software 2012-06-11 14:59 . 2012-06-19 00:56 -------- d-----w- c:\program files (x86)\NCH Software 2012-06-11 14:59 . 2012-06-18 15:04 -------- d-----w- c:\users\Zachary\AppData\Roaming\NCH Software 2012-06-11 14:46 . 2012-06-11 14:55 -------- d-----w- c:\users\Zachary\Adobe Premiere Pro CS6 2012-06-11 14:45 . 2012-06-11 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-11 14:45 . 2012-06-11 14:45 -------- d-----w- c:\program files (x86)\Adobe Download Assistant . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-02 19:11 . 2011-06-03 22:19 540896 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-07-02 00:42 . 2012-03-28 12:40 426184 ------w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-02 00:42 . 2011-06-07 16:40 70344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-10 12:58 . 2011-02-25 16:34 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-10 12:58 . 2011-02-25 15:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-09 21:56 . 2012-06-09 21:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-05-31 17:25 . 2011-09-22 17:57 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 04:04 . 2012-07-06 19:25 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53AB1619-7578-47E4-8F8E-985F66686DF8}\mpengine.dll 2012-05-28 16:33 . 2012-05-28 16:33 98304 ------w- c:\windows\SysWow64\CmdLineExt.dll 2012-05-18 03:07 . 2012-05-18 03:09 772552 ------w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-18 03:07 . 2011-02-22 17:40 687560 ------w- c:\windows\SysWow64\deployJava1.dll 2012-05-05 20:11 . 2012-04-14 11:11 8769696 ------w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 23:32 . 2011-02-22 17:40 839056 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-27 1242448] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Verizon Media Manager"="c:\program files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2012-05-09 1523712] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "WinPatrol [FREE Edition]"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 20:20 325000] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0047471314372254mcinstcleanup;McAfee Application Installer Cleanup (0047471314372254);c:\windows\TEMP\004747~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 257224] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-11-28 487312] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-25 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-01 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-06 987648] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 00:42] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1003Core.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:06] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1003UA.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:06] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 23:21] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 23:21] . 2012-03-07 c:\windows\Tasks\Norton Security Scan for Ben.job - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-14 03:43] . 2012-07-02 c:\windows\Tasks\Norton Security Scan for Wanda.job - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-14 03:43] . 2012-07-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . 2012-07-07 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bakugan.com/home.html mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-Locked - (no file) WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file) HKLM-Run-ISW - (no file) AddRemove-{90140000-0015-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{15058154-469F-4794-ACD5-94F8420F9B80} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{995A7832-B512-46D5-87C9-2D71FB541435} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-002C-0409-0000-0000000FF1CE}_Office14.AccessR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0117-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE . ************************************************************************** . Completion time: 2012-07-07 11:14:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-07 16:14 . Pre-Run: 861,820,968,960 bytes free Post-Run: 862,948,364,288 bytes free . - - End Of File - - C1DA00B5EAC5775589239CF55BC01764 After the scan I let my son play on the computer a bit. He said it was about the same with his Java based games occasionally lagging a bit. I don't know if this is due to malware or not. Thank you for your help again, Wanda and son Zachary

The link above is for a different computer than the ones I posted logs for in this link. We have two computers. The first forum posting was for my laptop that I primarily use. The second posting is for my son's computer that I used occasionally. I still need help in cleaning up this desktop since I don' want to run tools without direction from knowledgeable people in this forum.

Thank you for all your assistance to get the computer as clean as possible. Is there any last steps I need to do? Also I put a post in the forum yesterday asking for assistance in cleaning up my son's computer. I would love to work with you again as you have been very detailed in the steps needed to do so everything was simplified to execute. Wanda

Here is the log from the TDSSKiller scan I did this morning. 09:22:08.0187 4272 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 09:22:08.0911 4272 ============================================================ 09:22:08.0911 4272 Current date / time: 2012/07/06 09:22:08.0911 09:22:08.0911 4272 SystemInfo: 09:22:08.0911 4272 09:22:08.0911 4272 OS Version: 6.1.7601 ServicePack: 1.0 09:22:08.0911 4272 Product type: Workstation 09:22:08.0911 4272 ComputerName: TOSHIBALAPTOP 09:22:08.0912 4272 UserName: Wanda 09:22:08.0912 4272 Windows directory: C:\windows 09:22:08.0912 4272 System windows directory: C:\windows 09:22:08.0912 4272 Running under WOW64 09:22:08.0912 4272 Processor architecture: Intel x64 09:22:08.0912 4272 Number of processors: 2 09:22:08.0912 4272 Page size: 0x1000 09:22:08.0912 4272 Boot type: Normal boot 09:22:08.0912 4272 ============================================================ 09:22:10.0246 4272 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:22:10.0254 4272 ============================================================ 09:22:10.0254 4272 \Device\Harddisk0\DR0: 09:22:10.0254 4272 MBR partitions: 09:22:10.0254 4272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235CB000 09:22:10.0254 4272 ============================================================ 09:22:10.0296 4272 C: <-> \Device\Harddisk0\DR0\Partition0 09:22:10.0296 4272 ============================================================ 09:22:10.0296 4272 Initialize success 09:22:10.0296 4272 ============================================================ 09:22:58.0146 5856 ============================================================ 09:22:58.0146 5856 Scan started 09:22:58.0146 5856 Mode: Manual; SigCheck; TDLFS; 09:22:58.0146 5856 ============================================================ 09:22:58.0871 5856 