Wanda

Requested files have been deleted and the programs have been cleaned up. Thank you again for all of your help in cleaning up both computers. Wanda

Unneeded start up programs have been deleted. Here is the log from the ESET Scan: C:\MGtools\Process.exe Win32/PrcView application C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application C:\Users\Wanda\Downloads\audioextractor.exe Win32/InstallMonetizer.AF application C:\Users\Wanda\Downloads\cbsidlm-cbsi5_2_0_83-JetAudio_Basic-ORG2-10013740.exe a variant of Win32/CNETInstaller.A application C:\Users\Wanda\Downloads\cdbxp_setup_4.5.0.3661.exe Win32/OpenCandy application C:\Users\Wanda\Downloads\setup.exe Win32/OutBrowse.C application C:\Users\Zachary\Downloads\CheatEngine62.exe multiple threats

I uninstalled all of the Java programs using Revo and then added back both Java 7 and 6 since my son's friends use my laptop to play multiplayer Minecraft games. Yes, I know this is a security concern just like on the desktop but you know how it doesn't work on Java 6. Temp files were cleaned with CCleaner. The successful Malwarebytes log is below: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 1/13/2013 11:21:53 PM mbam-log-2013-01-13 (23-21-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 282895 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The HiJackthis log is below: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:35:47 PM, on 1/13/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe (file missing) O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe (file missing) O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\SysWOW64\PSIService.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15144 bytes My son's friend played Minecraft this afternoon and didn't report any problems on the laptop. It seems to be running better. Wanda

Thank you for reopening this post. Here is the Combofix scan with the extra commands log Gringo requested me to do. ComboFix 13-01-12.01 - Wanda 01/12/2013 23:12:52.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2392 [GMT -6:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe Command switches used :: c:\users\Wanda\Desktop\CFScript.txt FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanda\AppData\Roaming\Roaming c:\users\Wanda\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\users\Ben\AppData\Local\temp 2013-01-13 05:35 . 2013-01-13 05:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-13 04:41 . 2013-01-13 05:21 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-13 04:29 . 2012-11-28 16:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-12 20:56 . 2013-01-12 21:05 -------- d-----w- c:\users\Zachary\Warcraft III 1.21b TFT Installer enUS 2013-01-12 20:55 . 2013-01-12 23:03 -------- d-----w- c:\users\Zachary\Warcraft III 2013-01-12 20:55 . 2013-01-12 20:55 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2013-01-12 20:43 . 2013-01-12 20:53 -------- d-----w- c:\users\Zachary\Warcraft III 1.21b ROC Installer enUS 2013-01-11 16:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-10 23:48 . 2013-01-10 23:48 -------- d-----w- c:\users\Zachary\AppData\Local\DimensionU Games 2013-01-09 18:19 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:19 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:18 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:18 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:18 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:18 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:18 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:18 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:18 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 18:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 18:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 18:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 17:16 . 2013-01-09 19:53 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2013-01-09 17:16 . 2013-01-09 17:16 -------- d-----w- c:\program files (x86)\Acronis 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- C:\Plug-ins 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- c:\program files (x86)\MakeMusic 2012-12-31 15:53 . 2012-12-31 15:53 -------- d-----w- c:\program files\iPod 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files\iTunes 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files (x86)\iTunes 2012-12-30 20:28 . 2012-12-30 20:28 -------- d-----w- c:\users\Ben\AppData\Roaming\RealNetworks 2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\RealNetworks 2012-12-24 03:10 . 2012-12-24 03:10 -------- d-----w- c:\users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:07 -------- d-----w- c:\program files (x86)\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\programdata\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-12-24 03:03 . 2012-12-24 03:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03 . 2012-12-24 03:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 19:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 22:04 . 2012-12-15 22:04 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-12-15 21:06 . 2012-12-15 22:08 -------- d-----w- c:\users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03 . 2012-12-15 21:03 -------- d-----w- c:\users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02 . 2012-12-15 21:03 -------- d-----w- c:\program files (x86)\Coupon Companion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 22:41 . 2011-07-03 23:02 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:09 . 2012-04-04 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:09 . 2011-11-01 04:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 22:49 . 2012-06-30 21:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 18:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-15 21:56 . 2012-06-03 15:33 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56 . 2011-03-24 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-14 07:06 . 2012-12-12 16:05 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 16:05 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 16:06 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 16:06 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 16:06 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 16:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 16:06 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 16:06 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 16:06 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 16:06 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 16:06 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 16:06 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 16:06 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 16:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 16:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 16:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 16:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 16:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 15:59 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 15:56 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 15:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 20:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-24 295072] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-10 140672] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "ISW"="" [bU] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 23:46:18 ComboFix-quarantined-files.txt 2013-01-13 05:46 ComboFix2.txt 2013-01-12 15:59 ComboFix3.txt 2012-07-04 15:26 ComboFix4.txt 2012-07-04 00:46 . Pre-Run: 43,775,737,856 bytes free Post-Run: 43,062,157,312 bytes free . - - End Of File - - F28F313539937B6B77E68D32400AC1A9 My son's friend who used the laptop computer for several hours yesterday said it worked better than last weekend and didn't report any problems. Thank you for your assistance in finishing the clean up of this computer.

Wow it took awhile to run the Combofix but it did finish. I found out while looking at the log file that Windows Defender SP was still on. I didn't know I had this running in addition to my ZoneAlarm. I turned it off after running Combofix. The computer still seems slow in booting up and logging off but maybe that is due to all the extra programs running. I didn't see anything else unusual yesterday but truly didn't see anything unusual except for a bit slow boots and closedowns before I ran the monthly scan. I was actually surprised that it found a virus. Below is the log from the Combofix run: ComboFix 13-01-12.01 - Wanda 01/12/2013 9:19.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2555 [GMT -6:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\server.log . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 15:40 . 2013-01-12 15:40 -------- d-----w- c:\users\Ben\AppData\Local\temp 2013-01-11 16:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-10 23:48 . 2013-01-10 23:48 -------- d-----w- c:\users\Zachary\AppData\Local\DimensionU Games 2013-01-09 18:19 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:19 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:18 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:18 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:18 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:18 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:18 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:18 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:18 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 18:12 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 18:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 18:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 17:16 . 2013-01-09 19:53 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2013-01-09 17:16 . 2013-01-09 17:16 -------- d-----w- c:\program files (x86)\Acronis 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- C:\Plug-ins 2013-01-04 17:10 . 2013-01-04 17:10 -------- d-----w- c:\program files (x86)\MakeMusic 2012-12-31 15:53 . 2012-12-31 15:53 -------- d-----w- c:\program files\iPod 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files\iTunes 2012-12-31 15:53 . 2012-12-31 15:55 -------- d-----w- c:\program files (x86)\iTunes 2012-12-30 20:28 . 2012-12-30 20:28 -------- d-----w- c:\users\Ben\AppData\Roaming\RealNetworks 2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\RealNetworks 2012-12-24 03:10 . 2012-12-24 03:10 -------- d-----w- c:\users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:07 -------- d-----w- c:\program files (x86)\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\programdata\RealNetworks 2012-12-24 03:06 . 2012-12-24 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-12-24 03:03 . 2012-12-24 03:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03 . 2012-12-24 03:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 19:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 19:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-15 22:05 . 2012-12-15 22:05 -------- d-----w- c:\users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 22:04 . 2012-12-15 22:04 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-12-15 21:06 . 2012-12-15 22:08 -------- d-----w- c:\users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03 . 2012-12-15 21:03 -------- d-----w- c:\users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02 . 2012-12-15 21:03 -------- d-----w- c:\program files (x86)\Coupon Companion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 15:35 . 2012-07-04 17:47 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-09 22:41 . 2011-07-03 23:02 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:09 . 2012-04-04 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:09 . 2011-11-01 04:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 22:49 . 2012-06-30 21:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 18:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-15 21:56 . 2012-11-15 21:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:56 . 2012-06-03 15:33 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56 . 2011-03-24 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-14 07:06 . 2012-12-12 16:05 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 16:05 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 16:06 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 16:06 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 16:06 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 16:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 16:06 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 16:06 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 16:06 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 16:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 16:06 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 16:06 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 16:06 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 16:06 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 16:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 16:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 16:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 16:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 16:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 16:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 15:59 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 15:56 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 15:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 20:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-24 295072] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-10 140672] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-12-21 01:05 481480 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "ISW"="" [bU] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 09:59:27 ComboFix-quarantined-files.txt 2013-01-12 15:59 ComboFix2.txt 2012-07-04 15:26 ComboFix3.txt 2012-07-04 00:46 . Pre-Run: 44,014,526,464 bytes free Post-Run: 45,583,974,400 bytes free . - - End Of File - - 453FE3F174364B17AADD16101E31B6E2

Thank you for your quick response to my virus issue. Below are the logs that you requested: Security Check Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ZoneAlarm Extreme Security Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Spybot - Search & Destroy Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 37 Java 7 Update 9 Java SE Development Kit 6 Update 32 Java SE Development Kit 6 Update 33 Java SE Development Kit 6 Update 35 Java SE Development Kit 6 Update 37 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! BillP Studios WinPatrol WinPatrol.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log`````````````````````` Adware Cleaner # AdwCleaner v2.105 - Logfile created 01/11/2013 at 14:22:02 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Wanda - TOSHIBALAPTOP # Boot Mode : Normal # Running from : C:\Users\Wanda\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\user.js Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Wanda\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Wanda\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Wanda\AppData\Roaming\yourfiledownloader Folder Deleted : C:\Users\Zachary\AppData\Local\Conduit Folder Deleted : C:\Users\Zachary\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Zachary\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\SweetIM Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Zachary\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3719 octets] - [11/01/2013 14:22:02] ########## EOF - C:\AdwCleaner[s1].txt - [3779 octets] ########## Rouge Killer Report 1 RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Wanda [Admin rights] Mode : Scan -- Date : 01/11/2013 14:33:49 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 12 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Craftbukkit server - Shortcut.lnk @Zachary : C:\Users\Zachary\Desktop\Craftbukkit server -> FOUND [sTARTUP][sUSP PATH] Play Roblox.lnk @Zachary : C:\Users\Wanda\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\Roblox.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++ --- User --- [MBR] 9a16b4edb03fb02adc82e492c63f619a [bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289686 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01112013_02d1433.txt >> RKreport[1]_S_01112013_02d1433.txt Rouge Killer Report 2 RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Wanda [Admin rights] Mode : Remove -- Date : 01/11/2013 14:34:35 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED [sTARTUP][sUSP PATH] Craftbukkit server - Shortcut.lnk @Zachary : C:\Users\Zachary\Desktop\Craftbukkit server -> DELETED [sTARTUP][sUSP PATH] Play Roblox.lnk @Zachary : C:\Users\Wanda\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\Roblox.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++ --- User --- [MBR] 9a16b4edb03fb02adc82e492c63f619a [bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289686 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01112013_02d1434.txt >> RKreport[1]_S_01112013_02d1433.txt ; RKreport[2]_D_01112013_02d1434.txt

