Ads playing in background of PC

TiffGail · June 25, 2012

There are ads playing in the background of my computer,, Help!!! Please.. Idk where I should post this.

gringo_pr · June 25, 2012

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

Please download

DeFogger to your desktop.
Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Security Check

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
[*]A window will open instructing you save & post the logs
[*]Save the logs to a convenient place such as your desktop
[*]Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

TiffGail · June 26, 2012

Security check will not let me run it.. it says it could do harm and not letting me open it

TiffGail · June 26, 2012

Ok, Nevermind.. I chose to run it anyway..

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 26

Java version out of Date!

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

TiffGail · June 26, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by June at 10:17:38 on 2012-06-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2303 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Shop To Win\ShopToWin.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

C:\Users\June\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\splwow64.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.insightbb.com/

uURLSearchHooks: H - No File

uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll

uURLSearchHooks: FCToolbarURLSearchHook Class: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files (x86)\Shop to Win 29\Helper.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll

BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Shop to Win: {5abd6c72-ffd7-b634-a92b-d77d5960e009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll

BHO: Superfish: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SuperFish\Superfish.dll

BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: VideoFileDownload: {9194649f-7143-4308-90c1-d6a35b0e354e} - C:\Program Files (x86)\OApps\bho_project.dll

BHO: Mighty Magoo Text: {97e74a14-e5f1-40cc-9b0f-0d11946e5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll

TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe

uRun: [PCShowServer] "C:\Users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h

mRun: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SuperFish\Superfish.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{817F7676-B2EF-46C7-8D49-265CE9F30C90} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8C972CA1-E083-4FFB-8137-3846DBC9E974} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll

BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO-X64: PriceGong - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Shop to Win: {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files (x86)\Shop to Win 29\Shop to Win 29.dll

BHO-X64: FCTBPos00Pos - No File

BHO-X64: Superfish: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SuperFish\Superfish.dll

BHO-X64: Superfish - No File

BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll

BHO-X64: Funmoods Helper Object - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll

BHO-X64: BHO_PROJECT - No File

BHO-X64: Mighty Magoo Text: {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll

BHO-X64: Mighty Magoo Text - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll

TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {8413196D-E290-4418-B5C6-A3B1379A909C} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h

mRun-x64: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-5 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-7-14 22072]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416]

R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-10-5 109168]

R2 RecipeHub_2jService;Recipe HubService;C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-26 13:42:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll

2012-06-25 07:22:57 -------- d-----w- C:\Windows\Microsoft Antimalware

2012-06-25 04:16:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-25 02:59:35 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-25 02:52:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-25 02:52:25 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-25 02:51:50 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-25 02:51:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-25 02:48:25 20480 ----a-w- C:\Windows\svchost.exe

2012-06-25 02:04:06 20480 ----a-w- C:\Windows\svchost(184).exe

2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4F00.tmp

2012-06-24 17:28:41 113152 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4E72.tmp.dat

2012-06-20 21:17:52 -------- d-----w- C:\Users\June\AppData\Local\Apple Computer

2012-06-20 21:16:43 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-20 21:16:43 -------- d-----w- C:\Program Files\iPod

2012-06-20 21:16:42 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-20 21:15:33 -------- d-----w- C:\Users\June\AppData\Local\Apple

2012-06-20 21:14:45 -------- d-----w- C:\Program Files\Bonjour

2012-06-20 21:14:45 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-06-14 00:06:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 14:34:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll

2012-06-10 13:34:39 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9EAD.tmp.dat

2012-06-09 13:21:08 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\E208.tmp.dat

2012-06-07 19:16:13 -------- d-----w- C:\ProgramData\Symantec

2012-06-07 17:16:21 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-06-07 01:36:52 -------- d-----w- C:\Users\June\AppData\Local\KodakGallery

2012-06-06 14:58:45 -------- d-----w- C:\Program Files (x86)\SuperFish

2012-06-06 14:56:54 -------- d-----w- C:\Remote Programs

2012-06-06 14:56:33 -------- d--h--w- C:\ProgramData\Common Files

2012-06-06 14:52:45 -------- d-----w- C:\Program Files (x86)\Funmoods

2012-06-06 14:51:15 -------- d-----w- C:\Users\June\AppData\Roaming\Babylon

2012-06-06 14:51:15 -------- d-----w- C:\ProgramData\Babylon

2012-06-06 14:03:36 -------- d-----w- C:\Users\June\AppData\Local\Microsoft Games

2012-06-06 13:26:22 -------- d-----w- C:\Users\June\AppData\Roaming\Gamelab

2012-06-06 13:08:05 -------- d-----w- C:\ProgramData\Wild Tangent

2012-06-06 12:41:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2012-06-01 00:19:58 63080 ----a-r- C:\Users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe

2012-06-01 00:19:56 -------- d-----w- C:\Users\June\AppData\Local\DIRECTV Player

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-05-30 01:08:54 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-05-30 01:08:26 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak

2012-05-30 01:06:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2012-05-30 01:06:49 -------- d-----w- C:\Program Files (x86)\Kodak

2012-05-28 19:26:38 -------- d-----w- C:\Program Files (x86)\IrfanView

2012-05-28 19:26:32 -------- d-----w- C:\Program Files (x86)\PriceGong

2012-05-28 19:26:00 -------- d-----w- C:\Program Files (x86)\Shop to Win 29

2012-05-28 19:25:57 -------- d-----w- C:\Program Files (x86)\Shop To Win

2012-05-28 19:25:40 -------- d-----w- C:\Program Files (x86)\OApps

.

==================== Find3M ====================

.

2012-06-17 14:16:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-17 14:16:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-21 14:20:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-05-21 14:20:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 10:18:10.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2010 5:26:36 AM

System Uptime: 6/26/2012 9:31:57 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 2AAC

Processor: AMD Athlon II X2 240e Processor | CPU 1 | 784/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 853.088 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.838 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Video Controller

Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000

Manufacturer:

Name: Multimedia Video Controller

PNP Device ID: PCI\VEN_1033&DEV_0165&SUBSYS_650A1461&REV_0B\02004C000000000000

Service:

.

==== System Restore Points ===================

.

RP339: 6/13/2012 8:07:03 PM - Windows Update

RP340: 6/16/2012 10:33:33 PM - Windows Update

RP341: 6/20/2012 10:25:48 AM - Windows Update

RP342: 6/20/2012 5:15:36 PM - Installed iTunes

RP343: 6/21/2012 5:18:26 AM - Windows Update

RP344: 6/23/2012 5:36:04 PM - Windows Update

RP345: 6/24/2012 10:12:55 PM - Removed ITE Infrared Transceiver

RP346: 6/24/2012 10:34:40 PM - Restore Operation

RP347: 6/24/2012 10:50:54 PM - Windows Update

RP348: 6/24/2012 10:58:18 PM - Windows Update

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Airport Mania

Ancient Hearts

Azteca

Bejeweled 2 Deluxe

Bing Rewards Client Installer

Bob the Builder Can-Do-Zoo

Bounce Symphony

Build-a-lot

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCScore

Chuzzle Deluxe

Corel Paint it! touch - IPM

CyberLink DVD Suite Deluxe

D3DX10

Diner Dash 2 Restaurant Rescue

DIRECTV Player

DirectX for Managed Code Update (Summer 2004)