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 09:22:59.0166 5856 !SASCORE - ok 09:22:59.0476 5856 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 09:22:59.0608 5856 1394ohci - ok 09:22:59.0663 5856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 09:22:59.0751 5856 ACPI - ok 09:22:59.0776 5856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 09:22:59.0911 5856 AcpiPmi - ok 09:23:00.0021 5856 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:23:00.0073 5856 AdobeARMservice - ok 09:23:00.0216 5856 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:23:00.0266 5856 AdobeFlashPlayerUpdateSvc - ok 09:23:00.0366 5856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 09:23:00.0458 5856 adp94xx - ok 09:23:00.0501 5856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 09:23:00.0583 5856 adpahci - ok 09:23:00.0631 5856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 09:23:00.0706 5856 adpu320 - ok 09:23:00.0743 5856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 09:23:00.0958 5856 AeLookupSvc - ok 09:23:01.0043 5856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 09:23:01.0193 5856 AFD - ok 09:23:01.0236 5856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 09:23:01.0308 5856 agp440 - ok 09:23:01.0346 5856 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 09:23:01.0433 5856 ALG - ok 09:23:01.0468 5856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 09:23:01.0538 5856 aliide - ok 09:23:01.0543 5856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 09:23:01.0614 5856 amdide - ok 09:23:01.0649 5856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 09:23:01.0752 5856 AmdK8 - ok 09:23:01.0777 5856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 09:23:01.0874 5856 AmdPPM - ok 09:23:01.0942 5856 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 09:23:02.0014 5856 amdsata - ok 09:23:02.0054 5856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 09:23:02.0134 5856 amdsbs - ok 09:23:02.0182 5856 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 09:23:02.0252 5856 amdxata - ok 09:23:02.0294 5856 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 09:23:02.0532 5856 AppID - ok 09:23:02.0577 5856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 09:23:02.0724 5856 AppIDSvc - ok 09:23:02.0769 5856 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 09:23:02.0912 5856 Appinfo - ok 09:23:03.0052 5856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:23:03.0102 5856 Apple Mobile Device - ok 09:23:03.0167 5856 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 09:23:03.0234 5856 arc - ok 09:23:03.0257 5856 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 09:23:03.0324 5856 arcsas - ok 09:23:03.0439 5856 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 09:23:03.0502 5856 aspnet_state - ok 09:23:03.0547 5856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 09:23:03.0694 5856 AsyncMac - ok 09:23:03.0712 5856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 09:23:03.0777 5856 atapi - ok 09:23:03.0839 5856 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:23:03.0984 5856 AudioEndpointBuilder - ok 09:23:04.0002 5856 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:23:04.0144 5856 AudioSrv - ok 09:23:04.0182 5856 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 09:23:04.0322 5856 AxInstSV - ok 09:23:04.0387 5856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 09:23:04.0492 5856 b06bdrv - ok 09:23:04.0524 5856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 09:23:04.0627 5856 b57nd60a - ok 09:23:04.0674 5856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 09:23:04.0764 5856 BDESVC - ok 09:23:04.0787 5856 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 09:23:04.0942 5856 Beep - ok 09:23:05.0024 5856 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 09:23:05.0184 5856 BFE - ok 09:23:05.0244 5856 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll 09:23:05.0439 5856 BITS - ok 09:23:05.0514 5856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 09:23:05.0612 5856 blbdrive - ok 09:23:05.0729 5856 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 09:23:05.0797 5856 Bonjour Service - ok 09:23:05.0834 5856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 09:23:05.0949 5856 bowser - ok 09:23:05.0992 5856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 09:23:06.0097 5856 BrFiltLo - ok 09:23:06.0112 5856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 09:23:06.0217 5856 BrFiltUp - ok 09:23:06.0294 5856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys 09:23:06.0437 5856 BridgeMP - ok 09:23:06.0484 5856 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 09:23:06.0627 5856 Browser - ok 09:23:06.0687 5856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 09:23:06.0799 5856 Brserid - ok 09:23:06.0832 5856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 09:23:06.0932 5856 BrSerWdm - ok 09:23:06.0957 5856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 09:23:07.0059 5856 BrUsbMdm - ok 09:23:07.0089 5856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 09:23:07.0182 5856 BrUsbSer - ok 09:23:07.0214 5856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 09:23:07.0322 5856 BTHMODEM - ok 09:23:07.0372 5856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 09:23:07.0527 5856 bthserv - ok 09:23:07.0559 5856 catchme - ok 09:23:07.0594 5856 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 09:23:07.0752 5856 cdfs - ok 09:23:07.0792 5856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 09:23:07.0884 5856 cdrom - ok 09:23:07.0927 5856 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:23:08.0069 5856 CertPropSvc - ok 09:23:08.0119 5856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 09:23:08.0219 5856 circlass - ok 09:23:08.0277 5856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 09:23:08.0367 5856 CLFS - ok 09:23:08.0449 5856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:23:08.0527 5856 clr_optimization_v2.0.50727_32 - ok 09:23:08.0569 5856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:23:08.0633 5856 clr_optimization_v2.0.50727_64 - ok 09:23:08.0718 5856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:23:08.0793 5856 clr_optimization_v4.0.30319_32 - ok 09:23:08.0860 5856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:23:08.0923 5856 clr_optimization_v4.0.30319_64 - ok 09:23:08.0958 5856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 09:23:09.0063 5856 CmBatt - ok 09:23:09.0105 5856 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 09:23:09.0178 5856 cmdide - ok 09:23:09.0238 5856 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 09:23:09.0365 5856 CNG - ok 09:23:09.0475 5856 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys 09:23:09.0633 5856 CnxtHdAudService - ok 09:23:09.0750 5856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 09:23:09.0818 5856 Compbatt - ok 09:23:09.0850 5856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 09:23:09.0948 5856 CompositeBus - ok 09:23:09.0968 5856 COMSysApp - ok 