Major virus Trojan Horse Generic27.BTAL

We need to fix the Master Boot Record using aswMBR now.

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click FixMBR to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Dave it still will not run. I even tried reinstalling it and then hit 'run' again and still nothing is coming up...

Ok. Let's try something else.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:

• Startup Repair
  
• System Restore
  
• Windows Complete PC Restore
  
• Windows Memory Diagnostic Tool
  
• Command Prompt
  

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Dave, I hit F8 to go to the Boot System Recovery but when I click on Repair computer it has been stuck on a black screen saying "Windows loading Files" for the past two hours. I had to shut it down again so I could log on regularly to tell you it is not working.

jcarp wrote:

Dave, I hit F8 to go to the Boot System Recovery but when I click on Repair computer it has been stuck on a black screen saying "Windows loading Files" for the past two hours. I had to shut it down again so I could log on regularly to tell you it is not working.

You should click on Command prompt not Repair computer.

I clicked on safe mode with command prompt and it didnt do anything. a black window came up lie it was supposed to be loading something but it didn't...

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

Please try running aswMBR.exe in post # 11

4:31.0328 7988 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:44:33.0340 7988 ============================================================
12:44:33.0340 7988 Current date / time: 2012/05/21 12:44:33.0340
12:44:33.0340 7988 SystemInfo:
12:44:33.0340 7988
12:44:33.0340 7988 OS Version: 6.1.7601 ServicePack: 1.0
12:44:33.0340 7988 Product type: Workstation
12:44:33.0341 7988 ComputerName: JOESLAPTOP
12:44:33.0341 7988 UserName: Joe
12:44:33.0341 7988 Windows directory: C:\Windows
12:44:33.0341 7988 System windows directory: C:\Windows
12:44:33.0341 7988 Running under WOW64
12:44:33.0341 7988 Processor architecture: Intel x64
12:44:33.0341 7988 Number of processors: 4
12:44:33.0341 7988 Page size: 0x1000
12:44:33.0341 7988 Boot type: Normal boot
12:44:33.0341 7988 ============================================================
12:44:34.0527 7988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:34.0536 7988 Drive \Device\Harddisk1\DR1 - Size: 0x1DEC00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:34.0540 7988 ============================================================
12:44:34.0540 7988 \Device\Harddisk0\DR0:
12:44:34.0540 7988 MBR partitions:
12:44:34.0540 7988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
12:44:34.0540 7988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38602830
12:44:34.0540 7988 \Device\Harddisk1\DR1:
12:44:34.0541 7988 MBR partitions:
12:44:34.0541 7988 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xEF5FC0
12:44:34.0541 7988 ============================================================
12:44:34.0700 7988 C: <-> \Device\Harddisk0\DR0\Partition1
12:44:34.0700 7988 ============================================================
12:44:34.0700 7988 Initialize success
12:44:34.0700 7988 ============================================================
12:44:43.0972 8432 ============================================================
12:44:43.0972 8432 Scan started
12:44:43.0972 8432 Mode: Manual;
12:44:43.0972 8432 ============================================================
12:44:46.0414 8432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:44:46.0595 8432 1394ohci - ok
12:44:46.0733 8432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:44:46.0763 8432 ACPI - ok
12:44:46.0805 8432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:44:46.0880 8432 AcpiPmi - ok
12:44:47.0019 8432 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:44:47.0023 8432 AdobeARMservice - ok
12:44:47.0213 8432 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:47.0216 8432 AdobeFlashPlayerUpdateSvc - ok
12:44:47.0326 8432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:44:47.0355 8432 adp94xx - ok
12:44:47.0419 8432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:44:47.0445 8432 adpahci - ok
12:44:47.0532 8432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:44:47.0551 8432 adpu320 - ok
12:44:47.0602 8432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:44:47.0604 8432 AeLookupSvc - ok
12:44:47.0687 8432 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
12:44:47.0692 8432 AESTFilters - ok
12:44:47.0803 8432 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:44:47.0925 8432 AFD - ok
12:44:47.0997 8432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:44:48.0006 8432 agp440 - ok
12:44:48.0038 8432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:44:48.0046 8432 ALG - ok
12:44:48.0082 8432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:44:48.0089 8432 aliide - ok
12:44:48.0107 8432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:44:48.0112 8432 amdide - ok
12:44:48.0163 8432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:44:48.0176 8432 AmdK8 - ok
12:44:48.0207 8432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:44:48.0219 8432 AmdPPM - ok
12:44:48.0298 8432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:44:48.0357 8432 amdsata - ok
12:44:48.0398 8432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:44:48.0409 8432 amdsbs - ok
12:44:48.0440 8432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:44:48.0498 8432 amdxata - ok
12:44:48.0566 8432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:44:48.0611 8432 AppID - ok
12:44:48.0640 8432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:44:48.0647 8432 AppIDSvc - ok
12:44:48.0709 8432 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:44:48.0763 8432 Appinfo - ok
12:44:48.0917 8432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:44:48.0946 8432 Apple Mobile Device - ok
12:44:48.0975 8432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:44:48.0982 8432 arc - ok
12:44:49.0003 8432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:44:49.0011 8432 arcsas - ok
12:44:49.0039 8432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:49.0046 8432 AsyncMac - ok
12:44:49.0094 8432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:44:49.0122 8432 atapi - ok
12:44:49.0222 8432 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:44:49.0278 8432 AudioEndpointBuilder - ok
12:44:49.0285 8432 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:44:49.0289 8432 AudioSrv - ok
12:44:49.0358 8432 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:44:49.0423 8432 Avgfwfd - ok
12:44:49.0649 8432 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
12:44:49.0700 8432 avgfws - ok
12:44:50.0023 8432 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
12:44:50.0141 8432 AVGIDSAgent - ok
12:44:50.0750 8432 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:44:50.0810 8432 AVGIDSDriver - ok
12:44:50.0876 8432 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:44:50.0933 8432 AVGIDSFilter - ok
12:44:51.0016 8432 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:44:51.0083 8432 AVGIDSHA - ok
12:44:51.0182 8432 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:44:51.0238 8432 Avgldx64 - ok
12:44:51.0266 8432 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:44:51.0304 8432 Avgmfx64 - ok
12:44:51.0355 8432 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:44:51.0411 8432 Avgrkx64 - ok
12:44:51.0478 8432 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:44:51.0498 8432 Avgtdia - ok
12:44:51.0606 8432 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:44:51.0610 8432 avgwd - ok
12:44:51.0667 8432 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:44:51.0722 8432 AxInstSV - ok
12:44:51.0800 8432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:44:51.0832 8432 b06bdrv - ok
12:44:51.0888 8432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:44:51.0918 8432 b57nd60a - ok
12:44:51.0985 8432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:44:52.0007 8432 BDESVC - ok
12:44:52.0036 8432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:44:52.0046 8432 Beep - ok
12:44:52.0152 8432 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:44:52.0209 8432 BFE - ok
12:44:52.0301 8432 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:44:52.0411 8432 BITS - ok
12:44:52.0495 8432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:44:52.0507 8432 blbdrive - ok
12:44:52.0676 8432 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:44:52.0723 8432 Bonjour Service - ok
12:44:52.0777 8432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:44:52.0821 8432 bowser - ok
12:44:52.0845 8432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:44:52.0852 8432 BrFiltLo - ok
12:44:52.0860 8432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:44:52.0869 8432 BrFiltUp - ok