Dora's Carnival Adventure

Dora's World Adventure

DVD Menu Pack for HP TouchSmart Video

EA Download Manager

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Facebook for HP TouchSmart

FATE

FrostWire 4.21.6

Funmoods on IE and Chrome

Gem Shop

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hoyle Casino

HP Advisor

HP AppsCenter 1.00

HP Customer Experience Enhancements

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart/TouchSmart Netflix

HP My Display TouchSmart Edition

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP TouchSmart

HP TouchSmart Browser

HP TouchSmart Calendar

HP TouchSmart Canvas

HP TouchSmart Clock

HP TouchSmart Default Magnets

HP TouchSmart DVD

HP TouchSmart Live TV

HP TouchSmart Music

HP TouchSmart Notes

HP TouchSmart Paint it! by Corel

HP TouchSmart Paint it! by Corel - Content

HP TouchSmart Paint it! by Corel - Core

HP TouchSmart Paint it! by Corel - ICA

HP TouchSmart Paint it! by Corel - Langauge

HP TouchSmart Photo

HP TouchSmart RecipeBox

HP TouchSmart RSS

HP TouchSmart Tutorials

HP TouchSmart Twitter

HP TouchSmart Video

HP TouchSmart Weather

HP TouchSmart Webcam

HP Update

HPAsset component for HP Active Support Library

Hulu Desktop

IrfanView (remove only)

ITE Infrared Transceiver

Java Auto Updater

Java 6 Update 26

Jewel Quest Solitaire 2

Junk Mail filter update

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

KSU

LabelPrint

LightScribe System Software

Mah Jong Medley

Mesh Runtime

Messenger Companion

Microsoft Default Manager

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Business 2010 - English

Microsoft Office Home and Student 2010 - English

Microsoft Office Outlook Connector

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Touch Pack for Windows 7

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.0

Microsoft XNA Framework Redistributable 3.1

Movie Theme Pack for HP TouchSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

netbrdg

Notifier

OfotoXMI

PCDADDIN

PCDHELP

PDF Complete Special Edition

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

Polar Bowler

Polar Golfer

Poppit To Go

Power2Go

PowerDirector

PressReader

PriceGong 2.6.4

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recipe Hub

Recovery Manager

Roads of Rome

Roxio CinemaNow 2.0

SDK

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SFR

SHASTA

Shop To Win

SKIN0001

SKINXSDK

Skip-Bo - Castaway Caper

Skype Click to Call

Skype™ 5.9

Slingo Deluxe

staticcr

swMSM

The Sims™ 3

tooltips

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

VideoFileDownload

Virtual Villagers - The Secret City

VPRINTOL

Where's Waldo The Fantastic Journey

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WindowShopper

WIRELESS

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/26/2012 9:37:31 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

6/25/2012 12:11:36 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0

6/24/2012 11:53:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0

6/24/2012 11:25:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0

6/24/2012 10:47:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.66.0;1.129.66.0 Engine version: 1.1.8502.0

6/24/2012 10:36:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\062412-26145-01.dmp. Report Id: 062412-26145-01.

6/24/2012 10:08:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fc66ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\062412-23212-01.dmp. Report Id: 062412-23212-01.

6/24/2012 1:32:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffa80400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cd3915). A dump was saved in: C:\Windows\Minidump\062412-18283-01.dmp. Report Id: 062412-18283-01.

6/20/2012 4:47:23 PM, Error: Disk [11] - The driver detected a controller error on \...\DR6.

.

==== End Of File ===========================

gringo_pr · June 27, 2012

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

TiffGail · June 27, 2012

After I ran the program.. My computer booted back up.. And now I cannot get on my internet.. It deleted it.. I can't even get on my anti virus program.. What happened!?!? I am using my phone to reply back.. How do I get my internet to open back up?? That program deleted it.. It says "illegal operation attempted on a registry key that has been marked for deletion." But I do believe the spyware is gone.. How do I get my internet back!?

TiffGail · June 27, 2012

Nevermind I just seen the last note.. I am sorry..

TiffGail · June 27, 2012

ComboFix 12-06-26.02 - June 06/26/2012 23:28:51.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2479 [GMT -4:00]

Running from: c:\users\June\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\DictionaryBossEI

c:\program files (x86)\FunWebProducts

c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL

c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL

c:\program files (x86)\Mighty Magoo

c:\program files (x86)\Mighty Magoo\ars.cfg

c:\program files (x86)\Mighty Magoo\icon.ico

c:\program files (x86)\Mighty Magoo\mmagootl.dll

c:\program files (x86)\Shop to Win

c:\program files (x86)\Shop to Win\InstallNotifier.exe

c:\program files (x86)\Shop to Win\ShopToWin.exe

c:\program files (x86)\Shop to Win\unins000.exe

c:\programdata\308007g1s132n444o284o2iin6y7

c:\users\June\AppData\Roaming\Anti-Malware Lab

c:\users\June\AppData\Roaming\Anti-Malware Lab\Instructions.ini

c:\users\June\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Anti-Malware Lab.lnk

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\cid.drv

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\eb.exe

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\energy.exe

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.drv

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.exe

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\gid.sys

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\pal.exe

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.sys

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\SM.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll

c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Anti-Malware Lab.lnk

c:\users\June\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anti-Malware Lab.lnk

c:\users\June\AppData\Roaming\PriceGong

c:\users\June\AppData\Roaming\PriceGong\Data\1.xml

c:\users\June\AppData\Roaming\PriceGong\Data\a.xml

c:\users\June\AppData\Roaming\PriceGong\Data\b.xml

c:\users\June\AppData\Roaming\PriceGong\Data\c.xml

c:\users\June\AppData\Roaming\PriceGong\Data\d.xml

c:\users\June\AppData\Roaming\PriceGong\Data\e.xml

c:\users\June\AppData\Roaming\PriceGong\Data\f.xml

c:\users\June\AppData\Roaming\PriceGong\Data\g.xml

c:\users\June\AppData\Roaming\PriceGong\Data\h.xml

c:\users\June\AppData\Roaming\PriceGong\Data\i.xml

c:\users\June\AppData\Roaming\PriceGong\Data\j.xml

c:\users\June\AppData\Roaming\PriceGong\Data\k.xml

c:\users\June\AppData\Roaming\PriceGong\Data\l.xml

c:\users\June\AppData\Roaming\PriceGong\Data\m.xml

c:\users\June\AppData\Roaming\PriceGong\Data\mru.xml

c:\users\June\AppData\Roaming\PriceGong\Data\n.xml

c:\users\June\AppData\Roaming\PriceGong\Data\o.xml

c:\users\June\AppData\Roaming\PriceGong\Data\p.xml

c:\users\June\AppData\Roaming\PriceGong\Data\q.xml

c:\users\June\AppData\Roaming\PriceGong\Data\r.xml

c:\users\June\AppData\Roaming\PriceGong\Data\s.xml

c:\users\June\AppData\Roaming\PriceGong\Data\t.xml

c:\users\June\AppData\Roaming\PriceGong\Data\u.xml

c:\users\June\AppData\Roaming\PriceGong\Data\v.xml

c:\users\June\AppData\Roaming\PriceGong\Data\w.xml

c:\users\June\AppData\Roaming\PriceGong\Data\x.xml

c:\users\June\AppData\Roaming\PriceGong\Data\y.xml

c:\users\June\AppData\Roaming\PriceGong\Data\z.xml

c:\users\June\Desktop\Anti-Malware Lab.lnk

c:\users\June\Documents\ShopToWin

c:\windows\svchost.exe

c:\windows\SysWow64\drivers\npf.sys

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\WanPacket.dll

c:\windows\SysWow64\wpcap.dll

.

((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))

.