09:23:10.0035 5856 cpuz135 - ok 09:23:10.0075 5856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 09:23:10.0145 5856 crcdisk - ok 09:23:10.0215 5856 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe 09:23:10.0250 5856 CronService ( UnsignedFile.Multi.Generic ) - warning 09:23:10.0250 5856 CronService - detected UnsignedFile.Multi.Generic (1) 09:23:10.0333 5856 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 09:23:10.0448 5856 CryptSvc - ok 09:23:10.0613 5856 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 09:23:10.0700 5856 cvhsvc - ok 09:23:10.0775 5856 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:23:10.0935 5856 DcomLaunch - ok 09:23:10.0983 5856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 09:23:11.0145 5856 defragsvc - ok 09:23:11.0220 5856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 09:23:11.0378 5856 DfsC - ok 09:23:11.0433 5856 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 09:23:11.0583 5856 Dhcp - ok 09:23:11.0610 5856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 09:23:11.0768 5856 discache - ok 09:23:11.0815 5856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 09:23:11.0885 5856 Disk - ok 09:23:11.0928 5856 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 09:23:12.0018 5856 Dnscache - ok 09:23:12.0058 5856 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 09:23:12.0210 5856 dot3svc - ok 09:23:12.0235 5856 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 09:23:12.0380 5856 DPS - ok 09:23:12.0418 5856 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 09:23:12.0520 5856 drmkaud - ok 09:23:12.0580 5856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 09:23:12.0703 5856 DXGKrnl - ok 09:23:12.0738 5856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 09:23:12.0880 5856 EapHost - ok 09:23:13.0073 5856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 09:23:13.0310 5856 ebdrv - ok 09:23:13.0423 5856 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 09:23:13.0503 5856 EFS - ok 09:23:13.0585 5856 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 09:23:13.0718 5856 ehRecvr - ok 09:23:13.0765 5856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 09:23:13.0845 5856 ehSched - ok 09:23:13.0938 5856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 09:23:14.0030 5856 elxstor - ok 09:23:14.0045 5856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 09:23:14.0138 5856 ErrDev - ok 09:23:14.0205 5856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 09:23:14.0358 5856 EventSystem - ok 09:23:14.0423 5856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 09:23:14.0575 5856 exfat - ok 09:23:14.0610 5856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 09:23:14.0780 5856 fastfat - ok 09:23:14.0845 5856 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 09:23:14.0943 5856 Fax - ok 09:23:14.0973 5856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 09:23:15.0063 5856 fdc - ok 09:23:15.0110 5856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 09:23:15.0263 5856 fdPHost - ok 09:23:15.0283 5856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 09:23:15.0410 5856 FDResPub - ok 09:23:15.0455 5856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 09:23:15.0525 5856 FileInfo - ok 09:23:15.0540 5856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 09:23:15.0708 5856 Filetrace - ok 09:23:15.0743 5856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 09:23:15.0823 5856 flpydisk - ok 09:23:15.0873 5856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 09:23:15.0960 5856 FltMgr - ok 09:23:16.0090 5856 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 09:23:16.0200 5856 FontCache - ok 09:23:16.0260 5856 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:23:16.0310 5856 FontCache3.0.0.0 - ok 09:23:16.0345 5856 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 09:23:16.0415 5856 FsDepends - ok 09:23:16.0473 5856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys 09:23:16.0538 5856 fssfltr - ok 09:23:16.0694 5856 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 09:23:16.0839 5856 fsssvc - ok 09:23:16.0976 5856 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 09:23:17.0046 5856 Fs_Rec - ok 09:23:17.0099 5856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 09:23:17.0189 5856 fvevol - ok 09:23:17.0234 5856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 09:23:17.0304 5856 gagp30kx - ok 09:23:17.0344 5856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 09:23:17.0406 5856 GEARAspiWDM - ok 09:23:17.0476 5856 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 09:23:17.0641 5856 gpsvc - ok 09:23:17.0734 5856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:23:17.0809 5856 gupdate - ok 09:23:17.0854 5856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:23:17.0904 5856 gupdatem - ok 09:23:17.0984 5856 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:23:18.0059 5856 gusvc - ok 09:23:18.0121 5856 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys 09:23:18.0179 5856 hamachi - ok 09:23:18.0366 5856 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 09:23:18.0516 5856 Hamachi2Svc - ok 09:23:18.0626 5856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 09:23:18.0716 5856 hcw85cir - ok 09:23:18.0779 5856 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 09:23:18.0894 5856 HdAudAddService - ok 09:23:18.0921 5856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 09:23:19.0026 5856 HDAudBus - ok 09:23:19.0046 5856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 09:23:19.0124 5856 HidBatt - ok 09:23:19.0169 5856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 09:23:19.0276 5856 HidBth - ok 09:23:19.0321 5856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 09:23:19.0409 5856 HidIr - ok 09:23:19.0434 5856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 09:23:19.0574 5856 hidserv - ok 09:23:19.0624 5856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 09:23:19.0706 5856 HidUsb - ok 09:23:19.0744 5856 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 09:23:19.0904 5856 hkmsvc - ok 09:23:19.0934 5856 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 09:23:20.0029 5856 HomeGroupListener - ok 09:23:20.0074 5856 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 09:23:20.0159 5856 HomeGroupProvider - ok 09:23:20.0196 5856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 09:23:20.0271 5856 HpSAMD - ok 09:23:20.0424 5856 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 09:23:20.0491 5856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 09:23:20.0491 5856 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 09:23:20.0554 5856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 09:23:20.0734 5856 HTTP - ok 09:23:20.0781 5856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 09:23:20.0849 5856 hwpolicy - ok 09:23:20.0879 5856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 09:23:20.0966 5856 i8042prt - ok 09:23:21.0029 5856 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 09:23:21.0096 