12:44:52.0924 8432 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:44:52.0981 8432 Browser - ok
12:44:53.0031 8432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:44:53.0061 8432 Brserid - ok
12:44:53.0080 8432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:44:53.0087 8432 BrSerWdm - ok
12:44:53.0103 8432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:44:53.0109 8432 BrUsbMdm - ok
12:44:53.0126 8432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:44:53.0131 8432 BrUsbSer - ok
12:44:53.0200 8432 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:44:53.0227 8432 BthEnum - ok
12:44:53.0262 8432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:44:53.0268 8432 BTHMODEM - ok
12:44:53.0316 8432 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:44:53.0321 8432 BthPan - ok
12:44:53.0418 8432 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:44:53.0478 8432 BTHPORT - ok
12:44:53.0526 8432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:44:53.0535 8432 bthserv - ok
12:44:53.0587 8432 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:44:53.0642 8432 BTHUSB - ok
12:44:53.0671 8432 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
12:44:53.0732 8432 btusbflt - ok
12:44:53.0781 8432 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
12:44:53.0822 8432 btwaudio - ok
12:44:53.0859 8432 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
12:44:53.0913 8432 btwavdt - ok
12:44:54.0064 8432 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:44:54.0083 8432 btwdins - ok
12:44:54.0112 8432 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:44:54.0173 8432 btwl2cap - ok
12:44:54.0199 8432 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
12:44:54.0251 8432 btwrchid - ok
12:44:54.0296 8432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:44:54.0304 8432 cdfs - ok
12:44:54.0379 8432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:44:54.0461 8432 cdrom - ok
12:44:54.0552 8432 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:44:54.0598 8432 CertPropSvc - ok
12:44:54.0645 8432 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
12:44:54.0705 8432 cfwids - ok
12:44:54.0748 8432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:44:54.0755 8432 circlass - ok
12:44:54.0813 8432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:44:54.0852 8432 CLFS - ok
12:44:54.0942 8432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:54.0984 8432 clr_optimization_v2.0.50727_32 - ok
12:44:55.0034 8432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:44:55.0050 8432 clr_optimization_v2.0.50727_64 - ok
12:44:55.0147 8432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:55.0193 8432 clr_optimization_v4.0.30319_32 - ok
12:44:55.0233 8432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:44:55.0248 8432 clr_optimization_v4.0.30319_64 - ok
12:44:55.0296 8432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:55.0307 8432 CmBatt - ok
12:44:55.0338 8432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:44:55.0346 8432 cmdide - ok
12:44:55.0416 8432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:44:55.0474 8432 CNG - ok
12:44:55.0517 8432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:44:55.0525 8432 Compbatt - ok
12:44:55.0567 8432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:44:55.0657 8432 CompositeBus - ok
12:44:55.0678 8432 COMSysApp - ok
12:44:55.0695 8432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:44:55.0700 8432 crcdisk - ok
12:44:55.0764 8432 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:44:55.0803 8432 CryptSvc - ok
12:44:55.0874 8432 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:44:55.0937 8432 CtClsFlt - ok
12:44:56.0035 8432 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:44:56.0049 8432 DcomLaunch - ok
12:44:56.0101 8432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:44:56.0126 8432 defragsvc - ok
12:44:56.0177 8432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:44:56.0232 8432 DfsC - ok
12:44:56.0338 8432 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:44:56.0448 8432 Dhcp - ok
12:44:56.0487 8432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:44:56.0498 8432 discache - ok
12:44:56.0538 8432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:44:56.0546 8432 Disk - ok
12:44:56.0595 8432 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:44:56.0647 8432 Dnscache - ok
12:44:56.0712 8432 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:44:56.0816 8432 dot3svc - ok
12:44:56.0879 8432 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:44:56.0891 8432 DPS - ok
12:44:56.0928 8432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:44:56.0940 8432 drmkaud - ok
12:44:57.0059 8432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:44:57.0158 8432 DXGKrnl - ok
12:44:57.0211 8432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:44:57.0224 8432 EapHost - ok
12:44:57.0448 8432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:44:57.0591 8432 ebdrv - ok
12:44:57.0739 8432 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:44:57.0743 8432 EFS - ok
12:44:57.0856 8432 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:44:57.0957 8432 ehRecvr - ok
12:44:58.0007 8432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:44:58.0038 8432 ehSched - ok
12:44:58.0166 8432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:44:58.0198 8432 elxstor - ok
12:44:58.0230 8432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:44:58.0238 8432 ErrDev - ok
12:44:58.0313 8432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:44:58.0345 8432 EventSystem - ok
12:44:58.0585 8432 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:44:58.0646 8432 EvtEng - ok
12:44:58.0816 8432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:44:58.0845 8432 exfat - ok
12:44:58.0890 8432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:44:58.0945 8432 fastfat - ok
12:44:59.0057 8432 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:44:59.0120 8432 Fax - ok
12:44:59.0139 8432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:44:59.0145 8432 fdc - ok
12:44:59.0176 8432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:44:59.0186 8432 fdPHost - ok
12:44:59.0209 8432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:44:59.0216 8432 FDResPub - ok
12:44:59.0259 8432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:44:59.0269 8432 FileInfo - ok
12:44:59.0286 8432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:44:59.0291 8432 Filetrace - ok
12:44:59.0309 8432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:59.0315 8432 flpydisk - ok
12:44:59.0376 8432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:44:59.0438 8432 FltMgr - ok
12:44:59.0559 8432 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:44:59.0662 8432 FontCache - ok
12:44:59.0745 8432 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:44:59.0794 8432 FontCache3.0.0.0 - ok
12:44:59.0894 8432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:44:59.0919 8432 FsDepends - ok
12:44:59.0957 8432 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:44:59.0998 8432 Fs_Rec - ok
12:45:00.0053 8432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:00.0111 8432 fvevol - ok
12:45:00.0135 8432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:00.0143 8432 gagp30kx - ok
12:45:00.0202 8432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:45:00.0284 8432 GEARAspiWDM - ok
12:45:00.0377 8432 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:45:00.0465 8432 GoToAssist - ok
12:45:00.0579 8432 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:00.0676 8432 gpsvc - ok
12:45:00.0811 8432 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:00.0816 8432 gupdate - ok
12:45:00.0866 8432 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:00.0869 8432 gupdatem - ok
12:45:00.0895 8432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:00.0903 8432 hcw85cir - ok
12:45:00.0980 8432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:01.0055 8432 HdAudAddService - ok
12:45:01.0099 8432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:01.0102 8432 HDAudBus - ok
12:45:01.0139 8432 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:45:01.0188 8432 HECIx64 - ok
12:45:01.0229 8432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:01.0244 8432 HidBatt - ok
12:45:01.0259 8432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:01.0267 8432 HidBth - ok
12:45:01.0288 8432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:01.0294 8432 HidIr - ok
12:45:01.0321 8432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:45:01.0328 8432 hidserv - ok
12:45:01.0376 8432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:01.0426 8432 HidUsb - ok
12:45:01.0487 8432 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:01.0564 8432 hkmsvc - ok
12:45:01.0632 8432 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:01.0685 8432 HomeGroupListener - ok