When I did my monthly full computer Malwarebytes scan yesterday, it found the PUP.Crossfire.SA virus in two registry values. It quarantined and removed these entries but I am not sure if the full virus problem has been cleaned up by Malwarebytes. The computer was been a bit slow and having occasional popup blank messages but don't know if the virus is causing that. Sorry I don't have much details since the last month has been crazy with the holidays and I just try to quickly do what I need to on the computer and then get off. Thank you for you assistance in verifying the virus has been fully cleaned from my computer. Wanda Below is the original Malwarebytes scan log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 1/10/2013 12:21:12 PM mbam-log-2013-01-10 (12-21-12).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 644315 Time elapsed: 3 hour(s), 6 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Below is the requested dds.txt log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Wanda at 11:59:24 on 2013-01-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1959 [GMT -6:00] . AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\System32\svchost.exe -k netsvcs C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Prey\platform\windows\cronsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\windows\SysWOW64\PSIService.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\windows\system32\vssvc.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k swprv C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\windows\system32\UI0Detect.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\windows\splwow64.exe C:\windows\system32\taskeng.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{07B503F0-69D1-418D-B7C9-9AB8B8DF3E4A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{3747888A-9252-4A1E-AB08-0CF43D921E1E} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [iSW] <no file> x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2010-10-14 11864] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-10-19 827520] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-10-20 2823512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-5 1153368] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-21 2656280] R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-21 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\System32\drivers\stdriver64.sys [2011-9-15 103512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-7-5 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-22 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-22 307304] S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-3 1255736] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-11 16:32:45 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51E00C68-E3C7-4DAA-8E06-2804019A4D9E}\mpengine.dll 2013-01-09 18:19:28 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-09 18:19:28 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 18:18:32 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-09 18:18:32 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-09 18:18:31 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-09 18:18:31 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-09 18:18:28 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-09 18:18:28 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-09 18:18:23 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-09 18:18:23 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-09 18:12:47 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-01-09 18:10:39 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-09 18:10:37 3149824 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 17:10:45 -------- d-----w- C:\Plug-ins 2013-01-04 17:10:41 -------- d-----w- C:\Program Files (x86)\MakeMusic 2012-12-31 15:53:26 -------- d-----w- C:\Program Files\iPod 2012-12-31 15:53:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 15:53:25 -------- d-----w- C:\Program Files\iTunes 2012-12-31 15:53:25 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-24 03:10:07 -------- d-----w- C:\Users\Wanda\AppData\Roaming\RealNetworks 2012-12-24 03:06:58 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-12-24 03:06:47 -------- d-----w- C:\ProgramData\RealNetworks 2012-12-24 03:06:00 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-12-24 03:03:52 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2012-12-24 03:03:52 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-12-21 19:33:43 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 19:33:43 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 19:33:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 19:33:42 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 22:05:15 -------- d-----w- C:\ProgramData\Canneverbe Limited 2012-12-15 22:05:14 -------- d-----w- C:\Users\Wanda\AppData\Roaming\Canneverbe Limited 2012-12-15 21:06:36 -------- d-----w- C:\Users\Wanda\AppData\Roaming\COWON 2012-12-15 21:03:07 -------- d-----w- C:\Users\Wanda\AppData\Local\Coupon Companion 2012-12-15 21:02:52 -------- d-----w- C:\Program Files (x86)\Coupon Companion . ==================== Find3M ==================== . 2013-01-11 17:50:12 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat 2013-01-09 19:09:30 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 19:09:30 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 22:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-15 21:56:13 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:56:11 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-11-15 21:56:11 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-08 17:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll 2012-11-08 03:07:56 2880 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-25 09:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll . ============= FINISH: 12:02:17.76 =============== Attached is the DDS Attach Log File. attach.txt

Yes I planned to change all of our accounts passwords once both machines were as clean as possible. That appears to be now the case with all of your assistance. Thank you again for all your help and assistance.

Sorry for the delay. I ran the Dr. Web Cure-It express scan under my son's account and it didn't find anything that needed to be cured. There was no scan report in the Menu bar's File report list. I did find the detailed scan log in a DoctorWeb folder under my son's C:/Users account. It is too large to paste into one post since it lists every file checked. Below is the summary results at the end: ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Scanned: 26049 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1287 Kb/s Scan time: 0:19:22 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 26050 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1294 Kb/s Scan time: 0:19:22 ============================================================================= Thank you for your time.

Ok, the Eset Online Scan is not running correctly like on the other machine. My son did the first scan under his ID and then I did it again under my ID but we both were not able to get a full scan log to write. Once the scan downloaded the virus file updates and started, I even turned off our wireless internet access and then all firewalls and antivirus programs to make sure none of them were stopping the writing of the log. It looked like the initial part of the log was written. Here it is below: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 We also saved the reported found items displayed at the end of the scan: C:\Users\Ben\Desktop\Training\Oracle PeopleSoft\speedupmypc.exe Win32/SpeedUpMyPC application C:\Users\Big Disk Backup\Laptop SyncBack\Wanda\Local Settings\Apps\2.0\712G7RZB.1KW\VGQKYAMZ.VQJ\inst..tion_d0587fc617210d12_0000.0001_fd40a442e685358f\installiqexe.exe probably a variant of Win32/InstallIQ application I am sure that I followed your directions and did it the same as the laptop scan. Any ideas on why a full log is not writing? Wanda

Sorry for the delay in getting back with you. We have been dealing with my stepfather-in-laws hospitalization and then passing this weekend. I will try and get my son to do the scan tomorrow.

Yes this is a post for the second computer, my son's, and the not the one you already help me clean up. I ran the ComboFix scan on this computer this morning. It ran much faster than my first laptop scan. Below is the log from the scan: ComboFix 12-07-07.04 - Zachary 07/07/2012 10:46:35.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.3957 [GMT -5:00] Running from: c:\users\Zachary\Desktop\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanda\Documents\~WRL2629.tmp c:\users\Zachary\AppData\Local\Temp\IswTmp\WH\0 . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 15:58 . 2012-07-07 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 19:37 . 2012-07-02 19:37 -------- d-----w- c:\users\Wanda\AppData\Roaming\Sony 2012-07-02 19:37 . 2012-07-02 19:37 -------- d-----w- c:\users\Wanda\AppData\Local\Sony 2012-07-02 19:30 . 2012-07-02 19:30 -------- d-----w- c:\users\Wanda\AppData\Roaming\Roxio Log Files 2012-07-02 17:21 . 2012-07-02 17:21 -------- d-----w- c:\users\Wanda\AppData\Roaming\PDAppFlex 2012-07-01 13:05 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-07-01 13:05 . 2012-07-01 13:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-28 20:25 . 2012-06-28 20:25 -------- d-----w- c:\users\Zachary\AppData\Roaming\Malwarebytes 2012-06-26 13:32 . 2012-06-26 13:32 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-06-25 16:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 16:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 16:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 16:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 16:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 16:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 16:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 16:45 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 16:45 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 20:18 . 2012-05-04 23:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 15:05 . 2012-06-26 23:52 -------- d-----w- c:\users\Zachary\AppData\Local\Eclipse 2012-06-19 15:04 . 2012-06-22 20:31 -------- d-----w- c:\users\Zachary\workspace 2012-06-18 21:38 . 2012-06-18 21:38 -------- d-----w- c:\users\Zachary\AppData\Roaming\CodeBlocks 2012-06-18 21:29 . 2012-06-19 00:54 -------- d-----w- c:\program files (x86)\The Game Creators 2012-06-14 18:00 . 2012-07-07 15:31 -------- d-----w- c:\users\Zachary\AppData\Roaming\Skype 2012-06-14 18:00 . 2012-07-07 15:30 -------- d-----r- c:\program files (x86)\Skype 2012-06-14 18:00 . 2012-06-14 18:00 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-06-14 01:37 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 01:37 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 01:37 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 01:36 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 01:36 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 01:36 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 01:36 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 01:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 01:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 01:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 01:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 01:34 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:34 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:34 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:34 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 01:34 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 01:34 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 17:28 . 2012-06-22 15:52 -------- d-----w- c:\users\Zachary\AppData\Local\WMTools Downloaded Files 2012-06-12 17:13 . 2012-06-12 17:13 -------- d-----w- c:\program files (x86)\Movie Maker 2.6 2012-06-12 15:48 . 2012-06-12 15:48 -------- d-----w- c:\users\Zachary\AppData\Roaming\Verizon 2012-06-12 15:48 . 2012-06-12 15:48 -------- d-----w- c:\programdata\Verizon 2012-06-12 15:38 . 2012-06-12 15:38 -------- d-----w- c:\program files (x86)\Verizon 2012-06-11 20:27 . 2012-06-11 20:48 -------- d-----w- c:\users\Zachary\AppData\Local\Roblox 2012-06-11 16:20 . 2012-06-11 16:20 -------- d-----w- c:\users\Zachary\AppData\Local\APN 2012-06-11 16:03 . 2012-07-02 19:30 -------- d-----w- c:\program files (x86)\Port Forwarding Wizard 2012-06-11 15:06 . 2012-06-11 15:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-06-11 15:02 . 2012-06-18 15:04 -------- d-----w- c:\programdata\NCH Software 2012-06-11 14:59 . 2012-06-19 00:56 -------- d-----w- c:\program files (x86)\NCH Software 2012-06-11 14:59 . 2012-06-18 15:04 -------- d-----w- c:\users\Zachary\AppData\Roaming\NCH Software 2012-06-11 14:46 . 2012-06-11 14:55 -------- d-----w- c:\users\Zachary\Adobe Premiere Pro CS6 2012-06-11 14:45 . 2012-06-11 14:45 -------- d-----w- c:\users\Zachary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-11 14:45 . 2012-06-11 14:45 -------- d-----w- c:\program files (x86)\Adobe Download Assistant . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-02 19:11 . 2011-06-03 22:19 540896 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2012-07-02 00:42 . 2012-03-28 12:40 426184 ------w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-02 00:42 . 2011-06-07 16:40 70344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-10 12:58 . 2011-02-25 16:34 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-10 12:58 . 2011-02-25 15:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-09 21:56 . 2012-06-09 21:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-05-31 17:25 . 2011-09-22 17:57 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 04:04 . 2012-07-06 19:25 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53AB1619-7578-47E4-8F8E-985F66686DF8}\mpengine.dll 2012-05-28 16:33 . 2012-05-28 16:33 98304 ------w- c:\windows\SysWow64\CmdLineExt.dll 2012-05-18 03:07 . 2012-05-18 03:09 772552 ------w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-18 03:07 . 2011-02-22 17:40 687560 ------w- c:\windows\SysWow64\deployJava1.dll 2012-05-05 20:11 . 2012-04-14 11:11 8769696 ------w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 23:32 . 2011-02-22 17:40 839056 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-27 1242448] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Verizon Media Manager"="c:\program files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2012-05-09 1523712] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "WinPatrol [FREE Edition]"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 20:20 325000] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 1118040] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0047471314372254mcinstcleanup;McAfee Application Installer Cleanup (0047471314372254);c:\windows\TEMP\004747~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 257224] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-11-28 487312] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-25 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-01 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-06 987648] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 00:42] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1003Core.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:06] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1003UA.job - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:06] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 23:21] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 23:21] . 2012-03-07 c:\windows\Tasks\Norton Security Scan for Ben.job - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-14 03:43] . 2012-07-02 c:\windows\Tasks\Norton Security Scan for Wanda.job - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-14 03:43] . 2012-07-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . 2012-07-07 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bakugan.com/home.html mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-Locked - (no file) WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file) HKLM-Run-ISW - (no file) AddRemove-{90140000-0015-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{15058154-469F-4794-ACD5-94F8420F9B80} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{995A7832-B512-46D5-87C9-2D71FB541435} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.AccessR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-002C-0409-0000-0000000FF1CE}_Office14.AccessR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessR_{4560037C-E356-444A-A015-D21F487D809E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe AddRemove-{90140000-0117-0409-0000-0000000FF1CE}_Office14.AccessR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE . ************************************************************************** . Completion time: 2012-07-07 11:14:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-07 16:14 . Pre-Run: 861,820,968,960 bytes free Post-Run: 862,948,364,288 bytes free . - - End Of File - - C1DA00B5EAC5775589239CF55BC01764 After the scan I let my son play on the computer a bit. He said it was about the same with his Java based games occasionally lagging a bit. I don't know if this is due to malware or not. Thank you for your help again, Wanda and son Zachary

The link above is for a different computer than the ones I posted logs for in this link. We have two computers. The first forum posting was for my laptop that I primarily use. The second posting is for my son's computer that I used occasionally. I still need help in cleaning up this desktop since I don' want to run tools without direction from knowledgeable people in this forum.