5856 iaStor - ok 09:23:21.0171 5856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 09:23:21.0256 5856 iaStorV - ok 09:23:21.0341 5856 icsak (5408b2175c7fae5ce22a05d6a91aecf4) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys 09:23:21.0406 5856 icsak - ok 09:23:21.0529 5856 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 09:23:21.0594 5856 IDriverT ( UnsignedFile.Multi.Generic ) - warning 09:23:21.0594 5856 IDriverT - detected UnsignedFile.Multi.Generic (1) 09:23:21.0699 5856 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:23:21.0811 5856 idsvc - ok 09:23:22.0464 5856 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys 09:23:23.0104 5856 igfx - ok 09:23:23.0224 5856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 09:23:23.0286 5856 iirsp - ok 09:23:23.0351 5856 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 09:23:23.0514 5856 IKEEXT - ok 09:23:23.0549 5856 InCDfs - ok 09:23:23.0574 5856 InCDPass - ok 09:23:23.0601 5856 InCDrec - ok 09:23:23.0614 5856 incdrm - ok 09:23:23.0671 5856 InCDsrv - ok 09:23:23.0679 5856 InCDsrvR - ok 09:23:23.0746 5856 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 09:23:23.0856 5856 IntcDAud - ok 09:23:23.0879 5856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 09:23:23.0949 5856 intelide - ok 09:23:23.0986 5856 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 09:23:24.0079 5856 intelppm - ok 09:23:24.0214 5856 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 09:23:24.0262 5856 IntuitUpdateService - ok 09:23:24.0319 5856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 09:23:24.0467 5856 IPBusEnum - ok 09:23:24.0519 5856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 09:23:24.0670 5856 IpFilterDriver - ok 09:23:24.0728 5856 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 09:23:24.0880 5856 iphlpsvc - ok 09:23:24.0905 5856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 09:23:25.0000 5856 IPMIDRV - ok 09:23:25.0013 5856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 09:23:25.0158 5856 IPNAT - ok 09:23:25.0328 5856 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 09:23:25.0415 5856 iPod Service - ok 09:23:25.0443 5856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 09:23:25.0538 5856 IRENUM - ok 09:23:25.0560 5856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 09:23:25.0630 5856 isapnp - ok 09:23:25.0660 5856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 09:23:25.0745 5856 iScsiPrt - ok 09:23:25.0818 5856 ISWKL (0af2f3ecdcd2470b856b211b4867fc63) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 09:23:25.0880 5856 ISWKL - ok 09:23:25.0965 5856 IswSvc (2ec3c30ac72fa7f1dab43514cda61e80) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 09:23:26.0045 5856 IswSvc - ok 09:23:26.0070 5856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 09:23:26.0143 5856 kbdclass - ok 09:23:26.0185 5856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 09:23:26.0285 5856 kbdhid - ok 09:23:26.0320 5856 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:26.0385 5856 KeyIso - ok 09:23:26.0450 5856 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys 09:23:26.0530 5856 KL1 - ok 09:23:26.0548 5856 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys 09:23:26.0608 5856 kl2 - ok 09:23:26.0655 5856 KLIF (a4813ee804a1d96dcb01aefd7f565c6b) C:\windows\system32\DRIVERS\klif.sys 09:23:26.0735 5856 KLIF - ok 09:23:26.0775 5856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 09:23:26.0848 5856 KSecDD - ok 09:23:26.0868 5856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 09:23:26.0945 5856 KSecPkg - ok 09:23:26.0978 5856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 09:23:27.0135 5856 ksthunk - ok 09:23:27.0183 5856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 09:23:27.0353 5856 KtmRm - ok 09:23:27.0400 5856 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys 09:23:27.0470 5856 L1C - ok 09:23:27.0518 5856 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll 09:23:27.0665 5856 LanmanServer - ok 09:23:27.0713 5856 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 09:23:27.0860 5856 LanmanWorkstation - ok 09:23:27.0933 5856 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 09:23:28.0098 5856 lltdio - ok 09:23:28.0155 5856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 09:23:28.0320 5856 lltdsvc - ok 09:23:28.0343 5856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 09:23:28.0488 5856 lmhosts - ok 09:23:28.0575 5856 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:23:28.0638 5856 LMS - ok 09:23:28.0673 5856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 09:23:28.0743 5856 LSI_FC - ok 09:23:28.0765 5856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 09:23:28.0840 5856 LSI_SAS - ok 09:23:28.0855 5856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 09:23:28.0928 5856 LSI_SAS2 - ok 09:23:28.0963 5856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 09:23:29.0038 5856 LSI_SCSI - ok 09:23:29.0065 5856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 09:23:29.0228 5856 luafv - ok 09:23:29.0285 5856 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 09:23:29.0365 5856 Mcx2Svc - ok 09:23:29.0393 5856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 09:23:29.0463 5856 megasas - ok 09:23:29.0525 5856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 09:23:29.0613 5856 MegaSR - ok 09:23:29.0655 5856 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 09:23:29.0715 5856 MEIx64 - ok 09:23:29.0770 5856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:23:29.0913 5856 MMCSS - ok 09:23:29.0953 5856 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 09:23:30.0110 5856 Modem - ok 09:23:30.0138 5856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 09:23:30.0235 5856 monitor - ok 09:23:30.0288 5856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 09:23:30.0360 5856 mouclass - ok 09:23:30.0380 5856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 09:23:30.0475 5856 mouhid - ok 09:23:30.0523 5856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 09:23:30.0595 5856 mountmgr - ok 09:23:30.0625 5856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 09:23:30.0703 5856 mpio - ok 09:23:30.0728 5856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 09:23:30.0870 5856 mpsdrv - ok 09:23:30.0935 5856 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 09:23:31.0108 5856 MpsSvc - ok 09:23:31.0133 5856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 09:23:31.0250 5856 MRxDAV - ok 09:23:31.0285 5856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 09:23:31.0408 5856 mrxsmb - ok 09:23:31.0455 5856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 09:23:31.0550 5856 mrxsmb10 - ok 09:23:31.0583 5856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 09:23:31.0665 5856 mrxsmb20 - ok 09:23:31.0698 5856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 09:23:31.0768 5856 msahci - ok 09:23:31.0790 5856 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 09:23:31.0865 5856 msdsm - ok 