12:45:01.0734 8432 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:01.0738 8432 HomeGroupProvider - ok
12:45:01.0791 8432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:01.0832 8432 HpSAMD - ok
12:45:01.0946 8432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:02.0011 8432 HTTP - ok
12:45:02.0052 8432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:02.0082 8432 hwpolicy - ok
12:45:02.0140 8432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:02.0157 8432 i8042prt - ok
12:45:02.0259 8432 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
12:45:02.0267 8432 iaStor - ok
12:45:02.0393 8432 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:45:02.0400 8432 IAStorDataMgrSvc - ok
12:45:02.0474 8432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:02.0563 8432 iaStorV - ok
12:45:02.0652 8432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:45:02.0707 8432 IDriverT - ok
12:45:02.0843 8432 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:02.0952 8432 idsvc - ok
12:45:03.0654 8432 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:45:03.0966 8432 igfx - ok
12:45:04.0114 8432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:04.0128 8432 iirsp - ok
12:45:04.0233 8432 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:04.0303 8432 IKEEXT - ok
12:45:04.0343 8432 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:45:04.0432 8432 Impcd - ok
12:45:04.0506 8432 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:45:04.0601 8432 IntcDAud - ok
12:45:04.0631 8432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:04.0635 8432 intelide - ok
12:45:04.0692 8432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:04.0696 8432 intelppm - ok
12:45:04.0732 8432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:04.0744 8432 IPBusEnum - ok
12:45:04.0793 8432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:04.0848 8432 IpFilterDriver - ok
12:45:04.0941 8432 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:04.0961 8432 iphlpsvc - ok
12:45:05.0006 8432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:05.0045 8432 IPMIDRV - ok
12:45:05.0095 8432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:05.0111 8432 IPNAT - ok
12:45:05.0253 8432 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:45:05.0277 8432 iPod Service - ok
12:45:05.0317 8432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:05.0323 8432 IRENUM - ok
12:45:05.0364 8432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:05.0372 8432 isapnp - ok
12:45:05.0431 8432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:05.0486 8432 iScsiPrt - ok
12:45:05.0518 8432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:45:05.0526 8432 kbdclass - ok
12:45:05.0580 8432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:45:05.0642 8432 kbdhid - ok
12:45:05.0668 8432 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:05.0669 8432 KeyIso - ok
12:45:05.0692 8432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:05.0725 8432 KSecDD - ok
12:45:05.0747 8432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:05.0798 8432 KSecPkg - ok
12:45:05.0829 8432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:05.0834 8432 ksthunk - ok
12:45:05.0886 8432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:05.0905 8432 KtmRm - ok
12:45:05.0974 8432 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:45:06.0045 8432 LanmanServer - ok
12:45:06.0107 8432 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:06.0179 8432 LanmanWorkstation - ok
12:45:06.0221 8432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:06.0228 8432 lltdio - ok
12:45:06.0297 8432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:06.0317 8432 lltdsvc - ok
12:45:06.0356 8432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:06.0374 8432 lmhosts - ok
12:45:06.0508 8432 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:45:06.0524 8432 LMS - ok
12:45:06.0593 8432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:06.0611 8432 LSI_FC - ok
12:45:06.0635 8432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:06.0644 8432 LSI_SAS - ok
12:45:06.0671 8432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:06.0677 8432 LSI_SAS2 - ok
12:45:06.0689 8432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:06.0697 8432 LSI_SCSI - ok
12:45:06.0748 8432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:06.0778 8432 luafv - ok
12:45:06.0895 8432 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
12:45:06.0965 8432 McAWFwk - ok
12:45:07.0068 8432 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:45:07.0141 8432 McComponentHostService - ok
12:45:07.0246 8432 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:45:07.0252 8432 McMPFSvc - ok
12:45:07.0274 8432 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0279 8432 mcmscsvc - ok
12:45:07.0287 8432 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0290 8432 McNaiAnn - ok
12:45:07.0295 8432 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0299 8432 McNASvc - ok
12:45:07.0380 8432 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\mcafee\VirusScan\mcods.exe
12:45:07.0392 8432 McODS - ok
12:45:07.0399 8432 McOobeSv (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0403 8432 McOobeSv - ok
12:45:07.0410 8432 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0413 8432 McProxy - ok
12:45:07.0489 8432 McShield (461eabb62f1827b965f508092160eddc) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:45:07.0500 8432 McShield - ok
12:45:07.0636 8432 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:07.0678 8432 Mcx2Svc - ok
12:45:07.0754 8432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:07.0770 8432 megasas - ok
12:45:07.0810 8432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:07.0835 8432 MegaSR - ok
12:45:07.0897 8432 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
12:45:07.0900 8432 mfeapfk - ok
12:45:07.0964 8432 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
12:45:08.0028 8432 mfeavfk - ok
12:45:08.0055 8432 mfeavfk01 - ok
12:45:08.0094 8432 mfefire (dd92e94e265864306377f091b100d0d0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:45:08.0113 8432 mfefire - ok
12:45:08.0177 8432 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
12:45:08.0263 8432 mfefirek - ok
12:45:08.0357 8432 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
12:45:08.0429 8432 mfehidk - ok
12:45:08.0501 8432 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:45:08.0547 8432 mfenlfk - ok
12:45:08.0596 8432 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
12:45:08.0639 8432 mferkdet - ok
12:45:08.0662 8432 mfevtp (aecd0c9abdfdc61be31163b624c4170f) C:\Windows\system32\mfevtps.exe
12:45:08.0673 8432 mfevtp - ok
12:45:08.0727 8432 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
12:45:08.0768 8432 mfewfpk - ok
12:45:08.0850 8432 Microsoft SharePoint Workspace Audit Service - ok
12:45:08.0900 8432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:08.0904 8432 MMCSS - ok
12:45:08.0938 8432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:08.0945 8432 Modem - ok
12:45:08.0978 8432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:08.0981 8432 monitor - ok
12:45:09.0037 8432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:45:09.0045 8432 mouclass - ok
12:45:09.0079 8432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:09.0086 8432 mouhid - ok
12:45:09.0137 8432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:09.0194 8432 mountmgr - ok
12:45:09.0276 8432 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:09.0330 8432 MozillaMaintenance - ok
12:45:09.0376 8432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:09.0441 8432 mpio - ok
12:45:09.0470 8432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:09.0480 8432 mpsdrv - ok
12:45:09.0594 8432 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:09.0668 8432 MpsSvc - ok
12:45:09.0716 8432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:09.0776 8432 MRxDAV - ok
12:45:09.0825 8432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:09.0903 8432 mrxsmb - ok
12:45:09.0971 8432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:10.0088 8432 mrxsmb10 - ok
12:45:10.0133 8432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:10.0190 8432 mrxsmb20 - ok
12:45:10.0230 8432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:10.0313 8432 msahci - ok
12:45:10.0357 8432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:10.0435 8432 msdsm - ok
12:45:10.0464 8432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:10.0482 8432 MSDTC - ok
12:45:10.0531 8432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:10.0537 8432 Msfs - ok
12:45:10.0548 8432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:10.0555 8432 mshidkmdf - ok
12:45:10.0584 8432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:10.0592 8432 msisadrv - ok
12:45:10.0632 8432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:10.0648 8432 MSiSCSI - ok