Thank you for all your assistance to get the computer as clean as possible. Is there any last steps I need to do? Also I put a post in the forum yesterday asking for assistance in cleaning up my son's computer. I would love to work with you again as you have been very detailed in the steps needed to do so everything was simplified to execute. Wanda

Here is the log from the TDSSKiller scan I did this morning. 09:22:08.0187 4272 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 09:22:08.0911 4272 ============================================================ 09:22:08.0911 4272 Current date / time: 2012/07/06 09:22:08.0911 09:22:08.0911 4272 SystemInfo: 09:22:08.0911 4272 09:22:08.0911 4272 OS Version: 6.1.7601 ServicePack: 1.0 09:22:08.0911 4272 Product type: Workstation 09:22:08.0911 4272 ComputerName: TOSHIBALAPTOP 09:22:08.0912 4272 UserName: Wanda 09:22:08.0912 4272 Windows directory: C:\windows 09:22:08.0912 4272 System windows directory: C:\windows 09:22:08.0912 4272 Running under WOW64 09:22:08.0912 4272 Processor architecture: Intel x64 09:22:08.0912 4272 Number of processors: 2 09:22:08.0912 4272 Page size: 0x1000 09:22:08.0912 4272 Boot type: Normal boot 09:22:08.0912 4272 ============================================================ 09:22:10.0246 4272 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:22:10.0254 4272 ============================================================ 09:22:10.0254 4272 \Device\Harddisk0\DR0: 09:22:10.0254 4272 MBR partitions: 09:22:10.0254 4272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235CB000 09:22:10.0254 4272 ============================================================ 09:22:10.0296 4272 C: <-> \Device\Harddisk0\DR0\Partition0 09:22:10.0296 4272 ============================================================ 09:22:10.0296 4272 Initialize success 09:22:10.0296 4272 ============================================================ 09:22:58.0146 5856 ============================================================ 09:22:58.0146 5856 Scan started 09:22:58.0146 5856 Mode: Manual; SigCheck; TDLFS; 09:22:58.0146 5856 ============================================================ 09:22:58.0871 5856 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 09:22:59.0166 5856 !SASCORE - ok 09:22:59.0476 5856 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 09:22:59.0608 5856 1394ohci - ok 09:22:59.0663 5856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 09:22:59.0751 5856 ACPI - ok 09:22:59.0776 5856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 09:22:59.0911 5856 AcpiPmi - ok 09:23:00.0021 5856 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:23:00.0073 5856 AdobeARMservice - ok 09:23:00.0216 5856 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:23:00.0266 5856 AdobeFlashPlayerUpdateSvc - ok 09:23:00.0366 5856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 09:23:00.0458 5856 adp94xx - ok 09:23:00.0501 5856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 09:23:00.0583 5856 adpahci - ok 09:23:00.0631 5856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 09:23:00.0706 5856 adpu320 - ok 09:23:00.0743 5856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 09:23:00.0958 5856 AeLookupSvc - ok 09:23:01.0043 5856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 09:23:01.0193 5856 AFD - ok 09:23:01.0236 5856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 09:23:01.0308 5856 agp440 - ok 09:23:01.0346 5856 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 09:23:01.0433 5856 ALG - ok 09:23:01.0468 5856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 09:23:01.0538 5856 aliide - ok 09:23:01.0543 5856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 09:23:01.0614 5856 amdide - ok 09:23:01.0649 5856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 09:23:01.0752 5856 AmdK8 - ok 09:23:01.0777 5856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 09:23:01.0874 5856 AmdPPM - ok 09:23:01.0942 5856 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 09:23:02.0014 5856 amdsata - ok 09:23:02.0054 5856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 09:23:02.0134 5856 amdsbs - ok 09:23:02.0182 5856 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 09:23:02.0252 5856 amdxata - ok 09:23:02.0294 5856 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 09:23:02.0532 5856 AppID - ok 09:23:02.0577 5856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 09:23:02.0724 5856 AppIDSvc - ok 09:23:02.0769 5856 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 09:23:02.0912 5856 Appinfo - ok 09:23:03.0052 5856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:23:03.0102 5856 Apple Mobile Device - ok 09:23:03.0167 5856 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 09:23:03.0234 5856 arc - ok 09:23:03.0257 5856 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 09:23:03.0324 5856 arcsas - ok 09:23:03.0439 5856 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 09:23:03.0502 5856 aspnet_state - ok 09:23:03.0547 5856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 09:23:03.0694 5856 AsyncMac - ok 09:23:03.0712 5856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 09:23:03.0777 5856 atapi - ok 09:23:03.0839 5856 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:23:03.0984 5856 AudioEndpointBuilder - ok 09:23:04.0002 5856 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:23:04.0144 5856 AudioSrv - ok 09:23:04.0182 5856 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 09:23:04.0322 5856 AxInstSV - ok 09:23:04.0387 5856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 09:23:04.0492 5856 b06bdrv - ok 09:23:04.0524 5856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 09:23:04.0627 5856 b57nd60a - ok 09:23:04.0674 5856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 09:23:04.0764 5856 BDESVC - ok 09:23:04.0787 5856 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 09:23:04.0942 5856 Beep - ok 09:23:05.0024 5856 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 09:23:05.0184 5856 BFE - ok 09:23:05.0244 5856 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll 09:23:05.0439 5856 BITS - ok 09:23:05.0514 5856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 09:23:05.0612 5856 blbdrive - ok 09:23:05.0729 5856 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 09:23:05.0797 5856 Bonjour Service - ok 09:23:05.0834 5856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 09:23:05.0949 5856 bowser - ok 09:23:05.0992 5856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 09:23:06.0097 5856 BrFiltLo - ok 09:23:06.0112 5856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 09:23:06.0217 5856 BrFiltUp - ok 09:23:06.0294 5856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys 09:23:06.0437 5856 BridgeMP - ok 09:23:06.0484 5856 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 09:23:06.0627 5856 Browser - ok 09:23:06.0687 5856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 09:23:06.0799 5856 Brserid - ok 09:23:06.0832 5856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 09:23:06.0932 5856 BrSerWdm - ok 09:23:06.0957 5856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 09:23:07.0059 5856 BrUsbMdm - ok 09:23:07.0089 5856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 09:23:07.0182 5856 BrUsbSer - ok 09:23:07.0214 5856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 09:23:07.0322 5856 BTHMODEM - ok 09:23:07.0372 5856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 09:23:07.0527 5856 bthserv - ok 09:23:07.0559 5856 catchme - ok 09:23:07.0594 5856 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 09:23:07.0752 5856 cdfs - ok 09:23:07.0792 5856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 09:23:07.0884 5856 cdrom - ok 09:23:07.0927 5856 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:23:08.0069 5856 CertPropSvc - ok 09:23:08.0119 5856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 09:23:08.0219 5856 circlass - ok 09:23:08.0277 5856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 09:23:08.0367 5856 CLFS - ok 09:23:08.0449 5856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:23:08.0527 5856 clr_optimization_v2.0.50727_32 - ok 09:23:08.0569 5856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:23:08.0633 5856 clr_optimization_v2.0.50727_64 - ok 09:23:08.0718 5856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:23:08.0793 5856 clr_optimization_v4.0.30319_32 - ok 09:23:08.0860 5856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:23:08.0923 5856 clr_optimization_v4.0.30319_64 - ok 09:23:08.0958 5856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 09:23:09.0063 5856 CmBatt - ok 09:23:09.0105 5856 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 09:23:09.0178 5856 cmdide - ok 09:23:09.0238 5856 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 09:23:09.0365 5856 CNG - ok 09:23:09.0475 5856 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys 09:23:09.0633 5856 CnxtHdAudService - ok 09:23:09.0750 5856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 09:23:09.0818 5856 Compbatt - ok 09:23:09.0850 5856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 09:23:09.0948 5856 CompositeBus - ok 09:23:09.0968 5856 COMSysApp - ok 09:23:10.0035 5856 cpuz135 - ok 09:23:10.0075 5856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 09:23:10.0145 5856 crcdisk - ok 09:23:10.0215 5856 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe 09:23:10.0250 5856 CronService ( UnsignedFile.Multi.Generic ) - warning 09:23:10.0250 5856 CronService - detected UnsignedFile.Multi.Generic (1) 09:23:10.0333 5856 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 09:23:10.0448 5856 CryptSvc - ok 09:23:10.0613 5856 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 09:23:10.0700 5856 cvhsvc - ok 09:23:10.0775 5856 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:23:10.0935 5856 DcomLaunch - ok 09:23:10.0983 5856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 09:23:11.0145 5856 defragsvc - ok 09:23:11.0220 5856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 09:23:11.0378 5856 DfsC - ok 09:23:11.0433 5856 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 09:23:11.0583 5856 Dhcp - ok 09:23:11.0610 5856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 09:23:11.0768 5856 discache - ok 09:23:11.0815 5856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 09:23:11.0885 5856 Disk - ok 09:23:11.0928 5856 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 09:23:12.0018 5856 Dnscache - ok 09:23:12.0058 5856 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 09:23:12.0210 5856 dot3svc - ok 09:23:12.0235 5856 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 09:23:12.0380 5856 DPS - ok 09:23:12.0418 5856 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 09:23:12.0520 5856 drmkaud - ok 09:23:12.0580 5856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 09:23:12.0703 5856 DXGKrnl - ok 09:23:12.0738 5856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 09:23:12.0880 5856 EapHost - ok 09:23:13.0073 5856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 09:23:13.0310 5856 ebdrv - ok 09:23:13.0423 5856 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 09:23:13.0503 5856 EFS - ok 09:23:13.0585 5856 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 09:23:13.0718 5856 ehRecvr - ok 09:23:13.0765 5856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 09:23:13.0845 5856 ehSched - ok 09:23:13.0938 5856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 09:23:14.0030 5856 elxstor - ok 09:23:14.0045 5856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 09:23:14.0138 5856 ErrDev - ok 09:23:14.0205 5856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 09:23:14.0358 5856 EventSystem - ok 09:23:14.0423 5856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 09:23:14.0575 5856 exfat - ok 09:23:14.0610 5856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 09:23:14.0780 5856 fastfat - ok 09:23:14.0845 5856 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 09:23:14.0943 5856 Fax - ok 09:23:14.0973 5856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 09:23:15.0063 5856 fdc - ok 09:23:15.0110 5856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 09:23:15.0263 5856 fdPHost - ok 09:23:15.0283 5856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 09:23:15.0410 5856 FDResPub - ok 09:23:15.0455 5856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 09:23:15.0525 5856 FileInfo - ok 09:23:15.0540 5856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 09:23:15.0708 5856 Filetrace - ok 09:23:15.0743 5856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 09:23:15.0823 5856 flpydisk - ok 09:23:15.0873 5856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 09:23:15.0960 5856 FltMgr - ok 09:23:16.0090 5856 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 09:23:16.0200 5856 FontCache - ok 09:23:16.0260 5856 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:23:16.0310 5856 FontCache3.0.0.0 - ok 09:23:16.0345 5856 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 09:23:16.0415 5856 FsDepends - ok 09:23:16.0473 5856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys 09:23:16.0538 5856 fssfltr - ok 09:23:16.0694 5856 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 09:23:16.0839 5856 fsssvc - ok 09:23:16.0976 5856 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 09:23:17.0046 5856 Fs_Rec - ok 09:23:17.0099 5856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 09:23:17.0189 5856 fvevol - ok 09:23:17.0234 5856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 09:23:17.0304 5856 gagp30kx - ok 09:23:17.0344 5856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 09:23:17.0406 5856 GEARAspiWDM - ok 09:23:17.0476 5856 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 09:23:17.0641 5856 gpsvc - ok 09:23:17.0734 5856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:23:17.0809 5856 gupdate - ok 09:23:17.0854 5856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:23:17.0904 5856 gupdatem - ok 09:23:17.0984 5856 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:23:18.0059 5856 gusvc - ok 09:23:18.0121 5856 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys 09:23:18.0179 5856 hamachi - ok 09:23:18.0366 5856 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 09:23:18.0516 5856 Hamachi2Svc - ok 09:23:18.0626 5856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 09:23:18.0716 5856 hcw85cir - ok 09:23:18.0779 5856 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 09:23:18.0894 5856 HdAudAddService - ok 09:23:18.0921 5856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 09:23:19.0026 5856 HDAudBus - ok 09:23:19.0046 5856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 09:23:19.0124 5856 HidBatt - ok 09:23:19.0169 5856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 09:23:19.0276 5856 HidBth - ok 09:23:19.0321 5856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 09:23:19.0409 5856 HidIr - ok 09:23:19.0434 5856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 09:23:19.0574 5856 hidserv - ok 09:23:19.0624 5856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 09:23:19.0706 5856 HidUsb - ok 09:23:19.0744 5856 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 09:23:19.0904 5856 hkmsvc - ok 09:23:19.0934 5856 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 09:23:20.0029 5856 HomeGroupListener - ok 09:23:20.0074 5856 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 09:23:20.0159 5856 HomeGroupProvider - ok 09:23:20.0196 5856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 09:23:20.0271 5856 HpSAMD - ok 09:23:20.0424 5856 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 09:23:20.0491 5856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 09:23:20.0491 5856 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 09:23:20.0554 5856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 09:23:20.0734 5856 HTTP - ok 09:23:20.0781 5856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 09:23:20.0849 5856 hwpolicy - ok 09:23:20.0879 5856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 09:23:20.0966 5856 i8042prt - ok 09:23:21.0029 5856 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 09:23:21.0096 5856 iaStor - ok 09:23:21.0171 5856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 09:23:21.0256 5856 iaStorV - ok 09:23:21.0341 5856 icsak (5408b2175c7fae5ce22a05d6a91aecf4) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys 09:23:21.0406 5856 icsak - ok 09:23:21.0529 5856 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 09:23:21.0594 5856 IDriverT ( UnsignedFile.Multi.Generic ) - warning 09:23:21.0594 5856 IDriverT - detected UnsignedFile.Multi.Generic (1) 09:23:21.0699 5856 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:23:21.0811 5856 idsvc - ok 09:23:22.0464 5856 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys 09:23:23.0104 5856 igfx - ok 09:23:23.0224 5856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 09:23:23.0286 5856 iirsp - ok 09:23:23.0351 5856 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 09:23:23.0514 5856 IKEEXT - ok 09:23:23.0549 5856 InCDfs - ok 09:23:23.0574 5856 InCDPass - ok 09:23:23.0601 5856 InCDrec - ok 09:23:23.0614 5856 incdrm - ok 09:23:23.0671 5856 InCDsrv - ok 09:23:23.0679 5856 InCDsrvR - ok 09:23:23.0746 5856 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 09:23:23.0856 5856 IntcDAud - ok 09:23:23.0879 5856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 09:23:23.0949 5856 intelide - ok 09:23:23.0986 5856 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 09:23:24.0079 5856 intelppm - ok 09:23:24.0214 5856 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 09:23:24.0262 5856 IntuitUpdateService - ok 09:23:24.0319 5856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 09:23:24.0467 5856 IPBusEnum - ok 09:23:24.0519 5856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 09:23:24.0670 5856 IpFilterDriver - ok 09:23:24.0728 5856 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 09:23:24.0880 5856 iphlpsvc - ok 09:23:24.0905 5856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 09:23:25.0000 5856 IPMIDRV - ok 09:23:25.0013 5856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 09:23:25.0158 5856 IPNAT - ok 09:23:25.0328 5856 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 09:23:25.0415 5856 iPod Service - ok 09:23:25.0443 5856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 09:23:25.0538 5856 IRENUM - ok 09:23:25.0560 5856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 09:23:25.0630 5856 isapnp - ok 09:23:25.0660 5856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 09:23:25.0745 5856 iScsiPrt - ok 09:23:25.0818 5856 ISWKL (0af2f3ecdcd2470b856b211b4867fc63) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 09:23:25.0880 5856 ISWKL - ok 09:23:25.0965 5856 IswSvc (2ec3c30ac72fa7f1dab43514cda61e80) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 09:23:26.0045 5856 IswSvc - ok 09:23:26.0070 5856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 09:23:26.0143 5856 kbdclass - ok 09:23:26.0185 5856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 09:23:26.0285 5856 kbdhid - ok 09:23:26.0320 5856 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:26.0385 5856 KeyIso - ok 09:23:26.0450 5856 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys 09:23:26.0530 5856 KL1 - ok 09:23:26.0548 5856 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys 09:23:26.0608 5856 kl2 - ok 09:23:26.0655 5856 KLIF (a4813ee804a1d96dcb01aefd7f565c6b) C:\windows\system32\DRIVERS\klif.sys 09:23:26.0735 5856 KLIF - ok 09:23:26.0775 5856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 09:23:26.0848 5856 KSecDD - ok 09:23:26.0868 5856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 09:23:26.0945 5856 KSecPkg - ok 09:23:26.0978 5856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 09:23:27.0135 5856 ksthunk - ok 09:23:27.0183 5856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 09:23:27.0353 5856 KtmRm - ok 09:23:27.0400 5856 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys 09:23:27.0470 5856 L1C - ok 09:23:27.0518 5856 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll 09:23:27.0665 5856 LanmanServer - ok 09:23:27.0713 5856 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 09:23:27.0860 5856 LanmanWorkstation - ok 09:23:27.0933 5856 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 09:23:28.0098 5856 lltdio - ok 09:23:28.0155 5856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 09:23:28.0320 5856 lltdsvc - ok 09:23:28.0343 5856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 09:23:28.0488 5856 lmhosts - ok 09:23:28.0575 5856 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:23:28.0638 5856 LMS - ok 09:23:28.0673 5856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 09:23:28.0743 5856 LSI_FC - ok 09:23:28.0765 5856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 09:23:28.0840 5856 LSI_SAS - ok 09:23:28.0855 5856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 09:23:28.0928 5856 LSI_SAS2 - ok 09:23:28.0963 5856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 09:23:29.0038 5856 LSI_SCSI - ok 09:23:29.0065 5856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 09:23:29.0228 5856 luafv - ok 09:23:29.0285 5856 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 09:23:29.0365 5856 Mcx2Svc - ok 09:23:29.0393 5856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 09:23:29.0463 5856 megasas - ok 09:23:29.0525 5856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 09:23:29.0613 5856 MegaSR - ok 09:23:29.0655 5856 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 09:23:29.0715 5856 MEIx64 - ok 09:23:29.0770 5856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:23:29.0913 5856 MMCSS - ok 09:23:29.0953 5856 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 09:23:30.0110 5856 Modem - ok 09:23:30.0138 5856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 09:23:30.0235 5856 monitor - ok 09:23:30.0288 5856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 09:23:30.0360 5856 mouclass - ok 09:23:30.0380 5856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 09:23:30.0475 5856 mouhid - ok 09:23:30.0523 5856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 09:23:30.0595 5856 mountmgr - ok 09:23:30.0625 5856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 09:23:30.0703 5856 mpio - ok 09:23:30.0728 5856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 09:23:30.0870 5856 mpsdrv - ok 09:23:30.0935 5856 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 09:23:31.0108 5856 MpsSvc - ok 09:23:31.0133 5856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 09:23:31.0250 5856 MRxDAV - ok 09:23:31.0285 5856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 09:23:31.0408 5856 mrxsmb - ok 09:23:31.0455 5856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 09:23:31.0550 5856 mrxsmb10 - ok 09:23:31.0583 5856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 09:23:31.0665 5856 mrxsmb20 - ok 09:23:31.0698 5856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 09:23:31.0768 5856 msahci - ok 09:23:31.0790 5856 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 09:23:31.0865 5856 msdsm - ok 09:23:31.0910 5856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 09:23:32.0003 5856 MSDTC - ok 09:23:32.0033 5856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 09:23:32.0173 5856 Msfs - ok 09:23:32.0193 5856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 09:23:32.0348 5856 mshidkmdf - ok 09:23:32.0385 5856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 09:23:32.0448 5856 msisadrv - ok 09:23:32.0498 5856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 09:23:32.0650 5856 MSiSCSI - ok 09:23:32.0658 5856 msiserver - ok 09:23:32.0700 5856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 09:23:32.0858 5856 MSKSSRV - ok 09:23:32.0885 5856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 09:23:33.0035 5856 MSPCLOCK - ok 09:23:33.0075 5856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 09:23:33.0223 5856 MSPQM - ok 09:23:33.0258 5856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 09:23:33.0343 5856 MsRPC - ok 09:23:33.0373 5856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 09:23:33.0445 5856 mssmbios - ok 09:23:33.0485 5856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 09:23:33.0639 5856 MSTEE - ok 09:23:33.0686 5856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 09:23:33.0764 5856 MTConfig - ok 09:23:33.0786 5856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 09:23:33.0856 5856 Mup - ok 09:23:33.0901 5856 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 09:23:34.0056 5856 napagent - ok 09:23:34.0114 5856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 09:23:34.0229 5856 NativeWifiP - ok 09:23:34.0306 5856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 09:23:34.0426 5856 NDIS - ok 09:23:34.0454 5856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 09:23:34.0611 5856 NdisCap - ok 09:23:34.0644 5856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 09:23:34.0784 5856 NdisTapi - ok 09:23:34.0819 5856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 09:23:34.0976 5856 Ndisuio - ok 09:23:35.0009 5856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 09:23:35.0166 5856 NdisWan - ok 09:23:35.0219 5856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 09:23:35.0366 5856 NDProxy - ok 09:23:35.0404 5856 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 09:23:35.0441 5856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:23:35.0441 5856 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:23:35.0476 5856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 09:23:35.0631 5856 NetBIOS - ok 09:23:35.0671 5856 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 09:23:35.0814 5856 NetBT - ok 09:23:35.0864 5856 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:35.0929 5856 Netlogon - ok 09:23:35.0976 5856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 09:23:36.0126 5856 Netman - ok 09:23:36.0249 5856 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0316 5856 NetMsmqActivator - ok 09:23:36.0324 5856 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0374 5856 NetPipeActivator - ok 09:23:36.0431 5856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 09:23:36.0581 5856 netprofm - ok 09:23:36.0604 5856 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0654 5856 NetTcpActivator - ok 09:23:36.0661 5856 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:23:36.0711 5856 NetTcpPortSharing - ok 09:23:36.0771 5856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 09:23:36.0836 5856 nfrd960 - ok 09:23:36.0889 5856 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 09:23:37.0031 5856 NlaSvc - ok 09:23:37.0276 5856 NOBU (deea1db5275a9667a909a4f0e8d14fc5) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 09:23:37.0459 5856 NOBU - ok 09:23:37.0546 5856 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll 09:23:37.0611 5856 nosGetPlusHelper - ok 09:23:37.0721 5856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 09:23:37.0864 5856 Npfs - ok 09:23:37.0889 5856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 09:23:38.0034 5856 nsi - ok 09:23:38.0064 5856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 09:23:38.0206 5856 nsiproxy - ok 09:23:38.0314 5856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 09:23:38.0464 5856 Ntfs - ok 09:23:38.0564 5856 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 09:23:38.0704 5856 Null - ok 09:23:38.0761 5856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 09:23:38.0841 5856 nvraid - ok 09:23:38.0869 5856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 09:23:38.0946 5856 nvstor - ok 09:23:38.0994 5856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 09:23:39.0069 5856 nv_agp - ok 09:23:39.0104 5856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 09:23:39.0206 5856 ohci1394 - ok 09:23:39.0319 5856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:23:39.0396 5856 ose - ok 09:23:39.0649 5856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:23:40.0004 5856 osppsvc - ok 09:23:40.0204 5856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:23:40.0306 5856 p2pimsvc - ok 09:23:40.0359 5856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 09:23:40.0441 5856 p2psvc - ok 09:23:40.0509 5856 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 09:23:40.0594 5856 Parport - ok 09:23:40.0639 5856 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 09:23:40.0714 5856 partmgr - ok 09:23:40.0759 5856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 09:23:40.0856 5856 PcaSvc - ok 09:23:40.0891 5856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 09:23:40.0974 5856 pci - ok 09:23:40.0991 5856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 09:23:41.0061 5856 pciide - ok 09:23:41.0099 5856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 09:23:41.0181 5856 pcmcia - ok 09:23:41.0219 5856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 09:23:41.0289 5856 pcw - ok 09:23:41.0336 5856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 09:23:41.0511 5856 PEAUTH - ok 09:23:41.0601 5856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 09:23:41.0706 5856 PerfHost - ok 09:23:41.0859 5856 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 09:23:42.0059 5856 pla - ok 09:23:42.0116 5856 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 09:23:42.0209 5856 PlugPlay - ok 09:23:42.0251 5856 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 09:23:42.0284 5856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:23:42.0284 5856 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:23:42.0309 5856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 09:23:42.0406 5856 PNRPAutoReg - ok 09:23:42.0446 5856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:23:42.0521 5856 PNRPsvc - ok 09:23:42.0569 5856 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 09:23:42.0725 5856 PolicyAgent - ok 09:23:42.0787 5856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 09:23:42.0930 5856 Power - ok 09:23:43.0015 5856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 09:23:43.0175 5856 PptpMiniport - ok 09:23:43.0192 5856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 09:23:43.0272 5856 Processor - ok 09:23:43.0322 5856 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 09:23:43.0410 5856 ProfSvc - ok 09:23:43.0452 5856 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:43.0517 5856 ProtectedStorage - ok 09:23:43.0615 5856 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\windows\SysWOW64\PSIService.exe 09:23:43.0672 5856 ProtexisLicensing - ok 09:23:43.0710 5856 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 09:23:43.0872 5856 Psched - ok 09:23:43.0917 5856 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys 09:23:43.0982 5856 PSI - ok 09:23:44.0050 5856 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 09:23:44.0152 5856 QIOMem - ok 09:23:44.0260 5856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 09:23:44.0380 5856 ql2300 - ok 09:23:44.0512 5856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 09:23:44.0587 5856 ql40xx - ok 09:23:44.0630 5856 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 09:23:44.0730 5856 QWAVE - ok 09:23:44.0740 5856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 09:23:44.0845 5856 QWAVEdrv - ok 09:23:44.0865 5856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 09:23:45.0025 5856 RasAcd - ok 09:23:45.0082 5856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 09:23:45.0225 5856 RasAgileVpn - ok 09:23:45.0265 5856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 09:23:45.0420 5856 RasAuto - ok 09:23:45.0457 5856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 09:23:45.0620 5856 Rasl2tp - ok 09:23:45.0685 5856 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 09:23:45.0837 5856 RasMan - ok 09:23:45.0880 5856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 09:23:46.0040 5856 RasPppoe - ok 09:23:46.0055 5856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 09:23:46.0212 5856 RasSstp - ok 09:23:46.0240 5856 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 09:23:46.0395 5856 rdbss - ok 09:23:46.0427 5856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 09:23:46.0527 5856 rdpbus - ok 09:23:46.0557 5856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 09:23:46.0710 5856 RDPCDD - ok 09:23:46.0737 5856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 09:23:46.0885 5856 RDPENCDD - ok 09:23:46.0907 5856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 09:23:47.0055 5856 RDPREFMP - ok 09:23:47.0117 5856 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 09:23:47.0210 5856 RDPWD - ok 09:23:47.0275 5856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 09:23:47.0357 5856 rdyboost - ok 09:23:47.0387 5856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 09:23:47.0542 5856 RemoteAccess - ok 09:23:47.0602 5856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 09:23:47.0752 5856 RemoteRegistry - ok 09:23:47.0785 5856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 09:23:47.0922 5856 RpcEptMapper - ok 09:23:47.0950 5856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 09:23:48.0032 5856 RpcLocator - ok 09:23:48.0085 5856 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:23:48.0232 5856 RpcSs - ok 09:23:48.0287 5856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 09:23:48.0482 5856 rspndr - ok 09:23:48.0565 5856 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys 09:23:48.0662 5856 RSUSBSTOR - ok 09:23:48.0712 5856 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys 09:23:48.0797 5856 RSUSBVSTOR - ok 09:23:48.0895 5856 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 09:23:49.0012 5856 RTL8192Ce - ok 09:23:49.0052 5856 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:23:49.0117 5856 SamSs - ok 09:23:49.0210 5856 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 09:23:49.0262 5856 SASDIFSV - ok 09:23:49.0315 5856 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 09:23:49.0367 5856 SASKUTIL - ok 09:23:49.0400 5856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 