2012-06-26 13:42 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD50C658-605E-4152-894F-3114B1C6234F}\mpengine.dll

2012-06-25 07:22 . 2012-06-25 07:58 -------- d-----w- c:\windows\Microsoft Antimalware

2012-06-25 04:16 . 2012-06-25 04:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-25 02:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-25 02:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-25 02:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-25 02:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-25 02:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-25 02:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-25 02:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-25 02:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-25 02:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-25 02:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-25 02:04 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost(184).exe

2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F00.tmp

2012-06-24 17:28 . 2012-06-24 17:28 113152 ----a-w- c:\programdata\Microsoft\Windows\DRM\4E72.tmp.dat

2012-06-20 21:17 . 2012-06-20 21:17 -------- d-----w- c:\users\June\AppData\Local\Apple Computer

2012-06-20 21:17 . 2012-06-22 21:29 -------- d-----w- c:\users\June\AppData\Roaming\Apple Computer

2012-06-20 21:16 . 2012-06-20 21:17 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-20 21:16 . 2012-06-20 21:16 -------- d-----w- c:\program files\iPod

2012-06-20 21:16 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\iTunes

2012-06-20 21:15 . 2012-06-20 21:15 -------- d-----w- c:\users\June\AppData\Local\Apple

2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-06-20 21:15 . 2012-06-25 02:45 -------- d-----w- c:\program files\Common Files\Apple

2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Bonjour

2012-06-20 21:14 . 2012-06-25 02:45 -------- d-----w- c:\program files\Bonjour

2012-06-20 21:14 . 2012-06-20 21:16 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-06-20 21:14 . 2012-06-20 21:15 -------- d-----w- c:\programdata\Apple

2012-06-14 00:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 14:34 . 2012-05-18 13:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84E8844-4E46-4A49-9A03-B657CE42F094}\gapaengine.dll

2012-06-10 13:34 . 2012-06-10 13:34 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EAD.tmp.dat

2012-06-09 13:21 . 2012-06-09 13:21 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\E208.tmp.dat

2012-06-07 19:16 . 2012-06-07 19:16 -------- d-----w- c:\programdata\Symantec

2012-06-07 17:16 . 2012-06-07 17:16 -------- d-----w- c:\windows\SysWow64\Adobe

2012-06-07 01:36 . 2012-06-07 01:36 -------- d-----w- c:\users\June\AppData\Local\KodakGallery

2012-06-06 14:58 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\SuperFish

2012-06-06 14:56 . 2012-06-19 17:00 -------- d-----w- C:\Remote Programs

2012-06-06 14:56 . 2012-06-06 14:56 -------- d--h--w- c:\programdata\Common Files

2012-06-06 14:52 . 2012-06-06 14:52 -------- d-----w- c:\program files (x86)\Funmoods

2012-06-06 14:51 . 2012-06-06 14:52 1541 ----a-w- C:\user.js

2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\users\June\AppData\Roaming\Babylon

2012-06-06 14:51 . 2012-06-06 14:51 -------- d-----w- c:\programdata\Babylon

2012-06-06 14:03 . 2012-06-06 14:06 -------- d-----w- c:\users\June\AppData\Local\Microsoft Games

2012-06-06 13:26 . 2012-06-06 13:26 -------- d-----w- c:\users\June\AppData\Roaming\Gamelab

2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\programdata\Wild Tangent

2012-06-06 12:41 . 2012-06-06 12:49 -------- d-----w- c:\program files (x86)\WildTangent Games

2012-06-01 00:19 . 2012-06-01 00:19 63080 ----a-r- c:\users\June\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe

2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\June\AppData\Local\DIRECTV Player

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-05-30 01:08 . 2012-05-30 01:08 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\QuickTime

2012-05-30 01:08 . 2012-06-25 02:42 -------- d-----w- c:\programdata\Apple Computer

2012-05-30 01:08 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Common Files\Kodak

2012-05-30 01:06 . 2012-05-30 01:08 -------- d-----w- c:\program files (x86)\Kodak

2012-05-28 19:26 . 2012-05-28 19:26 -------- d-----w- c:\program files (x86)\IrfanView

2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\PriceGong

2012-05-28 19:26 . 2012-06-25 02:45 -------- d-----w- c:\program files (x86)\Shop to Win 29

2012-05-28 19:25 . 2012-05-28 19:25 -------- d-----w- c:\program files (x86)\OApps

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-17 14:16 . 2012-05-18 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-17 14:16 . 2011-07-17 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-21 14:20 . 2012-05-21 14:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-05-21 14:20 . 2012-05-21 14:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-18 13:32 . 2011-05-20 19:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-05-18 13:19 . 2012-05-18 13:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-18 13:19 . 2012-05-18 13:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-05-18 13:18 . 2012-05-18 13:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-05-18 13:18 . 2012-05-18 13:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-30 11:35 . 2012-05-18 13:22 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c111c814-fd58-0a04-3924-998b53830e29}"= "c:\program files (x86)\Shop to Win 29\Helper.dll" [2012-05-28 378880]

.

[HKEY_CLASSES_ROOT\clsid\{c111c814-fd58-0a04-3924-998b53830e29}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{42855803-9685-5634-8D8E-37F3536D2EE3}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}]

2012-03-14 17:52 14432 ----a-w- c:\program files (x86)\Shop to Win 29\Shop to Win 29.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]

2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCShowServer"="c:\users\June\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-23 121456]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Recipe Hub Search Scope Monitor"="c:\progra~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" [2011-10-31 38440]

"RecipeHub_2j Browser Plugin Loader"="c:\progra~2\RECIPE~2\bar\1.bin\2jbrmon.exe" [2011-10-31 30096]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-21 296056]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-07-14 22072]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]

S2 RecipeHub_2jService;Recipe HubService;c:\progra~2\RECIPE~2\bar\1.bin\2jbarsvc.exe [2011-10-31 42504]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-18 32880]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 00:21]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.insightbb.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SuperFish\Superfish.dll

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{8413196d-e290-4418-b5c6-a3b1379a909c} - (no file)

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe

WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-{06BA1354-9686-4136-B2F2-99CE8B1C2F18}_is1 - c:\program files (x86)\Shop To Win\unins000.exe

AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-06-26 23:42:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-27 03:42

.

Pre-Run: 915,164,041,216 bytes free

Post-Run: 915,949,461,504 bytes free

.

- - End Of File - - C33CBBEA5B99F7799549C321AE1A665A

I did not have any problems at all..

& the computer is doing GREAT!!

gringo_pr · June 27, 2012

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

TiffGail · June 27, 2012

I had no problems running the programs.