12:45:10.0652 8432 msiserver - ok
12:45:10.0767 8432 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:45:10.0771 8432 MSK80Service - ok
12:45:10.0818 8432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:10.0829 8432 MSKSSRV - ok
12:45:10.0846 8432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:10.0853 8432 MSPCLOCK - ok
12:45:10.0859 8432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:10.0864 8432 MSPQM - ok
12:45:10.0948 8432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:10.0990 8432 MsRPC - ok
12:45:11.0030 8432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:11.0032 8432 mssmbios - ok
12:45:11.0058 8432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:11.0064 8432 MSTEE - ok
12:45:11.0080 8432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:11.0087 8432 MTConfig - ok
12:45:11.0106 8432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:11.0113 8432 Mup - ok
12:45:11.0221 8432 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:45:11.0231 8432 MyWiFiDHCPDNS - ok
12:45:11.0305 8432 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:11.0316 8432 napagent - ok
12:45:11.0387 8432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:11.0416 8432 NativeWifiP - ok
12:45:11.0552 8432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:11.0591 8432 NDIS - ok
12:45:11.0620 8432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:11.0628 8432 NdisCap - ok
12:45:11.0667 8432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:11.0674 8432 NdisTapi - ok
12:45:11.0716 8432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:11.0770 8432 Ndisuio - ok
12:45:11.0810 8432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:11.0870 8432 NdisWan - ok
12:45:11.0914 8432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:11.0961 8432 NDProxy - ok
12:45:11.0998 8432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:12.0012 8432 NetBIOS - ok
12:45:12.0066 8432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:12.0133 8432 NetBT - ok
12:45:12.0172 8432 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:12.0174 8432 Netlogon - ok
12:45:12.0242 8432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:12.0271 8432 Netman - ok
12:45:12.0309 8432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:12.0317 8432 netprofm - ok
12:45:12.0395 8432 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:12.0417 8432 NetTcpPortSharing - ok
12:45:12.0875 8432 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:45:13.0140 8432 NETw5s64 - ok
12:45:13.0300 8432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:13.0309 8432 nfrd960 - ok
12:45:13.0388 8432 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:13.0400 8432 NlaSvc - ok
12:45:13.0415 8432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:13.0420 8432 Npfs - ok
12:45:13.0446 8432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:13.0459 8432 nsi - ok
12:45:13.0501 8432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:13.0513 8432 nsiproxy - ok
12:45:13.0673 8432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:13.0800 8432 Ntfs - ok
12:45:13.0936 8432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:13.0949 8432 Null - ok
12:45:14.0012 8432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:14.0077 8432 nvraid - ok
12:45:14.0102 8432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:14.0142 8432 nvstor - ok
12:45:14.0176 8432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:14.0185 8432 nv_agp - ok
12:45:14.0220 8432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:14.0229 8432 ohci1394 - ok
12:45:14.0343 8432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:14.0401 8432 ose - ok
12:45:14.0760 8432 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:14.0997 8432 osppsvc - ok
12:45:15.0151 8432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:15.0162 8432 p2pimsvc - ok
12:45:15.0213 8432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:15.0244 8432 p2psvc - ok
12:45:15.0306 8432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:15.0313 8432 Parport - ok
12:45:15.0356 8432 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:15.0411 8432 partmgr - ok
12:45:15.0459 8432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:15.0491 8432 PcaSvc - ok
12:45:15.0541 8432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:15.0584 8432 pci - ok
12:45:15.0597 8432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:15.0604 8432 pciide - ok
12:45:15.0643 8432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:15.0671 8432 pcmcia - ok
12:45:15.0699 8432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:15.0704 8432 pcw - ok
12:45:15.0764 8432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:15.0784 8432 PEAUTH - ok
12:45:15.0864 8432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:15.0872 8432 PerfHost - ok
12:45:16.0037 8432 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:16.0163 8432 pla - ok
12:45:16.0273 8432 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:16.0327 8432 PlugPlay - ok
12:45:16.0357 8432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:16.0365 8432 PNRPAutoReg - ok
12:45:16.0410 8432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:16.0419 8432 PNRPsvc - ok
12:45:16.0516 8432 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:16.0597 8432 PolicyAgent - ok
12:45:16.0645 8432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:16.0653 8432 Power - ok
12:45:16.0778 8432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:16.0848 8432 PptpMiniport - ok
12:45:16.0890 8432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:16.0901 8432 Processor - ok
12:45:16.0968 8432 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:45:17.0019 8432 ProfSvc - ok
12:45:17.0060 8432 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:17.0062 8432 ProtectedStorage - ok
12:45:17.0126 8432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:17.0129 8432 Psched - ok
12:45:17.0163 8432 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:45:17.0214 8432 PxHlpa64 - ok
12:45:17.0367 8432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:17.0466 8432 ql2300 - ok
12:45:17.0607 8432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:17.0613 8432 ql40xx - ok
12:45:17.0661 8432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:17.0692 8432 QWAVE - ok
12:45:17.0714 8432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:17.0728 8432 QWAVEdrv - ok
12:45:17.0745 8432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:17.0753 8432 RasAcd - ok
12:45:17.0788 8432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:17.0794 8432 RasAgileVpn - ok
12:45:17.0828 8432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:17.0837 8432 RasAuto - ok
12:45:17.0887 8432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:17.0947 8432 Rasl2tp - ok
12:45:18.0024 8432 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:18.0079 8432 RasMan - ok
12:45:18.0111 8432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:18.0122 8432 RasPppoe - ok
12:45:18.0150 8432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:18.0156 8432 RasSstp - ok
12:45:18.0217 8432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:18.0282 8432 rdbss - ok
12:45:18.0302 8432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:18.0309 8432 rdpbus - ok
12:45:18.0343 8432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:18.0351 8432 RDPCDD - ok
12:45:18.0374 8432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:18.0380 8432 RDPENCDD - ok
12:45:18.0403 8432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:18.0408 8432 RDPREFMP - ok
12:45:18.0494 8432 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:45:18.0609 8432 RDPWD - ok
12:45:18.0703 8432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:18.0769 8432 rdyboost - ok
12:45:18.0928 8432 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:45:18.0943 8432 RegSrvc - ok
12:45:18.0989 8432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:19.0013 8432 RemoteAccess - ok
12:45:19.0044 8432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:19.0057 8432 RemoteRegistry - ok
12:45:19.0133 8432 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:19.0150 8432 RFCOMM - ok
12:45:19.0195 8432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:19.0213 8432 RpcEptMapper - ok
12:45:19.0243 8432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:19.0255 8432 RpcLocator - ok
12:45:19.0337 8432 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:19.0347 8432 RpcSs - ok
12:45:19.0395 8432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:19.0401 8432 rspndr - ok
12:45:19.0458 8432 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
12:45:19.0520 8432 RSUSBSTOR - ok
12:45:19.0560 8432 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:19.0624 8432 RTL8167 - ok
12:45:19.0661 8432 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:19.0662 8432 SamSs - ok
12:45:19.0703 8432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:19.0767 8432 sbp2port - ok
12:45:19.0812 8432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:19.0826 8432 SCardSvr - ok
12:45:19.0867 8432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:19.0931 8432 scfilter - ok
12:45:20.0045 8432 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:20.0146 8432 Schedule - ok
12:45:20.0185 8432 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:20.0186 8432 SCPolicySvc - ok
12:45:20.0213 8432 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:20.0290 8432 SDRSVC - ok
12:45:20.0348 8432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:20.0358 8432 secdrv - ok
12:45:20.0399 8432 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:20.0445 8432 seclogon - ok
12:45:20.0563 8432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:45:20.0579 8432 SENS - ok
12:45:20.0614 8432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:20.0620 8432 SensrSvc - ok
12:45:20.0639 8432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:20.0647 8432 Serenum - ok
12:45:20.0697 8432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:20.0703 8432 Serial - ok
12:45:20.0757 8432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:20.0766 8432 sermouse - ok
12:45:20.0830 8432 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:20.0864 8432 SessionEnv - ok
12:45:20.0898 8432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:20.0904 8432 sffdisk - ok
12:45:20.0930 8432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:20.0941 8432 sffp_mmc - ok
12:45:20.0951 8432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:20.0992 8432 sffp_sd - ok
12:45:21.0017 8432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:21.0022 8432 sfloppy - ok
12:45:21.0226 8432 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:45:21.0280 8432 SftService - ok
12:45:21.0573 8432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:21.0604 8432 SharedAccess - ok
12:45:21.0669 8432 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:21.0751 8432 ShellHWDetection - ok
12:45:21.0830 8432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:21.0843 8432 SiSRaid2 - ok
12:45:21.0869 8432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:21.0876 8432 SiSRaid4 - ok
12:45:21.0989 8432 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:45:22.0001 8432 SkypeUpdate - ok
12:45:22.0040 8432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:22.0063 8432 Smb - ok
12:45:22.0098 8432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:22.0106 8432 SNMPTRAP - ok
12:45:22.0123 8432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:22.0130 8432 spldr - ok
12:45:22.0210 8432 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:22.0231 8432 Spooler - ok
12:45:22.0530 8432 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:22.0622 8432 sppsvc - ok
12:45:22.0765 8432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:22.0778 8432 sppuinotify - ok
12:45:23.0020 8432 SpyHunter 4 Service (8058e740b8e05e0345388715c7b6bc74) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
12:45:23.0062 8432 SpyHunter 4 Service - ok
12:45:23.0178 8432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:23.0324 8432 srv - ok
12:45:23.0384 8432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:23.0434 8432 srv2 - ok
12:45:23.0458 8432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:23.0506 8432 srvnet - ok
12:45:23.0567 8432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:23.0586 8432 SSDPSRV - ok
12:45:23.0612 8432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:23.0625 8432 SstpSvc - ok
12:45:23.0718 8432 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
12:45:23.0733 8432 STacSV - ok
12:45:23.0760 8432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:23.0766 8432 stexstor - ok
12:45:23.0844 8432 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
12:45:23.0954 8432 STHDA - ok