09:23:31.0910 5856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 09:23:32.0003 5856 MSDTC - ok 09:23:32.0033 5856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 09:23:32.0173 5856 Msfs - ok 09:23:32.0193 5856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 09:23:32.0348 5856 mshidkmdf - ok 09:23:32.0385 5856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 09:23:32.0448 5856 msisadrv - ok 09:23:32.0498 5856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 09:23:32.0650 5856 MSiSCSI - ok 09:23:32.0658 5856 msiserver - ok 09:23:32.0700 5856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 09:23:32.0858 5856 MSKSSRV - ok 09:23:32.0885 5856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 09:23:33.0035 5856 MSPCLOCK - ok 09:23:33.0075 5856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 09:23:33.0223 5856 MSPQM - ok 09:23:33.0258 5856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 09:23:33.0343 5856 MsRPC - ok 09:23:33.0373 5856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 09:23:33.0445 5856 mssmbios - ok 09:23:33.0485 5856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 09:23:33.0639 5856 MSTEE - ok 09:23:33.0686 5856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 09:23:33.0764 5856 MTConfig - ok 09:23:33.0786 5856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 09:23:33.0856 5856 Mup - ok 09:23:33.0901 5856 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 09:23:34.0056 5856 napagent - ok 09:23:34.0114 5856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 09:23:34.0229 5856 NativeWifiP - ok 09:23:34.0306 5856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 09:23:34.0426 5856 NDIS - ok 09:23:34.0454 5856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 09:23:34.0611 5856 NdisCap - ok 09:23:34.0644 5856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 09:23:34.0784 5856 NdisTapi - ok 09:23:34.0819 5856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 09:23:34.0976 5856 Ndisuio - ok 09:23:35.0009 5856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 09:23:35.0166 5856 NdisWan - ok 09:23:35.0219 5856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 09:23:35.0366 5856 NDProxy - ok 09:23:35.0404 5856 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 09:23:35.0441 5856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:23:35.0441 5856 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:23:35.0476 5856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 09:23:35.0631 5856 NetBIOS - ok 09:23:35.0671 5856 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 09:23:35.0814 5856 NetBT - ok 09:23:35.0864 5856 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:35.0929 5856 Netlogon - ok 09:23:35.0976 5856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 09:23:36.0126 5856 Netman - ok 09:23:36.0249 5856 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0316 5856 NetMsmqActivator - ok 09:23:36.0324 5856 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0374 5856 NetPipeActivator - ok 09:23:36.0431 5856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 09:23:36.0581 5856 netprofm - ok 09:23:36.0604 5856 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0654 5856 NetTcpActivator - ok 09:23:36.0661 5856 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0711 5856 NetTcpPortSharing - ok 09:23:36.0771 5856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 09:23:36.0836 5856 nfrd960 - ok 09:23:36.0889 5856 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 09:23:37.0031 5856 NlaSvc - ok 09:23:37.0276 5856 NOBU (deea1db5275a9667a909a4f0e8d14fc5) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 09:23:37.0459 5856 NOBU - ok 09:23:37.0546 5856 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll 09:23:37.0611 5856 nosGetPlusHelper - ok 09:23:37.0721 5856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 09:23:37.0864 5856 Npfs - ok 09:23:37.0889 5856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 09:23:38.0034 5856 nsi - ok 09:23:38.0064 5856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 09:23:38.0206 5856 nsiproxy - ok 09:23:38.0314 5856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 09:23:38.0464 5856 Ntfs - ok 09:23:38.0564 5856 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 09:23:38.0704 5856 Null - ok 09:23:38.0761 5856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 09:23:38.0841 5856 nvraid - ok 09:23:38.0869 5856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 09:23:38.0946 5856 nvstor - ok 09:23:38.0994 5856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 09:23:39.0069 5856 nv_agp - ok 09:23:39.0104 5856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 09:23:39.0206 5856 ohci1394 - ok 09:23:39.0319 5856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:23:39.0396 5856 ose - ok 09:23:39.0649 5856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:23:40.0004 5856 osppsvc - ok 09:23:40.0204 5856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:23:40.0306 5856 p2pimsvc - ok 09:23:40.0359 5856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 09:23:40.0441 5856 p2psvc - ok 09:23:40.0509 5856 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 09:23:40.0594 5856 Parport - ok 09:23:40.0639 5856 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 09:23:40.0714 5856 partmgr - ok 09:23:40.0759 5856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 09:23:40.0856 5856 PcaSvc - ok 09:23:40.0891 5856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 09:23:40.0974 5856 pci - ok 09:23:40.0991 5856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 09:23:41.0061 5856 pciide - ok 09:23:41.0099 5856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 09:23:41.0181 5856 pcmcia - ok 09:23:41.0219 5856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 09:23:41.0289 5856 pcw - ok 09:23:41.0336 5856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 09:23:41.0511 5856 PEAUTH - ok 09:23:41.0601 5856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 09:23:41.0706 5856 PerfHost - ok 09:23:41.0859 5856 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 09:23:42.0059 5856 pla - ok 09:23:42.0116 5856 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 09:23:42.0209 5856 PlugPlay - ok 09:23:42.0251 5856 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 09:23:42.0284 5856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:23:42.0284 5856 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:23:42.0309 5856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 09:23:42.0406 5856 PNRPAutoReg - ok 09:23:42.0446 5856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:23:42.0521 5856 PNRPsvc - ok 09:23:42.0569 5856 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 09:23:42.0725 5856 PolicyAgent - ok 09:23:42.0787 5856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 09:23:42.0930 5856 Power - ok 09:23:43.0015 5856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 09:23:43.0175 5856 PptpMiniport - ok 09:23:43.0192 