TDSSKILLER

10:55:18.0075 3536 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

10:55:18.0356 3536 ============================================================

10:55:18.0356 3536 Current date / time: 2012/06/27 10:55:18.0356

10:55:18.0356 3536 SystemInfo:

10:55:18.0356 3536

10:55:18.0356 3536 OS Version: 6.1.7601 ServicePack: 1.0

10:55:18.0356 3536 Product type: Workstation

10:55:18.0356 3536 ComputerName: JUNE-HP

10:55:18.0356 3536 UserName: June

10:55:18.0356 3536 Windows directory: C:\Windows

10:55:18.0356 3536 System windows directory: C:\Windows

10:55:18.0356 3536 Running under WOW64

10:55:18.0356 3536 Processor architecture: Intel x64

10:55:18.0356 3536 Number of processors: 2

10:55:18.0356 3536 Page size: 0x1000

10:55:18.0356 3536 Boot type: Normal boot

10:55:18.0356 3536 ============================================================

10:55:19.0511 3536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:55:19.0526 3536 ============================================================

10:55:19.0526 3536 \Device\Harddisk0\DR0:

10:55:19.0526 3536 MBR partitions:

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72915800

10:55:19.0526 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72948000, BlocksNum 0x1DBE000

10:55:19.0526 3536 ============================================================

10:55:19.0542 3536 C: <-> \Device\Harddisk0\DR0\Partition1

10:55:19.0589 3536 D: <-> \Device\Harddisk0\DR0\Partition2

10:55:19.0589 3536 ============================================================

10:55:19.0589 3536 Initialize success

10:55:19.0589 3536 ============================================================

10:55:20.0681 1200 ============================================================

10:55:20.0681 1200 Scan started

10:55:20.0681 1200 Mode: Manual;

10:55:20.0681 1200 ============================================================

10:55:21.0741 1200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:55:21.0741 1200 1394ohci - ok

10:55:21.0788 1200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:55:21.0788 1200 ACPI - ok

10:55:21.0819 1200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:55:21.0819 1200 AcpiPmi - ok

10:55:21.0913 1200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:55:21.0913 1200 AdobeARMservice - ok

10:55:21.0975 1200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:55:21.0975 1200 adp94xx - ok

10:55:22.0007 1200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:55:22.0007 1200 adpahci - ok

10:55:22.0022 1200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:55:22.0022 1200 adpu320 - ok

10:55:22.0069 1200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:55:22.0069 1200 AeLookupSvc - ok

10:55:22.0131 1200 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

10:55:22.0131 1200 AERTFilters - ok

10:55:22.0194 1200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:55:22.0209 1200 AFD - ok

10:55:22.0225 1200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:55:22.0225 1200 agp440 - ok

10:55:22.0241 1200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:55:22.0241 1200 ALG - ok

10:55:22.0256 1200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:55:22.0256 1200 aliide - ok

10:55:22.0287 1200 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe

10:55:22.0287 1200 AMD External Events Utility - ok

10:55:22.0319 1200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:55:22.0319 1200 amdide - ok

10:55:22.0334 1200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:55:22.0334 1200 AmdK8 - ok

10:55:22.0693 1200 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

10:55:22.0724 1200 amdkmdag - ok

10:55:22.0802 1200 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

10:55:22.0802 1200 amdkmdap - ok

10:55:22.0818 1200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:55:22.0818 1200 AmdPPM - ok

10:55:22.0849 1200 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

10:55:22.0849 1200 amdsata - ok

10:55:22.0865 1200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:55:22.0865 1200 amdsbs - ok

10:55:22.0880 1200 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

10:55:22.0880 1200 amdxata - ok

10:55:22.0911 1200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:55:22.0911 1200 AppID - ok

10:55:22.0927 1200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:55:22.0927 1200 AppIDSvc - ok

10:55:22.0974 1200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:55:22.0974 1200 Appinfo - ok

10:55:22.0989 1200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:55:22.0989 1200 arc - ok

10:55:23.0005 1200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:55:23.0005 1200 arcsas - ok

10:55:23.0083 1200 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:55:23.0083 1200 aspnet_state - ok

10:55:23.0114 1200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:55:23.0114 1200 AsyncMac - ok

10:55:23.0130 1200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:55:23.0145 1200 atapi - ok

10:55:23.0177 1200 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

10:55:23.0177 1200 AtiPcie - ok

10:55:23.0239 1200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:55:23.0255 1200 AudioEndpointBuilder - ok

10:55:23.0255 1200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:55:23.0270 1200 AudioSrv - ok

10:55:23.0379 1200 AVerAVF2 (086cbbb45324d56aa7239046cd86149a) C:\Windows\system32\DRIVERS\AVerAVF2.sys

10:55:23.0395 1200 AVerAVF2 - ok

10:55:23.0442 1200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:55:23.0442 1200 AxInstSV - ok

10:55:23.0489 1200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:55:23.0489 1200 b06bdrv - ok

10:55:23.0520 1200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:55:23.0520 1200 b57nd60a - ok

10:55:23.0535 1200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:55:23.0535 1200 BDESVC - ok

10:55:23.0551 1200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:55:23.0551 1200 Beep - ok

10:55:23.0645 1200 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:55:23.0660 1200 BFE - ok

10:55:23.0723 1200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

10:55:23.0723 1200 BITS - ok

10:55:23.0738 1200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:55:23.0738 1200 blbdrive - ok

10:55:23.0769 1200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:55:23.0769 1200 bowser - ok

10:55:23.0769 1200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:55:23.0785 1200 BrFiltLo - ok

10:55:23.0801 1200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:55:23.0801 1200 BrFiltUp - ok

10:55:23.0816 1200 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

10:55:23.0816 1200 BridgeMP - ok

10:55:23.0847 1200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:55:23.0847 1200 Browser - ok

10:55:23.0879 1200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:55:23.0879 1200 Brserid - ok

10:55:23.0894 1200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:55:23.0894 1200 BrSerWdm - ok

10:55:23.0910 1200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:55:23.0910 1200 BrUsbMdm - ok

10:55:23.0910 1200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:55:23.0910 1200 BrUsbSer - ok

10:55:23.0925 1200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:55:23.0925 1200 BTHMODEM - ok

10:55:23.0957 1200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:55:23.0957 1200 bthserv - ok

10:55:24.0035 1200 CalendarSynchService (28d3d9c47c1f6686f2a2edef0956166c) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

10:55:24.0035 1200 CalendarSynchService - ok

10:55:24.0050 1200 catchme - ok

10:55:24.0081 1200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:55:24.0081 1200 cdfs - ok

10:55:24.0081 1200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:55:24.0097 1200 cdrom - ok

10:55:24.0159 1200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:55:24.0159 1200 CertPropSvc - ok

10:55:24.0253 1200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:55:24.0253 1200 circlass - ok

10:55:24.0300 1200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:55:24.0300 1200 CLFS - ok

10:55:24.0362 1200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:55:24.0362 1200 clr_optimization_v2.0.50727_32 - ok

10:55:24.0409 1200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:55:24.0409 1200 clr_optimization_v2.0.50727_64 - ok

10:55:24.0456 1200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:55:24.0471 1200 clr_optimization_v4.0.30319_32 - ok

10:55:24.0518 1200 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:55:24.0518 1200 clr_optimization_v4.0.30319_64 - ok

10:55:24.0534 1200 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys

10:55:24.0534 1200 clwvd - ok

10:55:24.0549 1200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:55:24.0549 1200 CmBatt - ok

10:55:24.0581 1200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:55:24.0581 1200 cmdide - ok

10:55:24.0643 1200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:55:24.0659 1200 CNG - ok

10:55:24.0690 1200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:55:24.0690 1200 Compbatt - ok

10:55:24.0705 1200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:55:24.0705 1200 CompositeBus - ok

10:55:24.0721 1200 COMSysApp - ok

10:55:24.0752 1200 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys

10:55:24.0752 1200 CpqDfw - ok

10:55:24.0768 1200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:55:24.0768 1200 crcdisk - ok

10:55:24.0815 1200 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

10:55:24.0815 1200 CryptSvc - ok

10:55:24.0908 1200 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:55:24.0908 1200 cvhsvc - ok

10:55:25.0002 1200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:55:25.0002 1200 DcomLaunch - ok

10:55:25.0033 1200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:55:25.0049 1200 defragsvc - ok

10:55:25.0064 1200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:55:25.0064 1200 DfsC - ok