09:23:49.0472 5856 sbp2port - ok 09:23:49.0605 5856 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 09:23:49.0695 5856 SBSDWSCService - ok 09:23:49.0737 5856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 09:23:49.0880 5856 SCardSvr - ok 09:23:49.0937 5856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 09:23:50.0090 5856 scfilter - ok 09:23:50.0160 5856 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 09:23:50.0340 5856 Schedule - ok 09:23:50.0382 5856 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:23:50.0537 5856 SCPolicySvc - ok 09:23:50.0580 5856 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 09:23:50.0677 5856 SDRSVC - ok 09:23:50.0752 5856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 09:23:50.0907 5856 secdrv - ok 09:23:50.0945 5856 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 09:23:51.0082 5856 seclogon - ok 09:23:51.0200 5856 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files (x86)\Secunia\PSI\PSIA.exe 09:23:51.0292 5856 Secunia PSI Agent - ok 09:23:51.0340 5856 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files (x86)\Secunia\PSI\sua.exe 09:23:51.0405 5856 Secunia Update Agent - ok 09:23:51.0510 5856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll 09:23:51.0656 5856 SENS - ok 09:23:51.0693 5856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 09:23:51.0791 5856 SensrSvc - ok 09:23:51.0876 5856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 09:23:51.0968 5856 Serenum - ok 09:23:51.0998 5856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 09:23:52.0091 5856 Serial - ok 09:23:52.0136 5856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 09:23:52.0226 5856 sermouse - ok 09:23:52.0278 5856 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 09:23:52.0416 5856 SessionEnv - ok 09:23:52.0433 5856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 09:23:52.0531 5856 sffdisk - ok 09:23:52.0561 5856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 09:23:52.0653 5856 sffp_mmc - ok 09:23:52.0673 5856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 09:23:52.0776 5856 sffp_sd - ok 09:23:52.0818 5856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 09:23:52.0916 5856 sfloppy - ok 09:23:53.0011 5856 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys 09:23:53.0113 5856 Sftfs - ok 09:23:53.0226 5856 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 09:23:53.0293 5856 sftlist - ok 09:23:53.0343 5856 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys 09:23:53.0416 5856 Sftplay - ok 09:23:53.0438 5856 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys 09:23:53.0501 5856 Sftredir - ok 09:23:53.0533 5856 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys 09:23:53.0593 5856 Sftvol - ok 09:23:53.0651 5856 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 09:23:53.0706 5856 sftvsa - ok 09:23:53.0768 5856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 09:23:53.0916 5856 SharedAccess - ok 09:23:53.0966 5856 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 09:23:54.0121 5856 ShellHWDetection - ok 09:23:54.0166 5856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 09:23:54.0233 5856 SiSRaid2 - ok 09:23:54.0261 5856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 09:23:54.0328 5856 SiSRaid4 - ok 09:23:54.0391 5856 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 09:23:54.0526 5856 SkypeUpdate - ok 09:23:54.0553 5856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 09:23:54.0711 5856 Smb - ok 09:23:54.0768 5856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 09:23:54.0853 5856 SNMPTRAP - ok 09:23:54.0871 5856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 09:23:54.0941 5856 spldr - ok 09:23:54.0983 5856 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 09:23:55.0126 5856 Spooler - ok 09:23:55.0331 5856 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 09:23:55.0586 5856 sppsvc - ok 09:23:55.0686 5856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 09:23:55.0823 5856 sppuinotify - ok 09:23:55.0898 5856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 09:23:56.0033 5856 srv - ok 09:23:56.0068 5856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 09:23:56.0181 5856 srv2 - ok 09:23:56.0241 5856 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS 09:23:56.0333 5856 SrvHsfHDA - ok 09:23:56.0416 5856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS 09:23:56.0591 5856 SrvHsfV92 - ok 09:23:56.0754 5856 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS 09:23:56.0849 5856 SrvHsfWinac - ok 09:23:56.0904 5856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 09:23:56.0989 5856 srvnet - ok 09:23:57.0044 5856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 09:23:57.0204 5856 SSDPSRV - ok 09:23:57.0246 5856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 09:23:57.0366 5856 SstpSvc - ok 09:23:57.0416 5856 stdriver (c270c64b4f6ca87dac2d7f68ed57a141) C:\windows\system32\DRIVERS\stdriver64.sys 09:23:57.0481 5856 stdriver - ok 09:23:57.0571 5856 Steam Client Service - ok 09:23:57.0611 5856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 09:23:57.0679 5856 stexstor - ok 09:23:57.0716 5856 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 09:23:57.0821 5856 StillCam - ok 09:23:57.0886 5856 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 09:23:57.0996 5856 stisvc - ok 09:23:58.0029 5856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 09:23:58.0091 5856 swenum - ok 09:23:58.0161 5856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 09:23:58.0299 5856 swprv - ok 09:23:58.0404 5856 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 09:23:58.0529 5856 SynTP - ok 09:23:58.0685 5856 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 09:23:58.0832 5856 SysMain - ok 09:23:58.0932 5856 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 09:23:59.0052 5856 TabletInputService - ok 09:23:59.0095 5856 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 09:23:59.0240 5856 TapiSrv - ok 09:23:59.0280 5856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 09:23:59.0415 5856 TBS - ok 09:23:59.0585 5856 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 09:23:59.0745 5856 Tcpip - ok 09:23:59.0930 5856 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 09:24:00.0060 5856 TCPIP6 - ok 09:24:00.0157 5856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 09:24:00.0315 5856 tcpipreg - ok 09:24:00.0335 5856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 09:24:00.0415 5856 TDPIPE - ok 09:24:00.0457 5856 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 09:24:00.0555 5856 TDTCP - ok 09:24:00.0615 5856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 09:24:00.0757 5856 tdx - ok 09:24:00.0780 5856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 09:24:00.0852 5856 TermDD - ok 09:24:00.0917 5856 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 09:24:01.0075 5856 TermService - ok 09:24:01.0112 5856 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 09:24:01.0195 5856 Themes - ok 09:24:01.0237 5856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:24:01.0367 5856 THREADORDER - ok 09:24:01.0490 5856 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 09:24:01.0555 5856 TosCoSrv - ok 09:24:01.0607 5856 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe 09:24:01.0662 5856 TOSHIBA eco Utility Service - ok 09:24:01.0720 5856 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 09:24:01.0767 5856 TOSHIBA HDD SSD Alert Service - ok 09:24:01.0847 5856 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 09:24:01.0942 5856 tos_sps64 - ok 09:24:01.0995 5856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 09:24:02.0140 5856 TrkWks - ok 09:24:02.0212 5856 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 09:24:02.0357 5856 TrustedInstaller - ok 09:24:02.0400 5856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 09:24:02.0547 5856 tssecsrv - ok 09:24:02.0600 5856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 09:24:02.0677 5856 TsUsbFlt - ok 09:24:02.0687 5856 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 09:24:02.0772 5856 TsUsbGD - ok 09:24:02.0827 5856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 09:24:02.0982 5856 tunnel - ok 09:24:03.0035 5856 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 09:24:03.0100 5856 TVALZ - ok 09:24:03.0120 5856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 09:24:03.0192 5856 uagp35 - ok 09:24:03.0245 5856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 09:24:03.0410 5856 udfs - ok 09:24:03.0460 5856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 09:24:03.0532 5856 UI0Detect - ok 09:24:03.0580 5856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 09:24:03.0652 5856 uliagpkx - ok 09:24:03.0697 5856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 09:24:03.0790 5856 umbus - ok 09:24:03.0822 5856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 09:24:03.0907 5856 UmPass - ok 09:24:04.0112 5856 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:24:04.0282 5856 UNS - ok 09:24:04.0392 5856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 09:24:04.0552 5856 upnphost - ok 09:24:04.0647 5856 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys 09:24:04.0742 5856 USBAAPL64 - ok 09:24:04.0792 5856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 09:24:04.0877 5856 usbccgp - ok 09:24:04.0927 5856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 09:24:05.0012 5856 usbcir - ok 09:24:05.0050 5856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 09:24:05.0147 5856 usbehci - ok 09:24:05.0190 5856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 09:24:05.0297 5856 usbhub - ok 09:24:05.0347 5856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 09:24:05.0442 5856 usbohci - ok 09:24:05.0470 5856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 09:24:05.0572 5856 usbprint - ok 09:24:05.0615 5856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 09:24:05.0712 5856 USBSTOR - ok 09:24:05.0740 5856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 09:24:05.0820 5856 usbuhci - ok 09:24:05.0875 5856 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 09:24:05.0972 5856 usbvideo - ok 09:24:06.0000 5856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 09:24:06.0147 5856 UxSms - ok 09:24:06.0207 5856 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:24:06.0272 5856 VaultSvc - ok 09:24:06.0305 5856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 09:24:06.0370 5856 vdrvroot - ok 09:24:06.0422 5856 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 09:24:06.0582 5856 vds - ok 09:24:06.0615 5856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 09:24:06.0704 5856 vga - ok 09:24:06.0724 5856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 09:24:06.0872 5856 VgaSave - ok 09:24:06.0922 5856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 09:24:07.0007 5856 vhdmp - ok 09:24:07.0034 5856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 09:24:07.0099 5856 viaide - ok 09:24:07.0152 5856 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\windows\system32\DRIVERS\vmnetadapter.sys 09:24:07.0214 5856 VMnetAdapter - ok 09:24:07.0249 5856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 09:24:07.0322 5856 volmgr - ok 09:24:07.0354 5856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 09:24:07.0442 5856 volmgrx - ok 09:24:07.0472 5856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 09:24:07.0559 5856 volsnap - ok 09:24:07.0624 5856 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\windows\system32\DRIVERS\vsdatant.sys 09:24:07.0718 5856 Vsdatant - ok 09:24:07.0808 5856 vsmon - ok 09:24:07.0868 5856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 09:24:07.0940 5856 vsmraid - ok 09:24:08.0035 5856 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 09:24:08.0223 5856 VSS - ok 09:24:08.0328 5856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 09:24:08.0425 5856 vwifibus - ok 09:24:08.0458 5856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 09:24:08.0555 5856 vwififlt - ok 09:24:08.0570 5856 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 09:24:08.0663 5856 vwifimp - ok 09:24:08.0705 5856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 09:24:08.0848 5856 W32Time - ok 09:24:08.0883 5856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 09:24:08.0980 5856 WacomPen - ok 09:24:09.0075 5856 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:24:09.0228 5856 WANARP - ok 09:24:09.0245 5856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:24:09.0368 5856 Wanarpv6 - ok 09:24:09.0475 5856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 09:24:09.0598 5856 WatAdminSvc - ok 09:24:09.0688 5856 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 09:24:09.0840 5856 wbengine - ok 09:24:09.0950 5856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 09:24:10.0050 5856 WbioSrvc - ok 09:24:10.0083 5856 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 09:24:10.0190 5856 wcncsvc - ok 09:24:10.0225 5856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 09:24:10.0305 5856 WcsPlugInService - ok 09:24:10.0363 5856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 09:24:10.0435 5856 Wd - ok 09:24:10.0488 5856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 09:24:10.0595 5856 Wdf01000 - ok 09:24:10.0628 5856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:24:10.0730 5856 WdiServiceHost - ok 09:24:10.0738 5856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:24:10.0820 5856 WdiSystemHost - ok 09:24:10.0855 5856 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 09:24:10.0965 5856 WebClient - ok 09:24:11.0000 5856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 09:24:11.0155 5856 Wecsvc - ok 09:24:11.0185 5856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 09:24:11.0318 5856 wercplsupport - ok 09:24:11.0348 5856 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 09:24:11.0493 5856 WerSvc - ok 09:24:11.0563 5856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 09:24:11.0700 5856 WfpLwf - ok 09:24:11.0740 5856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 09:24:11.0810 5856 WIMMount - ok 09:24:11.0860 5856 WinDefend - ok 09:24:11.0878 5856 WinHttpAutoProxySvc - ok 09:24:11.0945 5856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 09:24:12.0080 5856 Winmgmt - ok 09:24:12.0188 5856 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 09:24:12.0390 5856 WinRM - ok 09:24:12.0528 5856 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 09:24:12.0610 5856 WinUsb - ok 09:24:12.0686 5856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 09:24:12.0821 5856 Wlansvc - ok 09:24:12.0906 5856 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:24:12.0969 5856 wlcrasvc - ok 09:24:13.0164 5856 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:24:13.0311 5856 wlidsvc - ok 09:24:13.0429 5856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 09:24:13.0521 5856 WmiAcpi - ok 09:24:13.0601 5856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 09:24:13.0704 5856 wmiApSrv - ok 09:24:13.0769 5856 WMPNetworkSvc - ok 09:24:13.0816 5856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 09:24:13.0894 5856 WPCSvc - ok 09:24:13.0919 5856 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 09:24:14.0029 5856 WPDBusEnum - ok 09:24:14.0061 5856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 09:24:14.0201 5856 ws2ifsl - ok 09:24:14.0241 5856 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll 09:24:14.0339 5856 wscsvc - ok 09:24:14.0381 5856 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys 09:24:14.0469 5856 WSDPrintDevice - ok 09:24:14.0476 5856 WSearch - ok 09:24:14.0619 5856 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 09:24:14.0779 5856 wuauserv - ok 09:24:14.0896 5856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 09:24:15.0056 5856 WudfPf - ok 09:24:15.0089 5856 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 09:24:15.0244 5856 WUDFRd - ok 09:24:15.0286 5856 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 09:24:15.0426 5856 wudfsvc - ok 09:24:15.0451 5856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 09:24:15.0564 5856 WwanSvc - ok 09:24:15.0634 5856 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 09:24:16.0692 5856 \Device\Harddisk0\DR0 - ok 09:24:16.0722 5856 Boot (0x1200) (a33f24941161d842fbb88a41471599df) \Device\Harddisk0\DR0\Partition0 09:24:16.0727 5856 \Device\Harddisk0\DR0\Partition0 - ok 09:24:16.0727 5856 ============================================================ 09:24:16.0727 5856 Scan finished 09:24:16.0727 5856 ============================================================ 09:24:16.0745 4084 Detected object count: 5 09:24:16.0745 4084 Actual detected object count: 5 09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:24:47.0264 3096 Deinitialize success Computer seems to be the same which is normally ok but occasionally acting weird when I type or slow in Outbook and browsers. Still want to do whatever is needed to clean up system before changing passwords. Thank you for your time and assistance, Wanda