12:45:24.0047 8432 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:24.0118 8432 stisvc - ok
12:45:24.0155 8432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:24.0167 8432 swenum - ok
12:45:24.0238 8432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:24.0273 8432 swprv - ok
12:45:24.0335 8432 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
12:45:24.0392 8432 SynTP - ok
12:45:24.0558 8432 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:24.0625 8432 SysMain - ok
12:45:24.0781 8432 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:24.0840 8432 TabletInputService - ok
12:45:24.0910 8432 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:24.0956 8432 TapiSrv - ok
12:45:24.0988 8432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:24.0994 8432 TBS - ok
12:45:25.0201 8432 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:25.0242 8432 Tcpip - ok
12:45:25.0513 8432 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:25.0532 8432 TCPIP6 - ok
12:45:25.0688 8432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:25.0724 8432 tcpipreg - ok
12:45:25.0756 8432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:25.0764 8432 TDPIPE - ok
12:45:25.0796 8432 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:25.0870 8432 TDTCP - ok
12:45:25.0932 8432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:25.0993 8432 tdx - ok
12:45:26.0037 8432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:45:26.0089 8432 TermDD - ok
12:45:26.0185 8432 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:26.0266 8432 TermService - ok
12:45:26.0307 8432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:26.0316 8432 Themes - ok
12:45:26.0356 8432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:26.0357 8432 THREADORDER - ok
12:45:26.0398 8432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:26.0416 8432 TrkWks - ok
12:45:26.0485 8432 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:26.0589 8432 TrustedInstaller - ok
12:45:26.0633 8432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:26.0714 8432 tssecsrv - ok
12:45:26.0769 8432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:26.0829 8432 TsUsbFlt - ok
12:45:26.0932 8432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:27.0004 8432 tunnel - ok
12:45:27.0034 8432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:27.0041 8432 uagp35 - ok
12:45:27.0093 8432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:27.0142 8432 udfs - ok
12:45:27.0176 8432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:27.0195 8432 UI0Detect - ok
12:45:27.0258 8432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:27.0269 8432 uliagpkx - ok
12:45:27.0331 8432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:45:27.0381 8432 umbus - ok
12:45:27.0403 8432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:45:27.0408 8432 UmPass - ok
12:45:27.0667 8432 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:45:27.0725 8432 UNS - ok
12:45:27.0882 8432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:27.0915 8432 upnphost - ok
12:45:28.0008 8432 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:45:28.0050 8432 USBAAPL64 - ok
12:45:28.0109 8432 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:45:28.0157 8432 usbaudio - ok
12:45:28.0199 8432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:28.0257 8432 usbccgp - ok
12:45:28.0285 8432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:28.0293 8432 usbcir - ok
12:45:28.0348 8432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:45:28.0406 8432 usbehci - ok
12:45:28.0469 8432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:28.0551 8432 usbhub - ok
12:45:28.0589 8432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:45:28.0641 8432 usbohci - ok
12:45:28.0676 8432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:28.0685 8432 usbprint - ok
12:45:28.0739 8432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:28.0790 8432 USBSTOR - ok
12:45:28.0831 8432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:45:28.0891 8432 usbuhci - ok
12:45:28.0961 8432 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:45:29.0025 8432 usbvideo - ok
12:45:29.0052 8432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:29.0058 8432 UxSms - ok
12:45:29.0105 8432 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:29.0109 8432 VaultSvc - ok
12:45:29.0173 8432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:29.0187 8432 vdrvroot - ok
12:45:29.0274 8432 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:29.0335 8432 vds - ok
12:45:29.0369 8432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:29.0379 8432 vga - ok
12:45:29.0400 8432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:29.0406 8432 VgaSave - ok
12:45:29.0460 8432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:29.0507 8432 vhdmp - ok
12:45:29.0544 8432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:29.0551 8432 viaide - ok
12:45:29.0585 8432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:29.0625 8432 volmgr - ok
12:45:29.0693 8432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:29.0771 8432 volmgrx - ok
12:45:29.0825 8432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:29.0897 8432 volsnap - ok
12:45:29.0951 8432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:29.0968 8432 vsmraid - ok
12:45:30.0133 8432 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:30.0305 8432 VSS - ok
12:45:30.0433 8432 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
12:45:30.0459 8432 vToolbarUpdater10.2.0 - ok
12:45:30.0618 8432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:45:30.0628 8432 vwifibus - ok
12:45:30.0647 8432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:45:30.0658 8432 vwififlt - ok
12:45:30.0669 8432 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:45:30.0671 8432 vwifimp - ok
12:45:30.0721 8432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:30.0751 8432 W32Time - ok
12:45:30.0773 8432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:30.0780 8432 WacomPen - ok
12:45:30.0840 8432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:30.0877 8432 WANARP - ok
12:45:30.0881 8432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:30.0883 8432 Wanarpv6 - ok
12:45:31.0057 8432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:31.0141 8432 WatAdminSvc - ok
12:45:31.0312 8432 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:31.0428 8432 wbengine - ok
12:45:31.0581 8432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:31.0605 8432 WbioSrvc - ok
12:45:31.0703 8432 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:31.0775 8432 wcncsvc - ok
12:45:31.0806 8432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:31.0812 8432 WcsPlugInService - ok
12:45:31.0887 8432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:45:31.0897 8432 Wd - ok
12:45:31.0960 8432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:32.0021 8432 Wdf01000 - ok
12:45:32.0060 8432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:32.0070 8432 WdiServiceHost - ok
12:45:32.0076 8432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:32.0079 8432 WdiSystemHost - ok
12:45:32.0133 8432 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:32.0177 8432 WebClient - ok
12:45:32.0204 8432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:32.0236 8432 Wecsvc - ok
12:45:32.0278 8432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:32.0282 8432 wercplsupport - ok
12:45:32.0296 8432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:32.0299 8432 WerSvc - ok
12:45:32.0380 8432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:32.0391 8432 WfpLwf - ok
12:45:32.0432 8432 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:45:32.0529 8432 WimFltr - ok
12:45:32.0554 8432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:32.0558 8432 WIMMount - ok
12:45:32.0588 8432 WinDefend - ok
12:45:32.0598 8432 WinHttpAutoProxySvc - ok
12:45:32.0696 8432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:32.0723 8432 Winmgmt - ok
12:45:32.0904 8432 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:33.0021 8432 WinRM - ok
12:45:33.0176 8432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:33.0234 8432 WinUsb - ok
12:45:33.0329 8432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:33.0345 8432 Wlansvc - ok
12:45:33.0424 8432 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:45:33.0477 8432 wlcrasvc - ok
12:45:33.0711 8432 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:33.0771 8432 wlidsvc - ok
12:45:33.0946 8432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:45:33.0949 8432 WmiAcpi - ok
12:45:34.0022 8432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:34.0041 8432 wmiApSrv - ok
12:45:34.0079 8432 WMPNetworkSvc - ok
12:45:34.0123 8432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:34.0130 8432 WPCSvc - ok
12:45:34.0185 8432 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:34.0234 8432 WPDBusEnum - ok
12:45:34.0261 8432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:34.0267 8432 ws2ifsl - ok
12:45:34.0294 8432 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:45:34.0298 8432 wscsvc - ok
12:45:34.0306 8432 WSearch - ok
12:45:34.0514 8432 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:45:34.0586 8432 wuauserv - ok
12:45:34.0742 8432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:34.0795 8432 WudfPf - ok
12:45:34.0861 8432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:34.0903 8432 WUDFRd - ok
12:45:34.0937 8432 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:34.0969 8432 wudfsvc - ok
12:45:35.0019 8432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:35.0046 8432 WwanSvc - ok
12:45:35.0106 8432 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:45:35.0136 8432 yukonw7 - ok
12:45:35.0237 8432 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
12:45:35.0280 8432 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:45:35.0280 8432 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:45:35.0286 8432 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
12:45:40.0727 8432 \Device\Harddisk1\DR1 - ok
12:45:40.0751 8432 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
12:45:40.0753 8432 \Device\Harddisk0\DR0\Partition0 - ok
12:45:40.0777 8432 Boot (0x1200) (efa03fb530a74c69b515d7e6f2677ada) \Device\Harddisk0\DR0\Partition1
12:45:40.0779 8432 \Device\Harddisk0\DR0\Partition1 - ok
12:45:40.0784 8432 Boot (0x1200) (3b2cbdcee422bd95123e90223f72e734) \Device\Harddisk1\DR1\Partition0
12:45:40.0786 8432 \Device\Harddisk1\DR1\Partition0 - ok
12:45:40.0787 8432 ============================================================
12:45:40.0787 8432 Scan finished
12:45:40.0787 8432 ============================================================
12:45:40.0801 2096 Detected object count: 1
12:45:40.0801 2096 Actual detected object count: 1
12:46:50.0624 2096 \Device\Harddisk0\DR0\# - copied to quarantine
12:46:50.0625 2096 \Device\Harddisk0\DR0 - copied to quarantine
12:46:50.0731 2096 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:46:50.0735 2096 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
12:46:50.0739 2096 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
12:46:50.0743 2096 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
12:46:50.0747 2096 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
12:46:50.0753 2096 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
12:46:50.0757 2096 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
12:46:50.0760 2096 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
12:46:50.0762 2096 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
12:46:50.0811 2096 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:46:50.0825 2096 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:46:50.0834 2096 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:46:50.0845 2096 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:46:50.0853 2096 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
12:46:50.0865 2096 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
12:46:50.0876 2096 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
12:46:50.0880 2096 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
12:46:50.0900 2096 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
12:46:50.0914 2096 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
12:46:50.0921 2096 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
12:46:50.0998 2096 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
12:46:51.0020 2096 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
12:46:51.0024 2096 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
12:46:51.0200 2096 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
12:46:51.0203 2096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
12:46:51.0211 2096 \Device\Harddisk0\DR0 - ok
12:46:51.0449 2096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
12:47:42.0707 10184 Deinitialize success