10:55:25.0142 1200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:55:25.0142 1200 Dhcp - ok

10:55:25.0158 1200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:55:25.0158 1200 discache - ok

10:55:25.0189 1200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:55:25.0189 1200 Disk - ok

10:55:25.0236 1200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:55:25.0236 1200 Dnscache - ok

10:55:25.0267 1200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:55:25.0283 1200 dot3svc - ok

10:55:25.0314 1200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:55:25.0314 1200 DPS - ok

10:55:25.0345 1200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:55:25.0345 1200 drmkaud - ok

10:55:25.0376 1200 DTSRVC (b1a72a497951217ae862117e8304f4e8) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

10:55:25.0376 1200 DTSRVC - ok

10:55:25.0470 1200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:55:25.0485 1200 DXGKrnl - ok

10:55:25.0532 1200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:55:25.0532 1200 EapHost - ok

10:55:25.0719 1200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:55:25.0735 1200 ebdrv - ok

10:55:25.0829 1200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:55:25.0829 1200 EFS - ok

10:55:25.0907 1200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:55:25.0922 1200 ehRecvr - ok

10:55:25.0953 1200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:55:25.0953 1200 ehSched - ok

10:55:26.0000 1200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:55:26.0000 1200 elxstor - ok

10:55:26.0031 1200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:55:26.0031 1200 ErrDev - ok

10:55:26.0078 1200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:55:26.0094 1200 EventSystem - ok

10:55:26.0109 1200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:55:26.0109 1200 exfat - ok

10:55:26.0141 1200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:55:26.0141 1200 fastfat - ok

10:55:26.0219 1200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:55:26.0219 1200 Fax - ok

10:55:26.0234 1200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:55:26.0234 1200 fdc - ok

10:55:26.0250 1200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:55:26.0250 1200 fdPHost - ok

10:55:26.0265 1200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:55:26.0265 1200 FDResPub - ok

10:55:26.0281 1200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:55:26.0281 1200 FileInfo - ok

10:55:26.0281 1200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:55:26.0281 1200 Filetrace - ok

10:55:26.0297 1200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:55:26.0297 1200 flpydisk - ok

10:55:26.0343 1200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:55:26.0343 1200 FltMgr - ok

10:55:26.0421 1200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:55:26.0421 1200 FontCache - ok

10:55:26.0468 1200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:55:26.0468 1200 FontCache3.0.0.0 - ok

10:55:26.0499 1200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:55:26.0499 1200 FsDepends - ok

10:55:26.0531 1200 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

10:55:26.0531 1200 fssfltr - ok

10:55:26.0718 1200 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

10:55:26.0749 1200 fsssvc - ok

10:55:26.0858 1200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:55:26.0874 1200 Fs_Rec - ok

10:55:26.0921 1200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:55:26.0921 1200 fvevol - ok

10:55:26.0936 1200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:55:26.0936 1200 gagp30kx - ok

10:55:27.0014 1200 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:55:27.0014 1200 GamesAppService - ok

10:55:27.0123 1200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:55:27.0123 1200 gpsvc - ok

10:55:27.0139 1200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:55:27.0139 1200 hcw85cir - ok

10:55:27.0201 1200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:55:27.0217 1200 HdAudAddService - ok

10:55:27.0233 1200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:55:27.0233 1200 HDAudBus - ok

10:55:27.0248 1200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:55:27.0248 1200 HidBatt - ok

10:55:27.0264 1200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:55:27.0264 1200 HidBth - ok

10:55:27.0295 1200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:55:27.0295 1200 HidIr - ok

10:55:27.0326 1200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

10:55:27.0326 1200 hidserv - ok

10:55:27.0326 1200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:55:27.0326 1200 HidUsb - ok

10:55:27.0357 1200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:55:27.0373 1200 hkmsvc - ok

10:55:27.0404 1200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:55:27.0404 1200 HomeGroupListener - ok

10:55:27.0435 1200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:55:27.0435 1200 HomeGroupProvider - ok

10:55:27.0482 1200 HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

10:55:27.0482 1200 HP Health Check Service - ok

10:55:27.0545 1200 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

10:55:27.0545 1200 hpqwmiex - ok

10:55:27.0560 1200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:55:27.0560 1200 HpSAMD - ok

10:55:27.0638 1200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:55:27.0638 1200 HTTP - ok

10:55:27.0669 1200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:55:27.0669 1200 hwpolicy - ok

10:55:27.0701 1200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:55:27.0701 1200 i8042prt - ok

10:55:27.0732 1200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:55:27.0732 1200 iaStorV - ok

10:55:27.0857 1200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:55:27.0872 1200 idsvc - ok

10:55:27.0888 1200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:55:27.0888 1200 iirsp - ok

10:55:27.0950 1200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:55:27.0950 1200 IKEEXT - ok

10:55:28.0106 1200 IntcAzAudAddService (1c11e5d258bc374e7fbd598d75e49b75) C:\Windows\system32\drivers\RTKVHD64.sys

10:55:28.0122 1200 IntcAzAudAddService - ok

10:55:28.0231 1200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:55:28.0231 1200 intelide - ok

10:55:28.0247 1200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:55:28.0247 1200 intelppm - ok

10:55:28.0278 1200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:55:28.0278 1200 IPBusEnum - ok

10:55:28.0309 1200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:55:28.0309 1200 IpFilterDriver - ok

10:55:28.0356 1200 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:55:28.0371 1200 iphlpsvc - ok

10:55:28.0387 1200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:55:28.0387 1200 IPMIDRV - ok

10:55:28.0403 1200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:55:28.0403 1200 IPNAT - ok

10:55:28.0403 1200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:55:28.0403 1200 IRENUM - ok

10:55:28.0418 1200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:55:28.0418 1200 isapnp - ok

10:55:28.0449 1200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:55:28.0449 1200 iScsiPrt - ok

10:55:28.0481 1200 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys

10:55:28.0481 1200 itecir - ok

10:55:28.0496 1200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:55:28.0496 1200 kbdclass - ok

10:55:28.0527 1200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:55:28.0527 1200 kbdhid - ok

10:55:28.0559 1200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:55:28.0559 1200 KeyIso - ok

10:55:28.0574 1200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:55:28.0574 1200 KSecDD - ok

10:55:28.0590 1200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:55:28.0590 1200 KSecPkg - ok

10:55:28.0605 1200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:55:28.0605 1200 ksthunk - ok

10:55:28.0637 1200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:55:28.0637 1200 KtmRm - ok

10:55:28.0699 1200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

10:55:28.0699 1200 LanmanServer - ok

10:55:28.0746 1200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:55:28.0761 1200 LanmanWorkstation - ok

10:55:28.0808 1200 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

10:55:28.0808 1200 LightScribeService - ok

10:55:28.0839 1200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:55:28.0839 1200 lltdio - ok

10:55:28.0886 1200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:55:28.0902 1200 lltdsvc - ok

10:55:28.0917 1200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:55:28.0917 1200 lmhosts - ok

10:55:28.0949 1200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:55:28.0949 1200 LSI_FC - ok

10:55:28.0964 1200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:55:28.0964 1200 LSI_SAS - ok

10:55:28.0980 1200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:55:28.0980 1200 LSI_SAS2 - ok

10:55:29.0011 1200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:55:29.0011 1200 LSI_SCSI - ok

10:55:29.0011 1200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:55:29.0027 1200 luafv - ok

10:55:29.0058 1200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:55:29.0058 1200 Mcx2Svc - ok

10:55:29.0073 1200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:55:29.0073 1200 megasas - ok