Ok, I followed your instructions to delete ComboFix and run the ESET scan. Below is the ESET scan log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-05 05:55:40 # local_time=2012-07-05 12:55:40 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 93051012 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776893 100 13 9875505 21757042 0 0 # scanned=29920 # found=0 # cleaned=0 # scan_time=3379 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-05 08:01:13 # local_time=2012-07-05 03:01:13 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 93054522 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776573 100 13 9879015 21760552 0 0 # scanned=9658 # found=0 # cleaned=0 # scan_time=7402 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-05 10:07:50 # local_time=2012-07-05 05:07:50 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 93061999 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776893 100 13 9886492 21768029 0 0 # scanned=315511 # found=1 # cleaned=1 # scan_time=7521 C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Computer seems better normally but still occasionally very slow in typing and bringing up Outlook messages or browser pages. Any other scans you want me to do. I want to do anything I can to make the system as clean as possible before changing passwords and doing financial transactions on this laptop. Thank you for your help, Wanda

I found out about a week ago that someone from Poland logged into my Yahoo mail account and sent spam messages to all of my online contacts. I have been working through this forum to help clean up my laptop which is my main computer. I had my son scan his computer's full disk drive to see what viruses his had since I occasionally use his computer. He wrote on a piece of paper that the scan found pup.bundleoffers.IIQ and pup.bundleIstaller.BT viruses. I don't know what software he used and he is gone for a week so I cannot aske him to post the log. I just ran a full disk scan with Malwarebytes and it didn't find any current viruses. The log for it is below: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: DELL-DESKTOP [administrator] 7/5/2012 9:18:23 AM mbam-log-2012-07-05 (09-18-23).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 632954 Time elapsed: 1 hour(s), 54 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) However, I know from trying to clean up all the viruses on my laptop that the clean Malwarebytes report doesn't always mean that their is no rootkit or other deeper viruses. I would like this forum's help to also verify there is no viruses on my son's desktop. Below is his DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Wanda at 15:05:40 on 2012-07-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4050 [GMT -5:00] . AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\System32\GfxUI.exe C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uStart Page = hxxp://verizon.yahoo.com uWindow Title = Windows Internet Explorer provided by Yahoo! uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Verizon Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [WinPatrol [FREE Edition]] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI3DFC~1\OFFICE11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\www.update DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ra.fanniemae.com/InternalSite/WhlCompMgr.cab DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} - hxxp://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9624504E-F0FC-447F-B3B9-E23AF0FF6045} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File BHO-X64: McAfee Phishing Filter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Verizon Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun-x64: [WinPatrol [FREE Edition]] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49} IE-X64: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-07-03 21:07:41 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAC5B21C-37A0-437F-B6E2-D061FE789F26}\mpengine.dll 2012-07-02 19:37:59 -------- d-----w- C:\Users\Wanda\AppData\Local\Sony 2012-07-02 19:30:26 -------- d-----w- C:\Users\Wanda\AppData\Roaming\Roxio Log Files 2012-07-02 17:21:56 -------- d-----w- C:\Users\Wanda\AppData\Roaming\PDAppFlex 2012-07-01 13:05:45 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2012-07-01 13:05:32 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-06-26 13:32:17 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-06-25 21:17:28 -------- d-----w- C:\Windows\SysWow64\directx 2012-06-25 16:46:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-25 16:45:43 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-25 16:45:19 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-25 16:45:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-22 20:18:24 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-18 21:29:09 -------- d-----w- C:\Program Files (x86)\The Game Creators 2012-06-14 18:00:22 -------- d-----r- C:\Program Files (x86)\Skype 2012-06-14 01:37:48 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 01:37:48 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 01:37:48 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 01:36:52 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 01:36:26 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 01:36:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 01:36:25 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 01:35:56 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 01:35:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 01:35:01 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 01:35:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 01:34:39 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 01:34:39 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 01:34:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 01:34:39 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 01:34:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 01:34:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-12 17:13:43 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6 2012-06-12 15:48:26 -------- d-----w- C:\ProgramData\Verizon 2012-06-12 15:38:25 -------- d-----w- C:\Program Files (x86)\Verizon 2012-06-11 16:03:42 -------- d-----w- C:\Program Files (x86)\Port Forwarding Wizard 2012-06-11 15:06:34 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-06-11 14:59:40 -------- d-----w- C:\Program Files (x86)\NCH Software 2012-06-11 14:45:19 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant 2012-06-09 21:56:44 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . ==================== Find3M ==================== . 2012-07-02 00:42:17 70344 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-02 00:42:17 426184 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-28 16:33:25 98304 ------w- C:\Windows\SysWow64\CmdLineExt.dll 2012-05-18 03:07:39 772552 ------w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-18 03:07:39 687560 ------w- C:\Windows\SysWow64\deployJava1.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-05 20:11:11 8769696 ------w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 23:32:56 839056 ----a-w- C:\Windows\System32\deployJava1.dll . ============= FINISH: 15:11:42.80 =============== Here is the attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/24/2011 5:00:40 PM System Uptime: 7/5/2012 3:00:15 PM (0 hours ago) . Motherboard: Dell Inc. | | 0C2KJT Processor: Intel® Core i3 CPU 550 @ 3.20GHz | CPU 1 | 1184/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 802.78 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart Premium C309g-m Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart Premium C309g-m PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Help Manager Adobe Reader X (10.1.3) AnswerWorks 5.0 English Runtime Belkin F6D4050 Enhanced Wireless USB Adapter BufferChm C309g-m Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement CRT-71 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Online Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Stage Destinations DeviceDiscovery DiskCheckup v3.0.1006 eReg Evernote v. 4.5.4 GPBaseService2 HP Update HPDiagnosticAlert HPPhotoGadget hpPrintProjects HPProductAssistant hpWLPGInstaller HyperCam 2 IBM Installation Manager InstallIQ Updater Intel® Graphics Media Accelerator Driver Internet Explorer Java Auto Updater Java 6 Update 33 Java 7 Update 5 Junk Mail filter update LogMeIn Hamachi MailStore Home 4.2.0.5431 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Access 2010 Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Home Publishing 2000 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Standard Edition 2003 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft XNA Framework Redistributable 4.0 microsoft.vs6 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB973685) msxml4sys32 Multimedia Card Reader Norton Security Scan Picasa 3 Portal PS_AIO_06_C309g-m_SW_Min RCT3 Soaked Realtek High Definition Audio Driver Redist RollerCoaster Tycoon 3 RummyRoyal.com Scan Secunia PSI (2.0.0.3001) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Skype™ 5.10 SmartWebPrinting SolutionCenter SpywareBlaster 4.4 sqaote32 Status Steam SugarSync Manager Terraria Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition VC 9.0 Runtime Ventrilo Client Verizon Media Manager Verizon Yahoo! Applications VideoPad Video Editor VLC media player 2.0.1 WavePad Sound Editor WeatherBug WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Movie Maker 2.6 Windows SDK IntellisenseNFX WinRAR 4.11 (32-bit) ZoneAlarm Antivirus ZoneAlarm DataLock ZoneAlarm Extreme Security ZoneAlarm Firewall ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 7/5/2012 3:11:53 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 7/5/2012 3:04:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/4/2012 1:00:23 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 7/4/2012 1:00:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 7/4/2012 1:00:21 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/3/2012 4:02:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.902.0). 7/3/2012 3:52:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 7/3/2012 3:52:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 7/2/2012 6:57:27 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.8 did not allow the name to be claimed by this computer. 7/2/2012 1:41:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/1/2012 8:06:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. 7/1/2012 8:06:19 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/1/2012 8:05:46 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/1/2012 8:02:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IBM Rational ClearQuest Mail Service service to connect. 7/1/2012 8:02:25 AM, Error: Service Control Manager [7000] - The IBM Rational ClearQuest Mail Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/1/2012 7:38:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect. 7/1/2012 7:38:17 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/30/2012 3:37:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TOSHIBALAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9624504E-F0FC-447F-B3B9-E23AF0FF6045}. The master browser is stopping or an election is being forced. 6/29/2012 2:28:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect. 6/29/2012 2:28:15 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== My son has been complaining the computer has been slower than normal the past few weeks but I don't have any details. Thank you for your time in helping me, Wanda