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-21 13:01:41
-----------------------------
13:01:41.771 OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:41.771 Number of processors: 4 586 0x2505
13:01:41.773 ComputerName: JOESLAPTOP UserName: Joe
13:01:44.871 Initialize success
13:02:10.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:02:10.934 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:02:10.951 Disk 0 MBR read successfully
13:02:10.953 Disk 0 MBR scan
13:02:10.956 Disk 0 Windows 7 default MBR code
13:02:10.963 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
13:02:10.975 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
13:02:10.990 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461829 MB offset 30926848
13:02:11.004 Disk 0 scanning C:\Windows\system32\drivers
13:02:31.081 Service scanning
13:03:50.132 Modules scanning
13:03:50.141 Disk 0 trace - called modules:
13:03:50.158 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:03:50.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c3e060]
13:03:50.495 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800498a050]
13:03:50.501 Scan finished successfully
13:05:24.800 Verifying
13:05:34.823 Disk 0 Windows 601 MBR fixed successfully
13:05:44.254 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Downloads\MBR.dat"
13:05:44.258 The log file has been saved successfully to "C:\Users\Joe\Downloads\aswMBRlog.txt"

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 181):
0x03405000 \SystemRoot\system32\ntoskrnl.exe
0x039ED000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00C18000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C67000 \SystemRoot\system32\PSHED.dll
0x00C7B000 \SystemRoot\system32\CLFS.SYS
0x00CD9000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EB3000 \SystemRoot\system32\drivers\ACPI.sys
0x00F0A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F13000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F1D000 \SystemRoot\system32\drivers\pci.sys
0x00F50000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F5D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F72000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F87000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D99000 \SystemRoot\System32\drivers\mountmgr.sys
0x01013000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0121D000 \SystemRoot\system32\drivers\atapi.sys
0x01226000 \SystemRoot\system32\drivers\ataport.SYS
0x01250000 \SystemRoot\system32\drivers\msahci.sys
0x0125B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0126B000 \SystemRoot\system32\drivers\amdxata.sys
0x01276000 \SystemRoot\system32\drivers\fltmgr.sys
0x012C2000 \SystemRoot\system32\drivers\fileinfo.sys
0x012D6000 \SystemRoot\system32\drivers\mfehidk.sys
0x01355000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01428000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01362000 \SystemRoot\System32\Drivers\msrpc.sys
0x015CB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016AF000 \SystemRoot\System32\Drivers\cng.sys
0x01721000 \SystemRoot\System32\drivers\pcw.sys
0x01732000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01865000 \SystemRoot\system32\drivers\ndis.sys
0x01958000 \SystemRoot\system32\drivers\NETIO.SYS
0x019B8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01AC3000 \SystemRoot\System32\drivers\tcpip.sys
0x01CC6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01D10000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01D54000 \SystemRoot\system32\drivers\TDI.SYS
0x01D61000 \SystemRoot\system32\drivers\volsnap.sys
0x01DAD000 \SystemRoot\System32\Drivers\spldr.sys
0x01DB5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01A00000 \SystemRoot\System32\Drivers\mup.sys
0x01A12000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A1B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A55000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A6B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A9B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01AA7000 \SystemRoot\system32\DRIVERS\avgidsha.sys
0x044FA000 \SystemRoot\system32\drivers\cdrom.sys
0x04524000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x04534000 \SystemRoot\System32\Drivers\Null.SYS
0x0453D000 \SystemRoot\System32\Drivers\Beep.SYS
0x04544000 \SystemRoot\System32\drivers\vga.sys
0x04552000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04577000 \SystemRoot\System32\drivers\watchdog.sys
0x04587000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04590000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04599000 \SystemRoot\system32\drivers\rdprefmp.sys
0x045A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x045AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x045BE000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x045CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04200000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x04261000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0173C000 \SystemRoot\system32\drivers\afd.sys
0x042A6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x019E3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x045EF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x01DEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01800000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0181B000 \SystemRoot\system32\drivers\termdd.sys
0x01600000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0182F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0183B000 \SystemRoot\system32\drivers\mssmbios.sys
0x01846000 \SystemRoot\System32\drivers\discache.sys
0x01651000 \SystemRoot\System32\Drivers\dfsc.sys
0x0166F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x01680000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C6E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0568D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05781000 \SystemRoot\System32\drivers\dxgmms1.sys
0x057C7000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x057D8000 \SystemRoot\system32\drivers\usbehci.sys
0x04C00000 \SystemRoot\system32\drivers\USBPORT.SYS
0x017C5000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05A24000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06184000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x061E2000 \SystemRoot\system32\drivers\i8042prt.sys
0x0305C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x030AB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x030AD000 \SystemRoot\system32\drivers\mouclass.sys
0x030BC000 \SystemRoot\system32\drivers\kbdclass.sys
0x030CB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x030D8000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x030FF000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03108000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0310D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03123000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03133000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03149000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0316D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03179000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031FE000 \SystemRoot\system32\drivers\swenum.sys
0x03000000 \SystemRoot\system32\drivers\ks.sys
0x03043000 \SystemRoot\system32\drivers\umbus.sys
0x048B2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0490C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04921000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x049A3000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04800000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04822000 \SystemRoot\system32\drivers\ksthunk.sys
0x04828000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x04873000 \SystemRoot\system32\drivers\mfeavfk.sys
0x07E4B000 \SystemRoot\system32\drivers\mfefirek.sys
0x07EB5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07ED2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07EED000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07F0A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07F38000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x07F63000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07F71000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07F8A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07F93000 \SystemRoot\system32\drivers\kbdhid.sys
0x07FA1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07FAE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07FE4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x042D5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x07E13000 \SystemRoot\System32\drivers\Dxapi.sys
0x07E1F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x05A00000 \SystemRoot\system32\drivers\luafv.sys
0x06191000 \SystemRoot\system32\drivers\WudfPf.sys
0x07E2D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0283C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0288F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x028A2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x028BA000 \SystemRoot\system32\drivers\HTTP.sys
0x02983000 \SystemRoot\system32\DRIVERS\bowser.sys
0x029A1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x029B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02C74000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02CC2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02CE6000 \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
0x02CF1000 \SystemRoot\system32\drivers\peauth.sys
0x02D97000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02DA2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02DD3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02C00000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
0x02C2C000 \SystemRoot\system32\drivers\btusbflt.sys
0x02C3C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04AEB000 \SystemRoot\System32\Drivers\bthport.sys
0x04B77000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04BA3000 \SystemRoot\system32\drivers\BthEnum.sys
0x04BB3000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x04A00000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x066B9000 \SystemRoot\system32\drivers\btwaudio.sys
0x0673F000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0674B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0674F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x06759000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv.sys
0x06698000 \SystemRoot\system32\drivers\cfwids.sys
0x067C2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x04A7B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x066A6000 \??\C:\Users\Joe\AppData\Local\Temp\aswMBR.sys
0x77920000 \Windows\System32\ntdll.dll
0x47F60000 \Windows\System32\smss.exe
0xFFC40000 \Windows\System32\apisetschema.dll