10:55:29.0089 1200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:55:29.0089 1200 MegaSR - ok

10:55:29.0105 1200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:55:29.0105 1200 MMCSS - ok

10:55:29.0120 1200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:55:29.0120 1200 Modem - ok

10:55:29.0136 1200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:55:29.0136 1200 monitor - ok

10:55:29.0151 1200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:55:29.0151 1200 mouclass - ok

10:55:29.0167 1200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:55:29.0167 1200 mouhid - ok

10:55:29.0198 1200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:55:29.0198 1200 mountmgr - ok

10:55:29.0276 1200 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

10:55:29.0276 1200 MpFilter - ok

10:55:29.0307 1200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:55:29.0307 1200 mpio - ok

10:55:29.0323 1200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:55:29.0323 1200 mpsdrv - ok

10:55:29.0432 1200 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:55:29.0448 1200 MpsSvc - ok

10:55:29.0479 1200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:55:29.0479 1200 MRxDAV - ok

10:55:29.0510 1200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:55:29.0510 1200 mrxsmb - ok

10:55:29.0557 1200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:55:29.0557 1200 mrxsmb10 - ok

10:55:29.0573 1200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:55:29.0573 1200 mrxsmb20 - ok

10:55:29.0604 1200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:55:29.0604 1200 msahci - ok

10:55:29.0604 1200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:55:29.0604 1200 msdsm - ok

10:55:29.0619 1200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:55:29.0635 1200 MSDTC - ok

10:55:29.0651 1200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:55:29.0651 1200 Msfs - ok

10:55:29.0666 1200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:55:29.0666 1200 mshidkmdf - ok

10:55:29.0682 1200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:55:29.0682 1200 msisadrv - ok

10:55:29.0697 1200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:55:29.0697 1200 MSiSCSI - ok

10:55:29.0713 1200 msiserver - ok

10:55:29.0729 1200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:55:29.0729 1200 MSKSSRV - ok

10:55:29.0775 1200 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

10:55:29.0775 1200 MsMpSvc - ok

10:55:29.0807 1200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:55:29.0807 1200 MSPCLOCK - ok

10:55:29.0807 1200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:55:29.0807 1200 MSPQM - ok

10:55:29.0869 1200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:55:29.0869 1200 MsRPC - ok

10:55:29.0885 1200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:55:29.0885 1200 mssmbios - ok

10:55:29.0900 1200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:55:29.0900 1200 MSTEE - ok

10:55:29.0900 1200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:55:29.0900 1200 MTConfig - ok

10:55:29.0931 1200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:55:29.0931 1200 Mup - ok

10:55:29.0994 1200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:55:29.0994 1200 napagent - ok

10:55:30.0041 1200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:55:30.0041 1200 NativeWifiP - ok

10:55:30.0087 1200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:55:30.0087 1200 NDIS - ok

10:55:30.0119 1200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:55:30.0119 1200 NdisCap - ok

10:55:30.0134 1200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:55:30.0134 1200 NdisTapi - ok

10:55:30.0165 1200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:55:30.0165 1200 Ndisuio - ok

10:55:30.0212 1200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:55:30.0212 1200 NdisWan - ok

10:55:30.0259 1200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:55:30.0259 1200 NDProxy - ok

10:55:30.0259 1200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:55:30.0259 1200 NetBIOS - ok

10:55:30.0306 1200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:55:30.0306 1200 NetBT - ok

10:55:30.0337 1200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:55:30.0337 1200 Netlogon - ok

10:55:30.0384 1200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:55:30.0384 1200 Netman - ok

10:55:30.0493 1200 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:55:30.0493 1200 NetMsmqActivator - ok

10:55:30.0509 1200 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:55:30.0509 1200 NetPipeActivator - ok

10:55:30.0540 1200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:55:30.0540 1200 netprofm - ok

10:55:30.0633 1200 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

10:55:30.0649 1200 netr28x - ok

10:55:30.0696 1200 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:55:30.0711 1200 NetTcpActivator - ok

10:55:30.0711 1200 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:55:30.0711 1200 NetTcpPortSharing - ok

10:55:30.0758 1200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:55:30.0758 1200 nfrd960 - ok

10:55:30.0789 1200 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:55:30.0805 1200 NisDrv - ok

10:55:30.0836 1200 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

10:55:30.0836 1200 NisSrv - ok

10:55:30.0867 1200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:55:30.0867 1200 NlaSvc - ok

10:55:30.0883 1200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:55:30.0883 1200 Npfs - ok

10:55:30.0899 1200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:55:30.0899 1200 nsi - ok

10:55:30.0899 1200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:55:30.0899 1200 nsiproxy - ok

10:55:31.0055 1200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:55:31.0070 1200 Ntfs - ok

10:55:31.0133 1200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:55:31.0133 1200 Null - ok

10:55:31.0148 1200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:55:31.0148 1200 nvraid - ok

10:55:31.0164 1200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:55:31.0164 1200 nvstor - ok

10:55:31.0195 1200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:55:31.0195 1200 nv_agp - ok

10:55:31.0211 1200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:55:31.0211 1200 ohci1394 - ok

10:55:31.0273 1200 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:55:31.0273 1200 ose - ok

10:55:31.0632 1200 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:55:31.0663 1200 osppsvc - ok

10:55:31.0725 1200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:55:31.0725 1200 p2pimsvc - ok

10:55:31.0757 1200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:55:31.0772 1200 p2psvc - ok

10:55:31.0788 1200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:55:31.0788 1200 Parport - ok

10:55:31.0819 1200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:55:31.0819 1200 partmgr - ok

10:55:31.0850 1200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:55:31.0850 1200 PcaSvc - ok

10:55:31.0897 1200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:55:31.0897 1200 pci - ok

10:55:31.0913 1200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:55:31.0913 1200 pciide - ok

10:55:31.0944 1200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:55:31.0944 1200 pcmcia - ok

10:55:31.0959 1200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:55:31.0959 1200 pcw - ok

10:55:31.0975 1200 pdfcDispatcher - ok

10:55:32.0006 1200 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

10:55:32.0006 1200 PdiService - ok

10:55:32.0053 1200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:55:32.0069 1200 PEAUTH - ok

10:55:32.0115 1200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:55:32.0115 1200 PerfHost - ok

10:55:32.0225 1200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:55:32.0225 1200 pla - ok

10:55:32.0287 1200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:55:32.0303 1200 PlugPlay - ok

10:55:32.0318 1200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:55:32.0318 1200 PNRPAutoReg - ok

10:55:32.0349 1200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:55:32.0349 1200 PNRPsvc - ok

10:55:32.0396 1200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:55:32.0396 1200 PolicyAgent - ok

10:55:32.0443 1200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:55:32.0443 1200 Power - ok

10:55:32.0490 1200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:55:32.0490 1200 PptpMiniport - ok

10:55:32.0505 1200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:55:32.0505 1200 Processor - ok

10:55:32.0552 1200 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

10:55:32.0552 1200 ProfSvc - ok

10:55:32.0583 1200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:55:32.0583 1200 ProtectedStorage - ok

10:55:32.0615 1200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:55:32.0615 1200 Psched - ok

10:55:32.0661 1200 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

10:55:32.0661 1200 PSI_SVC_2 - ok

10:55:32.0802 1200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:55:32.0817 1200 ql2300 - ok

10:55:32.0895 1200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:55:32.0895 1200 ql40xx - ok

10:55:32.0927 1200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:55:32.0927 1200 QWAVE - ok