Sorry I forgot the system update part. Things seem to be better but still don't know if everything is removed that I feel safe enough to change all our passwords again. I don't want to do this until I am confident that all malware is removed. Is there any more steps that you suggest to do? Wanda

Combofix ran much faster this time. Here is the latest Combofix Log: ComboFix 12-07-04.02 - Wanda 07/04/2012 9:51.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2364 [GMT -5:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe Command switches used :: c:\users\Wanda\Desktop\CFScript.txt FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . FILE :: "c:\windows\SysWow64\sho6CD8.tmp" "c:\windows\SysWow64\sho6F85.tmp" "c:\windows\SysWow64\sho938B.tmp" "c:\windows\SysWow64\sho9C50.tmp" "c:\windows\SysWow64\sho9D1F.tmp" "c:\windows\SysWow64\sho9DC7.tmp" "c:\windows\SysWow64\sho9E72.tmp" "c:\windows\SysWow64\shoB674.tmp" "c:\windows\SysWow64\shoDFC.tmp" "c:\windows\SysWow64\TempWmicBatchFile.bat" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanda\AppData\Local\Temp\IswTmp\WH\0 c:\windows\SysWow64\sho6CD8.tmp c:\windows\SysWow64\sho6F85.tmp c:\windows\SysWow64\sho938B.tmp c:\windows\SysWow64\sho9C50.tmp c:\windows\SysWow64\sho9D1F.tmp c:\windows\SysWow64\sho9DC7.tmp c:\windows\SysWow64\sho9E72.tmp c:\windows\SysWow64\shoB674.tmp c:\windows\SysWow64\shoDFC.tmp c:\windows\SysWow64\TempWmicBatchFile.bat . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Ben\AppData\Local\temp 2012-07-02 23:40 . 2012-07-02 23:40 -------- d-----w- c:\users\Wanda\AppData\Roaming\Notepad++ 2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\program files (x86)\Roblox 2012-07-01 03:56 . 2012-07-01 04:14 -------- d-----w- C:\MGtools 2012-07-01 03:34 . 2012-07-01 03:34 -------- d-----w- c:\program files\HitmanPro 2012-07-01 03:33 . 2012-07-01 03:36 -------- d-----w- c:\programdata\HitmanPro 2012-06-30 21:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 21:48 . 2012-06-30 21:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-30 21:12 . 2012-06-30 21:14 -------- d-----w- c:\users\Ben\AppData\Local\LogMeIn Hamachi 2012-06-27 15:42 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-06-27 15:42 . 2012-06-27 15:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-27 00:17 . 2012-06-27 00:17 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-06-23 14:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 14:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 14:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 14:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 14:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 14:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 14:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 14:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 14:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-12 21:34 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-06-12 18:39 . 2012-06-12 18:40 -------- d-----w- c:\program files (x86)\WILLPower 2012-06-12 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-12 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-12 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-12 18:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 18:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-12 18:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-12 18:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-12 18:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 18:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-12 18:14 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-12 18:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-12 18:14 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-12 18:14 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 18:14 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-12 18:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-12 18:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-12 18:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-11 20:37 . 2012-06-16 22:51 -------- d-----w- c:\users\Wanda\AppData\Local\Roblox 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-11 16:15 . 2012-06-11 16:15 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 04:09 . 2012-04-04 19:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 04:09 . 2011-11-01 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-31 04:04 . 2012-07-03 18:55 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BA1B10-8E68-4203-A62D-48E9A7AEB2B9}\mpengine.dll 2012-05-16 15:07 . 2012-05-16 04:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-16 15:07 . 2012-05-16 04:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-12 21:49 . 2012-05-12 21:49 180224 ----a-w- c:\windows\SysWow64\qtcf.dll 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((( SnapShot@2012-07-04_00.34.12 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-04 15:11 . 2012-07-04 15:11 14193 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-07-04 00:31 . 2012-07-04 00:31 14193 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-07-04 00:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-04 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-04 15:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-04 00:32 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-04 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-04 00:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-07-04 15:14 85684 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-04 15:14 56924 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-03 22:00 . 2012-07-04 15:14 21914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1544447177-2405547552-1170279638-1001_UserData.bin + 2011-07-03 18:53 . 2012-07-04 01:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-03 18:53 . 2012-07-03 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-03 18:53 . 2012-07-04 01:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-07-03 18:53 . 2012-07-03 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-03 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-04 01:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-05 16:47 . 2012-07-04 01:13 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat - 2011-07-05 16:47 . 2012-07-03 23:43 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat - 2012-07-04 00:31 . 2012-07-04 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-04 15:11 . 2012-07-04 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-04 15:11 . 2012-07-04 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-04 00:31 . 2012-07-04 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-05 20:48 . 2012-07-04 15:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-07-05 20:48 . 2012-07-04 00:15 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-07-04 22:09 . 2012-07-04 01:20 252118 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-07-03 22:05 668082 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-04 14:24 668082 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-03 22:05 124462 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-04 14:24 124462 c:\windows\system32\perfc009.dat + 2011-10-28 23:08 . 2012-07-04 01:54 269880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-07-04 15:11 465884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-04 00:31 465884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-07-03 23:49 . 2012-07-04 00:31 8965492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1544447177-2405547552-1170279638-1001-12288.dat + 2011-07-03 23:49 . 2012-07-04 15:11 8965492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1544447177-2405547552-1170279638-1001-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-16 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 04:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "ISW"="" [bU] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,93,dd,a3,7f,64,bd,44,80,5a,41,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\SUGARSYNC\SUGARSYNCMANAGER.EXE . ************************************************************************** . Completion time: 2012-07-04 10:26:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 15:26 ComboFix2.txt 2012-07-04 00:46 . Pre-Run: 131,955,625,984 bytes free Post-Run: 131,288,051,712 bytes free . - - End Of File - - B6176D2F6EAC306BA34B7150A18F39BA Happy 4th of July!!! Wanda

Wow it took around 3 hours to scan my PC with ComboFix!!!! I thought I had stopped all my antivirus and antispyware programs that was interfering with it. Since the wireless internet connection was stopped, I even killed the firewall which sped up the last 10 or so steps. It did finish and here is the log. ComboFix 12-07-02.01 - Wanda 07/03/2012 16:31:45.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2462 [GMT -5:00] Running from: c:\users\Wanda\Desktop\ComboFix.exe FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Wanda\Documents\~WRL0002.tmp c:\users\Wanda\Documents\~WRL0004.tmp c:\users\Wanda\Documents\~WRL2606.tmp c:\users\Wanda\Documents\~WRL2629.tmp c:\users\Wanda\WINDOWS c:\users\Zachary\mcedit-uninstall.exe c:\windows\iun6002.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Zachary\AppData\Local\temp 2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Ben\AppData\Local\temp 2012-07-02 23:40 . 2012-07-02 23:40 -------- d-----w- c:\users\Wanda\AppData\Roaming\Notepad++ 2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\program files (x86)\Roblox 2012-07-01 03:56 . 2012-07-01 04:14 -------- d-----w- C:\MGtools 2012-07-01 03:34 . 2012-07-01 03:34 -------- d-----w- c:\program files\HitmanPro 2012-07-01 03:33 . 2012-07-01 03:36 -------- d-----w- c:\programdata\HitmanPro 2012-06-30 21:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 21:48 . 2012-06-30 21:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-30 21:12 . 2012-06-30 21:14 -------- d-----w- c:\users\Ben\AppData\Local\LogMeIn Hamachi 2012-06-27 15:42 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-06-27 15:42 . 2012-06-27 15:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-27 00:17 . 2012-06-27 00:17 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-06-23 14:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 14:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 14:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 14:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 14:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 14:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 14:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 14:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 14:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-12 21:34 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-06-12 18:39 . 2012-06-12 18:40 -------- d-----w- c:\program files (x86)\WILLPower 2012-06-12 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-12 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-12 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-12 18:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 18:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-12 18:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-12 18:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-12 18:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 18:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-12 18:14 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-12 18:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-12 18:14 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-12 18:14 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 18:14 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-12 18:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-12 18:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-12 18:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-11 20:37 . 2012-06-16 22:51 -------- d-----w- c:\users\Wanda\AppData\Local\Roblox 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-11 16:15 . 2012-06-11 16:15 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-04 00:15 . 2011-08-27 14:45 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat 2012-06-23 04:09 . 2012-04-04 19:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 04:09 . 2011-11-01 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-31 04:04 . 2012-07-03 18:55 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BA1B10-8E68-4203-A62D-48E9A7AEB2B9}\mpengine.dll 2012-05-26 23:58 . 2012-05-26 23:58 0 ----a-w- c:\windows\SysWow64\sho9DC7.tmp 2012-05-16 22:43 . 2012-05-16 22:43 0 ----a-w- c:\windows\SysWow64\shoDFC.tmp 2012-05-16 15:07 . 2012-05-16 04:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-16 15:07 . 2012-05-16 04:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-12 21:49 . 2012-05-12 21:49 180224 ----a-w- c:\windows\SysWow64\qtcf.dll 2012-05-09 23:12 . 2012-05-09 23:12 0 ----a-w- c:\windows\SysWow64\sho9E72.tmp 2012-05-06 21:29 . 2012-05-06 21:29 0 ----a-w- c:\windows\SysWow64\sho9C50.tmp 2012-05-05 14:32 . 2012-05-05 14:32 0 ----a-w- c:\windows\SysWow64\shoB674.tmp 2012-04-22 21:31 . 2012-04-22 21:31 0 ----a-w- c:\windows\SysWow64\sho938B.tmp 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-16 15:36 . 2012-04-16 15:36 0 ----a-w- c:\windows\SysWow64\sho6F85.tmp 2012-04-10 23:37 . 2012-04-10 23:37 0 ----a-w- c:\windows\SysWow64\sho6CD8.tmp 2012-04-07 22:30 . 2012-04-07 22:30 0 ----a-w- c:\windows\SysWow64\sho9D1F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-16 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 04:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job - c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job - c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe Wow6432Node-HKLM-Run-NWEReboot - (no file) Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-ISW - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-CraftBukkit - 0:\users\Zachary\Desktop\Server starter\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39, ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59, 8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,93,dd,a3,7f,64,bd,44,80,5a,41,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\SUGARSYNC\SUGARSYNCMANAGER.EXE c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe c:\windows\SysWOW64\rundll32.exe c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2012-07-03 19:46:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 00:46 . Pre-Run: 131,780,608,000 bytes free Post-Run: 130,767,613,952 bytes free . - - End Of File - - 4940ECE7922FADF39611BCA94B25301F I haven't had much freetime on the computer today to see the differences after the scan run since fireworks are calling. It seems to be a bit better in regular typing like this email. I don't have much time to log on to lots of websites and test the password logon being slower idea. Makes me wonder what was up with the very slow scan runtime though. Wanda