Processes (total 110):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
504 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
584 csrss.exe
632 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
908 csrss.exe
920 C:\Windows\System32\wininit.exe
976 C:\Windows\System32\services.exe
1004 C:\Windows\System32\winlogon.exe
128 C:\Windows\System32\lsass.exe
232 C:\Windows\System32\lsm.exe
568 C:\Windows\System32\svchost.exe
912 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
120 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1236 C:\Program Files\IDT\WDM\stacsv64.exe
1300 C:\Windows\System32\audiodg.exe
1376 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\wlanext.exe
1596 C:\Windows\System32\conhost.exe
1680 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1824 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1848 C:\Program Files\IDT\WDM\AESTSr64.exe
1880 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1920 C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
1968 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1996 C:\Program Files\Bonjour\mDNSResponder.exe
2036 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1460 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1152 C:\Windows\System32\mfevtps.exe
2084 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2148 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2224 C:\Windows\System32\svchost.exe
2288 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2408 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2516 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2656 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2776 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2888 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2928 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
3032 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
3116 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
3148 unsecapp.exe
3380 WmiPrvSE.exe
3956 WUDFHost.exe
4048 C:\Windows\System32\svchost.exe
2716 C:\Windows\System32\svchost.exe
3944 C:\Windows\System32\taskeng.exe
4136 C:\Windows\System32\taskhost.exe
4228 C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
4236 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
4244 C:\Windows\System32\dwm.exe
4268 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
4280 C:\Windows\explorer.exe
4712 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
4808 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
5196 C:\Windows\System32\igfxtray.exe
5216 C:\Windows\System32\hkcmd.exe
5236 C:\Windows\System32\igfxpers.exe
5244 C:\Program Files\IDT\WDM\sttray64.exe
5368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5532 C:\Program Files\Dell\QuickSet\quickset.exe
5656 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
6000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6112 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
1584 C:\Windows\System32\SearchIndexer.exe
2208 C:\Program Files\Windows Media Player\wmpnetwk.exe
6284 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
6380 C:\Windows\System32\svchost.exe
6444 C:\Windows\System32\wbem\unsecapp.exe
5628 C:\Program Files (x86)\ooVoo\ooVoo.exe
5380 C:\Program Files\Windows Sidebar\sidebar.exe
5792 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
5956 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
6556 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2584 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
6832 C:\Windows\System32\conhost.exe
1940 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
6552 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
7036 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3964 C:\Program Files\mcafee.com\agent\mcagent.exe
7112 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
6232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
7248 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
7272 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
7280 C:\Program Files (x86)\AVG Secure Search\vprot.exe
7328 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
7356 C:\Program Files\iPod\bin\iPodService.exe
4516 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
5640 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
4732 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3288 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
7192 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
8688 C:\Windows\System32\wuauclt.exe
6480 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6456 C:\Windows\System32\taskeng.exe
7200 C:\Windows\System32\SearchProtocolHost.exe
6784 C:\Windows\System32\SearchFilterHost.exe
8036
8516 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
2600 dllhost.exe
6980 dllhost.exe
8352 C:\Users\Joe\Downloads\MBRCheck(1).exe
7256 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Ok. We have the MBR fixed. Let's see what's left over.