10:55:32.0942 1200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:55:32.0942 1200 QWAVEdrv - ok

10:55:32.0942 1200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:55:32.0942 1200 RasAcd - ok

10:55:32.0958 1200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:55:32.0958 1200 RasAgileVpn - ok

10:55:32.0973 1200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:55:32.0973 1200 RasAuto - ok

10:55:33.0005 1200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:55:33.0005 1200 Rasl2tp - ok

10:55:33.0067 1200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:55:33.0067 1200 RasMan - ok

10:55:33.0098 1200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:55:33.0098 1200 RasPppoe - ok

10:55:33.0114 1200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:55:33.0114 1200 RasSstp - ok

10:55:33.0145 1200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:55:33.0145 1200 rdbss - ok

10:55:33.0176 1200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:55:33.0176 1200 rdpbus - ok

10:55:33.0192 1200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:55:33.0192 1200 RDPCDD - ok

10:55:33.0207 1200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:55:33.0207 1200 RDPENCDD - ok

10:55:33.0223 1200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:55:33.0223 1200 RDPREFMP - ok

10:55:33.0270 1200 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

10:55:33.0270 1200 RDPWD - ok

10:55:33.0317 1200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:55:33.0317 1200 rdyboost - ok

10:55:33.0332 1200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:55:33.0332 1200 RemoteAccess - ok

10:55:33.0348 1200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:55:33.0348 1200 RemoteRegistry - ok

10:55:33.0363 1200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:55:33.0363 1200 RpcEptMapper - ok

10:55:33.0379 1200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:55:33.0379 1200 RpcLocator - ok

10:55:33.0426 1200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:55:33.0441 1200 RpcSs - ok

10:55:33.0441 1200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:55:33.0441 1200 rspndr - ok

10:55:33.0504 1200 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:55:33.0504 1200 RTL8167 - ok

10:55:33.0519 1200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:55:33.0519 1200 SamSs - ok

10:55:33.0551 1200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:55:33.0551 1200 sbp2port - ok

10:55:33.0566 1200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:55:33.0566 1200 SCardSvr - ok

10:55:33.0597 1200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:55:33.0597 1200 scfilter - ok

10:55:33.0707 1200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:55:33.0722 1200 Schedule - ok

10:55:33.0769 1200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:55:33.0769 1200 SCPolicySvc - ok

10:55:33.0800 1200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:55:33.0816 1200 SDRSVC - ok

10:55:33.0816 1200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:55:33.0816 1200 secdrv - ok

10:55:33.0847 1200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:55:33.0847 1200 seclogon - ok

10:55:33.0863 1200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

10:55:33.0863 1200 SENS - ok

10:55:33.0878 1200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:55:33.0878 1200 SensrSvc - ok

10:55:33.0909 1200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:55:33.0909 1200 Serenum - ok

10:55:33.0925 1200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:55:33.0925 1200 Serial - ok

10:55:33.0941 1200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:55:33.0941 1200 sermouse - ok

10:55:33.0987 1200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:55:33.0987 1200 SessionEnv - ok

10:55:34.0019 1200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:55:34.0019 1200 sffdisk - ok

10:55:34.0019 1200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:55:34.0019 1200 sffp_mmc - ok

10:55:34.0034 1200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:55:34.0034 1200 sffp_sd - ok

10:55:34.0050 1200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:55:34.0050 1200 sfloppy - ok

10:55:34.0128 1200 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:55:34.0143 1200 Sftfs - ok

10:55:34.0237 1200 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

10:55:34.0237 1200 sftlist - ok

10:55:34.0487 1200 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:55:34.0502 1200 Sftplay - ok

10:55:34.0533 1200 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:55:34.0533 1200 Sftredir - ok

10:55:34.0549 1200 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:55:34.0549 1200 Sftvol - ok

10:55:34.0565 1200 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

10:55:34.0565 1200 sftvsa - ok

10:55:34.0596 1200 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:55:34.0611 1200 SharedAccess - ok

10:55:34.0658 1200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:55:34.0674 1200 ShellHWDetection - ok

10:55:34.0721 1200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:55:34.0721 1200 SiSRaid2 - ok

10:55:34.0736 1200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:55:34.0736 1200 SiSRaid4 - ok

10:55:34.0799 1200 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:55:34.0799 1200 SkypeUpdate - ok

10:55:34.0830 1200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:55:34.0830 1200 Smb - ok

10:55:34.0861 1200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:55:34.0861 1200 SNMPTRAP - ok

10:55:34.0877 1200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:55:34.0877 1200 spldr - ok

10:55:34.0923 1200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:55:34.0923 1200 Spooler - ok

10:55:35.0111 1200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:55:35.0126 1200 sppsvc - ok

10:55:35.0204 1200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:55:35.0204 1200 sppuinotify - ok

10:55:35.0282 1200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:55:35.0298 1200 srv - ok

10:55:35.0329 1200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:55:35.0329 1200 srv2 - ok

10:55:35.0345 1200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:55:35.0360 1200 srvnet - ok

10:55:35.0391 1200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:55:35.0407 1200 SSDPSRV - ok

10:55:35.0423 1200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:55:35.0423 1200 SstpSvc - ok

10:55:35.0438 1200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:55:35.0438 1200 stexstor - ok

10:55:35.0501 1200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:55:35.0501 1200 stisvc - ok

10:55:35.0532 1200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:55:35.0532 1200 swenum - ok

10:55:35.0579 1200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:55:35.0594 1200 swprv - ok

10:55:35.0719 1200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:55:35.0735 1200 SysMain - ok

10:55:35.0813 1200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:55:35.0813 1200 TabletInputService - ok

10:55:35.0875 1200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:55:35.0891 1200 TapiSrv - ok

10:55:35.0906 1200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:55:35.0906 1200 TBS - ok

10:55:36.0047 1200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:55:36.0047 1200 Tcpip - ok

10:55:36.0187 1200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:55:36.0187 1200 TCPIP6 - ok

10:55:36.0265 1200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:55:36.0265 1200 tcpipreg - ok

10:55:36.0281 1200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:55:36.0281 1200 TDPIPE - ok

10:55:36.0312 1200 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:55:36.0312 1200 TDTCP - ok

10:55:36.0343 1200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:55:36.0343 1200 tdx - ok

10:55:36.0359 1200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:55:36.0359 1200 TermDD - ok

10:55:36.0405 1200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:55:36.0405 1200 TermService - ok

10:55:36.0421 1200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:55:36.0421 1200 Themes - ok

10:55:36.0437 1200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:55:36.0437 1200 THREADORDER - ok

10:55:36.0468 1200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:55:36.0468 1200 TrkWks - ok

10:55:36.0515 1200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:55:36.0515 1200 TrustedInstaller - ok

10:55:36.0561 1200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:55:36.0577 1200 tssecsrv - ok

10:55:36.0608 1200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:55:36.0608 1200 TsUsbFlt - ok

10:55:36.0655 1200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:55:36.0655 1200 tunnel - ok

10:55:36.0671 1200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:55:36.0671 1200 uagp35 - ok

10:55:36.0717 1200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:55:36.0717 1200 udfs - ok

10:55:36.0764 1200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:55:36.0764 1200 UI0Detect - ok

10:55:36.0780 1200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:55:36.0795 1200 uliagpkx - ok

10:55:36.0842 1200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:55:36.0842 1200 umbus - ok

10:55:36.0858 1200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:55:36.0858 1200 UmPass - ok

10:55:36.0905 1200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:55:36.0905 1200 upnphost - ok