5856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 09:23:43.0272 5856 Processor - ok 09:23:43.0322 5856 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 09:23:43.0410 5856 ProfSvc - ok 09:23:43.0452 5856 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:43.0517 5856 ProtectedStorage - ok 09:23:43.0615 5856 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\windows\SysWOW64\PSIService.exe 09:23:43.0672 5856 ProtexisLicensing - ok 09:23:43.0710 5856 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 09:23:43.0872 5856 Psched - ok 09:23:43.0917 5856 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys 09:23:43.0982 5856 PSI - ok 09:23:44.0050 5856 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 09:23:44.0152 5856 QIOMem - ok 09:23:44.0260 5856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 09:23:44.0380 5856 ql2300 - ok 09:23:44.0512 5856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 09:23:44.0587 5856 ql40xx - ok 09:23:44.0630 5856 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 09:23:44.0730 5856 QWAVE - ok 09:23:44.0740 5856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 09:23:44.0845 5856 QWAVEdrv - ok 09:23:44.0865 5856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 09:23:45.0025 5856 RasAcd - ok 09:23:45.0082 5856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 09:23:45.0225 5856 RasAgileVpn - ok 09:23:45.0265 5856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 09:23:45.0420 5856 RasAuto - ok 09:23:45.0457 5856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 09:23:45.0620 5856 Rasl2tp - ok 09:23:45.0685 5856 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 09:23:45.0837 5856 RasMan - ok 09:23:45.0880 5856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 09:23:46.0040 5856 RasPppoe - ok 09:23:46.0055 5856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 09:23:46.0212 5856 RasSstp - ok 09:23:46.0240 5856 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 09:23:46.0395 5856 rdbss - ok 09:23:46.0427 5856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 09:23:46.0527 5856 rdpbus - ok 09:23:46.0557 5856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 09:23:46.0710 5856 RDPCDD - ok 09:23:46.0737 5856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 09:23:46.0885 5856 RDPENCDD - ok 09:23:46.0907 5856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 09:23:47.0055 5856 RDPREFMP - ok 09:23:47.0117 5856 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 09:23:47.0210 5856 RDPWD - ok 09:23:47.0275 5856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 09:23:47.0357 5856 rdyboost - ok 09:23:47.0387 5856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 09:23:47.0542 5856 RemoteAccess - ok 09:23:47.0602 5856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 09:23:47.0752 5856 RemoteRegistry - ok 09:23:47.0785 5856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 09:23:47.0922 5856 RpcEptMapper - ok 09:23:47.0950 5856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 09:23:48.0032 5856 RpcLocator - ok 09:23:48.0085 5856 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:23:48.0232 5856 RpcSs - ok 09:23:48.0287 5856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 09:23:48.0482 5856 rspndr - ok 09:23:48.0565 5856 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys 09:23:48.0662 5856 RSUSBSTOR - ok 09:23:48.0712 5856 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys 09:23:48.0797 5856 RSUSBVSTOR - ok 09:23:48.0895 5856 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 09:23:49.0012 5856 RTL8192Ce - ok 09:23:49.0052 5856 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:49.0117 5856 SamSs - ok 09:23:49.0210 5856 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 09:23:49.0262 5856 SASDIFSV - ok 09:23:49.0315 5856 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 09:23:49.0367 5856 SASKUTIL - ok 09:23:49.0400 5856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 09:23:49.0472 5856 sbp2port - ok 09:23:49.0605 5856 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 09:23:49.0695 5856 SBSDWSCService - ok 09:23:49.0737 5856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 09:23:49.0880 5856 SCardSvr - ok 09:23:49.0937 5856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 09:23:50.0090 5856 scfilter - ok 09:23:50.0160 5856 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 09:23:50.0340 5856 Schedule - ok 09:23:50.0382 5856 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:23:50.0537 5856 SCPolicySvc - ok 09:23:50.0580 5856 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 09:23:50.0677 5856 SDRSVC - ok 09:23:50.0752 5856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 09:23:50.0907 5856 secdrv - ok 09:23:50.0945 5856 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 09:23:51.0082 5856 seclogon - ok 09:23:51.0200 5856 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files (x86)\Secunia\PSI\PSIA.exe 09:23:51.0292 5856 Secunia PSI Agent - ok 09:23:51.0340 5856 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files (x86)\Secunia\PSI\sua.exe 09:23:51.0405 5856 Secunia Update Agent - ok 09:23:51.0510 5856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll 09:23:51.0656 5856 SENS - ok 09:23:51.0693 5856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 09:23:51.0791 5856 SensrSvc - ok 09:23:51.0876 5856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 09:23:51.0968 5856 Serenum - ok 09:23:51.0998 5856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 09:23:52.0091 5856 Serial - ok 09:23:52.0136 5856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 09:23:52.0226 5856 sermouse - ok 09:23:52.0278 5856 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 09:23:52.0416 5856 SessionEnv - ok 09:23:52.0433 5856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 09:23:52.0531 5856 sffdisk - ok 09:23:52.0561 5856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 09:23:52.0653 5856 sffp_mmc - ok 09:23:52.0673 5856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 09:23:52.0776 5856 sffp_sd - ok 09:23:52.0818 5856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 09:23:52.0916 5856 sfloppy - ok 09:23:53.0011 5856 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys 09:23:53.0113 5856 Sftfs - ok 09:23:53.0226 5856 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 09:23:53.0293 5856 sftlist - ok 09:23:53.0343 5856 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys 09:23:53.0416 5856 Sftplay - ok 09:23:53.0438 5856 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys 09:23:53.0501 5856 Sftredir - ok 09:23:53.0533 5856 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys 09:23:53.0593 5856 Sftvol - ok 09:23:53.0651 5856 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 09:23:53.0706 5856 sftvsa - ok 09:23:53.0768 5856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 09:23:53.0916 5856 SharedAccess - ok 09:23:53.0966 5856 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 09:23:54.0121 5856 