Here is an updated MBAM log. I ran a full disk scan because I wanted to make sure nothing was found anywhere. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 7/2/2012 5:23:53 PM mbam-log-2012-07-02 (17-23-53).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 550053 Time elapsed: 2 hour(s), 44 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Even though the scan found no malware, I still feel at times that my keystrokes are delayed so wonder if a keystroke logger is still on the computer. The browser seems to come up slow too. Is there any other utility I should run? Thank you for your help, Wanda

I found out yesterday that my online Yahoo mail account was hacked by someone in Poland and they sent spam mail to everyone on my online contact list. I immediately changed my Yahoo mail password and ran Malwarebytes on the full disk. It found 2 viruses. Below is the log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.28.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanda :: TOSHIBALAPTOP [administrator] 6/28/2012 11:57:32 AM mbam-log-2012-06-28 (11-57-32).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 606693 Time elapsed: 2 hour(s), 56 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Zachary\Downloads\beer-pong.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully. (end) I quarantined and deleted the files from my computer and rebooted the system. I don't know if these two viruses were able to capture my mail password or if there is something else still on the computer. I am wanting to change all my passwords in case anything else was obtained but don't want to do it until I am sure there is nothing else on my system. Below is the reports from the dds.com program: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Wanda at 14:55:51 on 2012-06-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1740 [GMT -5:00] . AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Prey\platform\windows\cronsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\SysWOW64\PSIService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\vssvc.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k swprv C:\windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\DllHost.exe C:\windows\system32\svchost.exe -k HPService C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://start.toshiba.com/g/ uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [Google Update] "C:\Users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [NWEReboot] mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com Trusted Zone: metlife.com\mybenefits Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com\download DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{07B503F0-69D1-418D-B7C9-9AB8B8DF3E4A} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3747888A-9252-4A1E-AB08-0CF43D921E1E} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun-x64: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [NWEReboot] mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960] R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672] R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-10-19 827520] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-10-20 2823512] R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-7-1 301720] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-5 1153368] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-22 2656280] R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS\stdriver64.sys [?] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-22 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056] S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-22 136176] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?] S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-29 13:46:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F418457-66F5-46A5-9332-351968B5841F}\mpengine.dll 2012-06-27 15:42:48 33856 ---ha-w- C:\windows\System32\hamachi.sys 2012-06-27 15:42:42 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-06-27 00:17:58 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-06-23 14:56:29 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-23 14:56:01 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-23 14:55:46 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-23 14:55:46 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-12 21:34:59 748664 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2012-06-12 18:39:56 -------- d-----w- C:\Program Files (x86)\WILLPower 2012-06-12 18:17:10 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-06-12 18:17:10 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-06-12 18:17:10 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-06-12 18:16:15 209920 ----a-w- C:\windows\System32\profsvc.dll 2012-06-12 18:15:49 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-06-12 18:15:49 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-06-12 18:15:48 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-06-12 18:15:20 3146752 ----a-w- C:\windows\System32\win32k.sys 2012-06-12 18:14:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-06-12 18:14:26 3216384 ----a-w- C:\windows\System32\msi.dll 2012-06-12 18:14:26 2342400 ----a-w- C:\windows\SysWow64\msi.dll 2012-06-12 18:14:04 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2012-06-12 18:14:04 1462272 ----a-w- C:\windows\System32\crypt32.dll 2012-06-12 18:14:04 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-06-12 18:14:04 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-06-12 18:14:04 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-06-12 18:14:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-06-11 20:37:46 -------- d-----w- C:\Users\Wanda\AppData\Local\Roblox 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-03 15:48:54 -------- d-----w- C:\Program Files (x86)\NetBeans 7.1.2 2012-06-03 15:33:54 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-03 15:33:19 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-06-29 19:53:33 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat 2012-06-23 04:09:19 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 04:09:19 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-05-31 22:00:32 2828 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys 2012-05-26 23:58:54 0 ----a-w- C:\windows\SysWow64\sho9DC7.tmp 2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-05-16 22:43:01 0 ----a-w- C:\windows\SysWow64\shoDFC.tmp 2012-05-16 15:07:47 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2012-05-16 15:07:47 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-05-12 21:49:00 180224 ----a-w- C:\windows\SysWow64\qtcf.dll 2012-05-09 23:12:50 0 ----a-w- C:\windows\SysWow64\sho9E72.tmp 2012-05-06 21:29:08 0 ----a-w- C:\windows\SysWow64\sho9C50.tmp 2012-05-05 14:32:55 0 ----a-w- C:\windows\SysWow64\shoB674.tmp 2012-04-22 21:31:08 0 ----a-w- C:\windows\SysWow64\sho938B.tmp 2012-04-19 01:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2012-04-16 15:36:09 0 ----a-w- C:\windows\SysWow64\sho6F85.tmp 2012-04-10 23:37:01 0 ----a-w- C:\windows\SysWow64\sho6CD8.tmp 2012-04-07 22:30:11 0 ----a-w- C:\windows\SysWow64\sho9D1F.tmp 2012-04-04 23:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-04-03 23:09:56 0 ----a-w- C:\windows\SysWow64\sho3025.tmp 2012-04-01 21:32:53 0 ----a-w- C:\windows\SysWow64\sho4CAC.tmp . ============= FINISH: 15:00:41.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/3/2011 3:18:05 PM System Uptime: 6/29/2012 2:32:42 PM (1 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 2000/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 114.369 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . Class GUID: Description: DesignJet 500+HPGL2 (C7770B) Device ID: ROOT\MULTIFUNCTION\0002 Manufacturer: Name: DesignJet 500+HPGL2 (C7770B) PNP Device ID: ROOT\MULTIFUNCTION\0002 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0003 Manufacturer: HP Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0003 Service: . Class GUID: Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0004 Manufacturer: Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0004 Service: . Class GUID: Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0005 Manufacturer: Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0005 Service: . Class GUID: Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0006 Manufacturer: Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0006 Service: . ==== System Restore Points =================== . RP203: 6/12/2012 4:34:25 PM - Windows Update RP204: 6/15/2012 11:18:24 PM - Removed FreeRIP Toolbar v5.9. RP205: 6/19/2012 11:28:52 AM - Windows Update RP206: 6/22/2012 12:19:32 PM - Windows Update RP207: 6/23/2012 9:55:01 AM - Windows Update RP208: 6/26/2012 8:18:23 AM - Windows Update RP209: 6/26/2012 7:17:00 PM - Installed Microsoft XNA Framework Redistributable 4.0 RP210: 6/29/2012 8:45:01 AM - Windows Update . ==== Installed Programs ====================== . . WILLPower Adobe AIR Adobe Digital Editions Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.6 Amazon Kindle Amazon MP3 Downloader 1.0.15 Any Video Converter Professional 3.3.0 Apple Application Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Best Buy pc app Brain Workshop 4.8.1 BufferChm C309g-m Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system ConverterLite 0.1 Corel Paint Shop Pro Photo X2 Coupon Printer for Windows CraftBukkit D3DX10 Debut Video Capture Software Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Online eMusic Download Manager 5.0.1 Express Burn Disc Burning Software ffdshow [rev 2527] [2008-12-19] Finale 2012 Finale NotePad 2003a Fraps Free M4a to MP3 Converter 6.2 Google Chrome Google Update Helper GSP Sudoku HP Update HPPhotoGadget hpWLPGInstaller HyperCam 2 Image Inc. 1.2 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iSEEK AnswerWorks English Runtime Java Auto Updater Java™ 6 Update 32 Java™ SE Development Kit 6 Update 32 JavaFX 2.1.0 Junk Mail filter update Kuriuz 1.5.1 Label@Once 1.0 Lightworks Livebrush Lite LogMeIn Hamachi MailStore Home 4.2.0.5431 Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft Home Publishing 2000 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Standard Edition 2003 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 4.0 Mobipocket Reader 6.2 MotionDV STUDIO 5.6E LE for DV MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nero Suite NetBeans IDE 7.1.2 Notepad++ OpenAL OpenWith (Enhanced) OverDrive Media Console Panasonic DVC USB Driver PC Tune-Up Picasa 3 PlayReady PC Runtime x86 Portal PrimoPDF -- brought to you by Nitro PDF Software PS_AIO_06_C309g-m_SW_Min Quick Movie Magic 1.0E Quicken 2011 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek USB 2.0 Reader Driver Realtek WLAN Driver Roblox for Wanda Rummy.com RummyRoyal.com Safari Scan Secunia PSI (2.0.0.3003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Click to Call Skype™ 5.8 SmartMusic 2012a SmartMusic Content (shared music files) SmartMusic for Essential Elements 2000 Strings Book 1 Student Edition Spybot - Search & Destroy SpywareBlaster 4.6 SSA Benefit Calculator Steam SugarSync Manager swMSM SyncBack Tabula Digita DimensionU Games Terraria Toolbox Torchlight Demo TOSHIBA Application Installer TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Wireless LAN Indicator Tube Toolbox TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC 9.0 Runtime Ventrilo Client Vivitar Experience Image Manager vReveal 3 WavePad Sound Editor WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.01 (32-bit) WinX Free DVD Ripper 4.5.14 Wizard101 XSplit ZoneAlarm Antivirus ZoneAlarm DataLock ZoneAlarm Extreme Security ZoneAlarm Firewall ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 6/29/2012 9:39:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELL-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3747888A-9252-4A1E-AB08-0CF43D921E1E}. The master browser is stopping or an election is being forced. 6/29/2012 2:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/29/2012 2:33:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: InCDPass 6/29/2012 2:33:20 PM, Error: Service Control Manager [7000] - The InCD Helper service failed to start due to the following error: The system cannot find the file specified. 6/29/2012 2:33:20 PM, Error: Service Control Manager [7000] - The InCD Helper (read only) service failed to start due to the following error: The system cannot find the file specified. 6/29/2012 2:32:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\incdrm.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/29/2012 2:32:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\InCDPass.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/29/2012 2:32:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\InCDrec.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/28/2012 9:20:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 6/28/2012 8:01:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 6/27/2012 5:32:53 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. 6/27/2012 10:43:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. 6/27/2012 10:43:02 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/27/2012 10:42:49 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/26/2012 7:11:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 6/26/2012 7:11:00 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/24/2012 9:24:44 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 6/24/2012 2:00:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 6/23/2012 11:45:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 6/23/2012 11:45:44 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/22/2012 2:19:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. . ==== End Of File =========================== Thank you for your time and effort to help me. Wanda

I have created a new clean system restore point. I planned on keeping Spybot and MBAM. I have Windows Update on automatic and make sure it runs on a regular basis. Since I have McAfee firewall, I have Windows Firewall turned off. I have McAfee viruscan always turned on and updated automatically. I scan the entire system every Wednesday. I will add the other scanners to my Wednesday routine. I will look at the other recommended programs to see what additional layers of protection I want to add. My McAfee subscription renewal is coming up in September so I will look at your firewall recommendation also. Thank you for your help and advice on preventing potention future virus problems.

Jean, I thought we were done with fixes since there was no symptoms so I turned TeaTimer back on. It is now off again. Here is the latest no errors MBAM log: Malwarebytes' Anti-Malware 1.20 Database version: 963 Windows 5.1.2600 Service Pack 2 9:21:32 AM 7/18/2008 mbam-log-7-18-2008 (09-21-32).txt Scan type: Quick Scan Objects scanned: 44044 Time elapsed: 7 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Recommended HiJack This fixes were made. Here is a new HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:11 AM, on 7/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://*.mcafee.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195923650390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196028046968 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe -- End of file - 7660 bytes Thank you for you help. Is there any other fixes that need to be done?

Yes, I am having no symptoms after the last fixes. McAfee full scan was clear yesterday. MBAM is still clear today. No pop-up symptoms at all. Here is a last HJT log that you requested. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:19:53 PM, on 7/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://*.mcafee.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195923650390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196028046968 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe -- End of file - 7901 bytes Thank you for all your help.