10:55:36.0920 1200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:55:36.0920 1200 usbccgp - ok

10:55:36.0967 1200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:55:36.0983 1200 usbcir - ok

10:55:36.0998 1200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:55:36.0998 1200 usbehci - ok

10:55:37.0029 1200 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

10:55:37.0029 1200 usbfilter - ok

10:55:37.0061 1200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:55:37.0061 1200 usbhub - ok

10:55:37.0076 1200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:55:37.0092 1200 usbohci - ok

10:55:37.0107 1200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:55:37.0107 1200 usbprint - ok

10:55:37.0154 1200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:55:37.0154 1200 usbscan - ok

10:55:37.0185 1200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

10:55:37.0185 1200 USBSTOR - ok

10:55:37.0201 1200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:55:37.0201 1200 usbuhci - ok

10:55:37.0217 1200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:55:37.0217 1200 usbvideo - ok

10:55:37.0232 1200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:55:37.0232 1200 UxSms - ok

10:55:37.0263 1200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:55:37.0263 1200 VaultSvc - ok

10:55:37.0279 1200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:55:37.0279 1200 vdrvroot - ok

10:55:37.0326 1200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:55:37.0326 1200 vds - ok

10:55:37.0341 1200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:55:37.0341 1200 vga - ok

10:55:37.0341 1200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:55:37.0341 1200 VgaSave - ok

10:55:37.0373 1200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:55:37.0373 1200 vhdmp - ok

10:55:37.0388 1200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:55:37.0404 1200 viaide - ok

10:55:37.0419 1200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:55:37.0419 1200 volmgr - ok

10:55:37.0466 1200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:55:37.0466 1200 volmgrx - ok

10:55:37.0497 1200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:55:37.0497 1200 volsnap - ok

10:55:37.0529 1200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:55:37.0529 1200 vsmraid - ok

10:55:37.0685 1200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:55:37.0700 1200 VSS - ok

10:55:37.0794 1200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:55:37.0809 1200 vwifibus - ok

10:55:37.0825 1200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:55:37.0825 1200 vwififlt - ok

10:55:37.0856 1200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:55:37.0856 1200 W32Time - ok

10:55:37.0887 1200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:55:37.0887 1200 WacomPen - ok

10:55:37.0903 1200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:55:37.0903 1200 WANARP - ok

10:55:37.0919 1200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:55:37.0919 1200 Wanarpv6 - ok

10:55:38.0043 1200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:55:38.0059 1200 WatAdminSvc - ok

10:55:38.0153 1200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:55:38.0168 1200 wbengine - ok

10:55:38.0215 1200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:55:38.0215 1200 WbioSrvc - ok

10:55:38.0277 1200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:55:38.0277 1200 wcncsvc - ok

10:55:38.0293 1200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:55:38.0293 1200 WcsPlugInService - ok

10:55:38.0309 1200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:55:38.0309 1200 Wd - ok

10:55:38.0355 1200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:55:38.0355 1200 Wdf01000 - ok

10:55:38.0371 1200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:55:38.0371 1200 WdiServiceHost - ok

10:55:38.0387 1200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:55:38.0387 1200 WdiSystemHost - ok

10:55:38.0418 1200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:55:38.0433 1200 WebClient - ok

10:55:38.0449 1200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:55:38.0449 1200 Wecsvc - ok

10:55:38.0465 1200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:55:38.0465 1200 wercplsupport - ok

10:55:38.0480 1200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:55:38.0480 1200 WerSvc - ok

10:55:38.0496 1200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:55:38.0496 1200 WfpLwf - ok

10:55:38.0511 1200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:55:38.0511 1200 WIMMount - ok

10:55:38.0527 1200 WinDefend - ok

10:55:38.0543 1200 WinHttpAutoProxySvc - ok

10:55:38.0605 1200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:55:38.0605 1200 Winmgmt - ok

10:55:38.0761 1200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:55:38.0777 1200 WinRM - ok

10:55:38.0823 1200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:55:38.0823 1200 WinUsb - ok

10:55:38.0886 1200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:55:38.0886 1200 Wlansvc - ok

10:55:38.0948 1200 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:55:38.0948 1200 wlcrasvc - ok

10:55:39.0167 1200 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:55:39.0167 1200 wlidsvc - ok

10:55:39.0245 1200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:55:39.0245 1200 WmiAcpi - ok

10:55:39.0276 1200 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:55:39.0276 1200 wmiApSrv - ok

10:55:39.0307 1200 WMPNetworkSvc - ok

10:55:39.0307 1200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:55:39.0323 1200 WPCSvc - ok

10:55:39.0338 1200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:55:39.0338 1200 WPDBusEnum - ok

10:55:39.0354 1200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:55:39.0354 1200 ws2ifsl - ok

10:55:39.0385 1200 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

10:55:39.0385 1200 wscsvc - ok

10:55:39.0385 1200 WSearch - ok

10:55:39.0557 1200 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

10:55:39.0572 1200 wuauserv - ok

10:55:39.0635 1200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:55:39.0635 1200 WudfPf - ok

10:55:39.0650 1200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:55:39.0666 1200 WUDFRd - ok

10:55:39.0681 1200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:55:39.0697 1200 wudfsvc - ok

10:55:39.0697 1200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:55:39.0713 1200 WwanSvc - ok

10:55:39.0744 1200 MBR (0x1B8) (e62d1f7a164f13bb434daf9173afb16b) \Device\Harddisk0\DR0

10:55:40.0025 1200 \Device\Harddisk0\DR0 - ok

10:55:40.0040 1200 Boot (0x1200) (1a6501080d7111e2df229062b3312adf) \Device\Harddisk0\DR0\Partition0

10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition0 - ok

10:55:40.0040 1200 Boot (0x1200) (7e17c48520d17e5ad06e0499b297a32a) \Device\Harddisk0\DR0\Partition1

10:55:40.0040 1200 \Device\Harddisk0\DR0\Partition1 - ok

10:55:40.0071 1200 Boot (0x1200) (b5f145794c9b417a00d6cd0a4de1c5c2) \Device\Harddisk0\DR0\Partition2

10:55:40.0071 1200 \Device\Harddisk0\DR0\Partition2 - ok

10:55:40.0071 1200 ============================================================

10:55:40.0071 1200 Scan finished

10:55:40.0071 1200 ============================================================

10:55:40.0087 4844 Detected object count: 0

10:55:40.0087 4844 Actual detected object count: 0

ASWMBR

Run date: 2012-06-27 10:49:48

-----------------------------

10:49:48.924 OS Version: Windows x64 6.1.7601 Service Pack 1

10:49:48.924 Number of processors: 2 586 0x603

10:49:48.924 ComputerName: JUNE-HP UserName: June

10:49:50.577 Initialize success

10:51:39.263 AVAST engine defs: 12062700

10:52:11.898 The log file has been saved successfully to "C:\Users\June\Documents\aswMBR.txt"

gringo_pr · June 27, 2012

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

TiffGail · June 27, 2012

ComboFix 12-06-27.01 - June 06/27/2012 18:04:38.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2658 [GMT -4:00]

Running from: c:\users\June\Downloads\ComboFix.exe

Command switches used :: c:\users\June\Desktop\CFScript.lnk

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))

.

2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-27 22:09 . 2012-06-27 22:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-06-27 16:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1633D531-C6C7-4A6E-9A21-5FC49DF3AEF5}\mpengine.dll

2012-06-27 15:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-27 04:09 . 2012-06-27 04:09 -------- d-----w- c:\users\June\AppData\Roaming\NewspaperDirect