ShellHWDetection - ok 09:23:54.0166 5856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 09:23:54.0233 5856 SiSRaid2 - ok 09:23:54.0261 5856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 09:23:54.0328 5856 SiSRaid4 - ok 09:23:54.0391 5856 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 09:23:54.0526 5856 SkypeUpdate - ok 09:23:54.0553 5856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 09:23:54.0711 5856 Smb - ok 09:23:54.0768 5856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 09:23:54.0853 5856 SNMPTRAP - ok 09:23:54.0871 5856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 09:23:54.0941 5856 spldr - ok 09:23:54.0983 5856 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 09:23:55.0126 5856 Spooler - ok 09:23:55.0331 5856 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 09:23:55.0586 5856 sppsvc - ok 09:23:55.0686 5856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 09:23:55.0823 5856 sppuinotify - ok 09:23:55.0898 5856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 09:23:56.0033 5856 srv - ok 09:23:56.0068 5856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 09:23:56.0181 5856 srv2 - ok 09:23:56.0241 5856 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS 09:23:56.0333 5856 SrvHsfHDA - ok 09:23:56.0416 5856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS 09:23:56.0591 5856 SrvHsfV92 - ok 09:23:56.0754 5856 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS 09:23:56.0849 5856 SrvHsfWinac - ok 09:23:56.0904 5856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 09:23:56.0989 5856 srvnet - ok 09:23:57.0044 5856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 09:23:57.0204 5856 SSDPSRV - ok 09:23:57.0246 5856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 09:23:57.0366 5856 SstpSvc - ok 09:23:57.0416 5856 stdriver (c270c64b4f6ca87dac2d7f68ed57a141) C:\windows\system32\DRIVERS\stdriver64.sys 09:23:57.0481 5856 stdriver - ok 09:23:57.0571 5856 Steam Client Service - ok 09:23:57.0611 5856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 09:23:57.0679 5856 stexstor - ok 09:23:57.0716 5856 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 09:23:57.0821 5856 StillCam - ok 09:23:57.0886 5856 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 09:23:57.0996 5856 stisvc - ok 09:23:58.0029 5856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 09:23:58.0091 5856 swenum - ok 09:23:58.0161 5856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 09:23:58.0299 5856 swprv - ok 09:23:58.0404 5856 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 09:23:58.0529 5856 SynTP - ok 09:23:58.0685 5856 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 09:23:58.0832 5856 SysMain - ok 09:23:58.0932 5856 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 09:23:59.0052 5856 TabletInputService - ok 09:23:59.0095 5856 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 09:23:59.0240 5856 TapiSrv - ok 09:23:59.0280 5856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 09:23:59.0415 5856 TBS - ok 09:23:59.0585 5856 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 09:23:59.0745 5856 Tcpip - ok 09:23:59.0930 5856 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 09:24:00.0060 5856 TCPIP6 - ok 09:24:00.0157 5856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 09:24:00.0315 5856 tcpipreg - ok 09:24:00.0335 5856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 09:24:00.0415 5856 TDPIPE - ok 09:24:00.0457 5856 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 09:24:00.0555 5856 TDTCP - ok 09:24:00.0615 5856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 09:24:00.0757 5856 tdx - ok 09:24:00.0780 5856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 09:24:00.0852 5856 TermDD - ok 09:24:00.0917 5856 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 09:24:01.0075 5856 TermService - ok 09:24:01.0112 5856 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 09:24:01.0195 5856 Themes - ok 09:24:01.0237 5856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:24:01.0367 5856 THREADORDER - ok 09:24:01.0490 5856 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 09:24:01.0555 5856 TosCoSrv - ok 09:24:01.0607 5856 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe 09:24:01.0662 5856 TOSHIBA eco Utility Service - ok 09:24:01.0720 5856 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 09:24:01.0767 5856 TOSHIBA HDD SSD Alert Service - ok 09:24:01.0847 5856 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 09:24:01.0942 5856 tos_sps64 - ok 09:24:01.0995 5856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 09:24:02.0140 5856 TrkWks - ok 09:24:02.0212 5856 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 09:24:02.0357 5856 TrustedInstaller - ok 09:24:02.0400 5856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 09:24:02.0547 5856 tssecsrv - ok 09:24:02.0600 5856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 09:24:02.0677 5856 TsUsbFlt - ok 09:24:02.0687 5856 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 09:24:02.0772 5856 TsUsbGD - ok 09:24:02.0827 5856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 09:24:02.0982 5856 tunnel - ok 09:24:03.0035 5856 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 09:24:03.0100 5856 TVALZ - ok 09:24:03.0120 5856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 09:24:03.0192 5856 uagp35 - ok 09:24:03.0245 5856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 09:24:03.0410 5856 udfs - ok 09:24:03.0460 5856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 09:24:03.0532 5856 UI0Detect - ok 09:24:03.0580 5856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 09:24:03.0652 5856 uliagpkx - ok 09:24:03.0697 5856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 09:24:03.0790 5856 umbus - ok 09:24:03.0822 5856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 09:24:03.0907 5856 UmPass - ok 09:24:04.0112 5856 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:24:04.0282 5856 UNS - ok 09:24:04.0392 5856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 09:24:04.0552 5856 upnphost - ok 09:24:04.0647 5856 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys 09:24:04.0742 5856 USBAAPL64 - ok 09:24:04.0792 5856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 09:24:04.0877 5856 usbccgp - ok 09:24:04.0927 5856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 09:24:05.0012 5856 usbcir - ok 09:24:05.0050 5856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 09:24:05.0147 5856 usbehci - ok 09:24:05.0190 5856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 09:24:05.0297 5856 usbhub - ok 09:24:05.0347 5856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 09:24:05.0442 5856 usbohci - ok 09:24:05.0470 5856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 09:24:05.0572 5856 usbprint - ok 09:24:05.0615 5856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 09:24:05.0712 5856 USBSTOR - ok 09:24:05.0740 5856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 09:24:05.0820 5856 usbuhci - ok 09:24:05.0875 5856 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 09:24:05.0972 5856 usbvideo - ok 09:24:06.0000 5856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 09:24:06.0147 5856 UxSms - ok 09:24:06.0207 5856 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:24:06.0272 5856 VaultSvc - ok 09:24:06.0305 5856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 09:24:06.0370 5856 vdrvroot - ok 09:24:06.0422 5856 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 09:24:06.0582 5856 vds - ok 09:24:06.0615 5856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 09:24:06.0704 5856 vga - ok 09:24:06.0724 5856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 09:24:06.0872 5856 VgaSave - ok 09:24:06.0922 5856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 09:24:07.0007 5856 vhdmp - ok 09:24:07.0034 5856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 09:24:07.0099 5856 viaide - ok 09:24:07.0152 5856 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\windows\system32\DRIVERS\vmnetadapter.sys 09:24:07.0214 5856 VMnetAdapter - ok 09:24:07.0249 5856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 09:24:07.0322 5856 volmgr - ok 09:24:07.0354 5856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 09:24:07.0442 5856 volmgrx - ok 09:24:07.0472 5856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 09:24:07.0559 5856 volsnap - ok 09:24:07.0624 5856 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\windows\system32\DRIVERS\vsdatant.sys 09:24:07.0718 5856 Vsdatant - ok 09:24:07.0808 5856 vsmon - ok 09:24:07.0868 5856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 09:24:07.0940 5856 vsmraid - ok 09:24:08.0035 5856 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 09:24:08.0223 5856 VSS - ok 09:24:08.0328 5856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 09:24:08.0425 5856 vwifibus - ok 09:24:08.0458 5856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 09:24:08.0555 5856 vwififlt - ok 09:24:08.0570 5856 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 09:24:08.0663 5856 vwifimp - ok 09:24:08.0705 5856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 09:24:08.0848 5856 W32Time - ok 09:24:08.0883 5856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 09:24:08.0980 5856 WacomPen - ok 09:24:09.0075 5856 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:24:09.0228 5856 WANARP - ok 09:24:09.0245 5856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:24:09.0368 5856 Wanarpv6 - ok 09:24:09.0475 5856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 09:24:09.0598 5856 WatAdminSvc - ok 09:24:09.0688 5856 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 09:24:09.0840 5856 wbengine - ok 09:24:09.0950 5856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 09:24:10.0050 5856 WbioSrvc - ok 09:24:10.0083 5856 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 09:24:10.0190 5856 wcncsvc - ok 09:24:10.0225 5856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 09:24:10.0305 5856 WcsPlugInService - ok 09:24:10.0363 5856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 09:24:10.0435 5856 Wd - ok 09:24:10.0488 5856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 09:24:10.0595 5856 Wdf01000 - ok 09:24:10.0628 5856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:24:10.0730 5856 WdiServiceHost - ok 09:24:10.0738 5856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:24:10.0820 5856 WdiSystemHost - ok 09:24:10.0855 5856 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 09:24:10.0965 5856 WebClient - ok 09:24:11.0000 5856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 09:24:11.0155 5856 Wecsvc - ok 09:24:11.0185 5856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 09:24:11.0318 5856 wercplsupport - ok 09:24:11.0348 5856 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 09:24:11.0493 5856 WerSvc - ok 09:24:11.0563 5856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 09:24:11.0700 5856 WfpLwf - ok 09:24:11.0740 5856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 09:24:11.0810 5856 WIMMount - ok 09:24:11.0860 5856 WinDefend - ok 09:24:11.0878 5856 WinHttpAutoProxySvc - ok 09:24:11.0945 5856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 09:24:12.0080 5856 Winmgmt - ok 09:24:12.0188 5856 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 09:24:12.0390 5856 WinRM - ok 09:24:12.0528 5856 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 09:24:12.0610 5856 WinUsb - ok 09:24:12.0686 5856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 09:24:12.0821 5856 Wlansvc - ok 09:24:12.0906 5856 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:24:12.0969 5856 wlcrasvc - ok 09:24:13.0164 5856 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:24:13.0311 5856 wlidsvc - ok 09:24:13.0429 5856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 09:24:13.0521 5856 WmiAcpi - ok 09:24:13.0601 5856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 09:24:13.0704 5856 wmiApSrv - ok 09:24:13.0769 5856 WMPNetworkSvc - ok 09:24:13.0816 5856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 09:24:13.0894 5856 WPCSvc - ok 09:24:13.0919 5856 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 09:24:14.0029 5856 WPDBusEnum - ok 09:24:14.0061 5856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 09:24:14.0201 5856 ws2ifsl - ok 09:24:14.0241 5856 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll 09:24:14.0339 5856 wscsvc - ok 09:24:14.0381 5856 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys 09:24:14.0469 5856 WSDPrintDevice - ok 09:24:14.0476 5856 WSearch - ok 09:24:14.0619 5856 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 09:24:14.0779 5856 wuauserv - ok 09:24:14.0896 5856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 09:24:15.0056 5856 WudfPf - ok 09:24:15.0089 5856 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 09:24:15.0244 5856 WUDFRd - ok 09:24:15.0286 5856 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 09:24:15.0426 5856 wudfsvc - ok 09:24:15.0451 5856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 09:24:15.0564 5856 WwanSvc - ok 09:24:15.0634 5856 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 09:24:16.0692 5856 \Device\Harddisk0\DR0 - ok 09:24:16.0722 5856 Boot (0x1200) (a33f24941161d842fbb88a41471599df) \Device\Harddisk0\DR0\Partition0 09:24:16.0727 5856 \Device\Harddisk0\DR0\Partition0 - ok 09:24:16.0727 5856 ============================================================ 09:24:16.0727 5856 Scan finished 09:24:16.0727 5856 ============================================================ 09:24:16.0745 4084 Detected object count: 5 09:24:16.0745 4084 Actual detected object count: 5 09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:47.0264 3096 Deinitialize success Computer seems to be the same which is normally ok but occasionally acting weird when I type or slow in Outbook and browsers. Still want to do whatever is needed to clean up system before changing passwords. Thank you for your time and assistance, Wanda