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
*******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOESLAPTOP [administrator]

5/21/2012 4:25:25 PM
mbam-log-2012-05-21 (16-25-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212330
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/21/2012 at 05:04 PM

Application Version : 5.0.1150

Core Rules Database Version : 8629
Trace Rules Database Version: 6441

Scan type : Quick Scan
Total Scan Time : 00:06:39

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 54780
Registry threats detected : 0
File items scanned : 11434
File threats detected : 221

Adware.Tracking Cookie
.clickbank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
www.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
www.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.twctsg.122.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
www.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.care2.112.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2JPIOIBL.txt [ /nextag.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\TBO90LHL.txt [ /advertising.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\DDVT7T1J.txt [ /eyeviewads.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\MIIG5RKQ.txt [ /mediaforge.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\444BPR4M.txt [ /ad.yieldmanager.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AUFYW8MW.txt [ /tacoda.at.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\3E8HVPYW.txt [ /click.expandsearchanswers.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\9ZAFC3TQ.txt [ /collective-media.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CL77P2SG.txt [ /ad.wsod.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\BZMO23W9.txt [ /at.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GVHE3YLY.txt [ /www.burstnet.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IU66DA13.txt [ /server.cpmstar.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Y5YRSVH3.txt [ /www.networkadvertising.org ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\4WBZUF1H.txt [ /yellowpages.112.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SZ68NIX7.txt [ /gsimedia.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EQT743BZ.txt [ /insightexpressai.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\UMV241YB.txt [ /c.atdmt.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\B65W62G4.txt [ /statcounter.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\MHM1D2FK.txt [ /ads.financialcontent.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\N0WGMG8T.txt [ /crackle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6NCD00C5.txt [ /apmebf.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IKRR80RT.txt [ /liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\7KZI3BVT.txt [ /imrworldwide.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\V3NXCAES.txt [ /intermundomedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SBFB9Q62.txt [ /pro-market.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\KE3MSVPR.txt [ /trafficmp.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PV59QGOX.txt [ /statse.webtrendslive.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SJCWVVM1.txt [ /rotator.adjuggler.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\S873X5JX.txt [ /specificclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\E6MXD0BA.txt [ /interclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CSPG8140.txt [ /1sadx.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\INM0TGYN.txt [ /traveladvertising.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\DTL68LDT.txt [ /click.scour.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5AOAKGCH.txt [ /ads.intergi.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\7UC5ZWQ6.txt [ /ad.360yield.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\X8XDL0AQ.txt [ /doubleclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\W3G3HIZ9.txt [ /mediaplex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GB6883VU.txt [ /clickbank.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\H55H7F4I.txt [ /media6degrees.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\K2S22D3Q.txt [ /adserver.adtechus.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RER2YXE2.txt [ /247realmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\A6YQUV33.txt [ /legolas-media.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5E5HIXGY.txt [ /serving-sys.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8UREI6VH.txt [ /mediadecoder.blogs.nytimes.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IZ3POS7U.txt [ /adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6TM1SVNR.txt [ /revsci.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VQB7MY5W.txt [ /adfarm1.adition.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AEK6P8XI.txt [ /help.adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8ZXZUOAA.txt [ /clickbank.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\BM3DILZW.txt [ /lfstmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\O19YG62R.txt [ /dealtime.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\HE2T3CK3.txt [ /bs.serving-sys.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Q0RT7DXK.txt [ /kontera.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VN4RZNGM.txt [ /microsoftwindowsmobile.122.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\3FXQG5LY.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PSSWB44F.txt [ /media.adfrontiers.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\UG1234YI.txt [ /yieldmanager.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\4A9MG503.txt [ /liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z9Y4LF2U.txt [ /atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XBPWDNAJ.txt [ /clickfuse.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\KPCEEM9O.txt [ /atdmt.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5VI4T5RL.txt [ /pointroll.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\N5K7WTZC.txt [ /ads.pubmatic.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GTXF0R7B.txt [ /realmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PIKG8COZ.txt [ /accounts.google.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\QJIT5XWC.txt [ /tribalfusion.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\ITND3KH5.txt [ /invitemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XL6FL0S6.txt [ /ru4.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\WMPAEPOX.txt [ /zedo.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PA9EALWI.txt [ /www.crackle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AW171N1X.txt [ /ads.pointroll.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\K1R2AAYW.txt [ /indieclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\1CW8IJAS.txt [ /fastclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\YBBY3077.txt [ /questionmarket.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\FMC6A54L.txt [ /ads.undertone.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EL16PFE2.txt [ /casalemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RXIJRC6F.txt [ /lucidmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6IMNAAH1.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IFGOB2Q0.txt [ /www.adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VDDTTU9U.txt [ /adxpose.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\YGMQZA40.txt [ /ar.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CO1OBKGN.txt [ /technoratimedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LJW83PN3.txt [ /pulse-analytics-beacon.reutersmedia.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\QRP5C242.txt [ /burstnet.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\H8G55QWW.txt [ /server.iad.liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\TYMBB9IQ.txt [ /traffic.prod.cobaltgroup.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2J8OLJLC.txt [ /2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SCHNVJLX.txt [ /jpmcedufin.112.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z8BS2AW8.txt [ /counter.surfcounters.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RODK3NF8.txt [ /123findacar.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XYR1W16U.txt [ /kanoodle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\P3T2XFHF.txt [ /a1.interclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\D4GO5I8T.txt [ /solvemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\NQQY6UY0.txt [ /optimize.indieclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z3GIYTVP.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LSM12OAA.txt [ /www.bizrate.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\9VQKDMNZ.txt [ /dc.tremormedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EN6R6TUC.txt [ /media2.legacy.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2FEI4O4Z.txt [ /bizrate.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\C9B07PMG.txt [ /stat.dealtime.com ]
C:\USERS\JOE\Cookies\2JPIOIBL.txt [ Cookie:joe@nextag.com/ ]
C:\USERS\JOE\Cookies\TBO90LHL.txt [ Cookie:joe@advertising.com/ ]
C:\USERS\JOE\Cookies\MIIG5RKQ.txt [ Cookie:joe@mediaforge.com/ ]
C:\USERS\JOE\Cookies\444BPR4M.txt [ Cookie:joe@ad.yieldmanager.com/ ]
C:\USERS\JOE\Cookies\AUFYW8MW.txt [ Cookie:joe@tacoda.at.atwola.com/ ]
C:\USERS\JOE\Cookies\3E8HVPYW.txt [ Cookie:joe@click.expandsearchanswers.com/ads-clicktrack/click/ ]
C:\USERS\JOE\Cookies\9ZAFC3TQ.txt [ Cookie:joe@collective-media.net/ ]
C:\USERS\JOE\Cookies\BZMO23W9.txt [ Cookie:joe@at.atwola.com/ ]
C:\USERS\JOE\Cookies\GVHE3YLY.txt [ Cookie:joe@www.burstnet.com/ ]
C:\USERS\JOE\Cookies\IU66DA13.txt [ Cookie:joe@server.cpmstar.com/ ]
C:\USERS\JOE\Cookies\Y5YRSVH3.txt [ Cookie:joe@www.networkadvertising.org/ ]
C:\USERS\JOE\Cookies\4WBZUF1H.txt [ Cookie:joe@yellowpages.112.2o7.net/ ]
C:\USERS\JOE\Cookies\SZ68NIX7.txt [ Cookie:joe@gsimedia.net/ ]
C:\USERS\JOE\Cookies\UMV241YB.txt [ Cookie:joe@c.atdmt.com/ ]
C:\USERS\JOE\Cookies\B65W62G4.txt [ Cookie:joe@statcounter.com/ ]
C:\USERS\JOE\Cookies\6NCD00C5.txt [ Cookie:joe@apmebf.com/ ]
C:\USERS\JOE\Cookies\7KZI3BVT.txt [ Cookie:joe@imrworldwide.com/cgi-bin ]
C:\USERS\JOE\Cookies\V3NXCAES.txt [ Cookie:joe@intermundomedia.com/ ]
C:\USERS\JOE\Cookies\SBFB9Q62.txt [ Cookie:joe@pro-market.net/ ]
C:\USERS\JOE\Cookies\KE3MSVPR.txt [ Cookie:joe@trafficmp.com/ ]
C:\USERS\JOE\Cookies\SJCWVVM1.txt [ Cookie:joe@rotator.adjuggler.com/ ]
C:\USERS\JOE\Cookies\E6MXD0BA.txt [ Cookie:joe@interclick.com/ ]
C:\USERS\JOE\Cookies\CSPG8140.txt [ Cookie:joe@1sadx.net/ ]
C:\USERS\JOE\Cookies\INM0TGYN.txt [ Cookie:joe@traveladvertising.com/ ]
C:\USERS\JOE\Cookies\DTL68LDT.txt [ Cookie:joe@click.scour.com/ads-clicktrack/click/ ]
C:\USERS\JOE\Cookies\X8XDL0AQ.txt [ Cookie:joe@doubleclick.net/ ]
C:\USERS\JOE\Cookies\W3G3HIZ9.txt [ Cookie:joe@mediaplex.com/ ]
C:\USERS\JOE\Cookies\H55H7F4I.txt [ Cookie:joe@media6degrees.com/ ]
C:\USERS\JOE\Cookies\K2S22D3Q.txt [ Cookie:joe@adserver.adtechus.com/ ]
C:\USERS\JOE\Cookies\RER2YXE2.txt [ Cookie:joe@247realmedia.com/ ]
C:\USERS\JOE\Cookies\IZ3POS7U.txt [ Cookie:joe@adbrite.com/ ]
C:\USERS\JOE\Cookies\6TM1SVNR.txt [ Cookie:joe@revsci.net/ ]
C:\USERS\JOE\Cookies\VQB7MY5W.txt [ Cookie:joe@adfarm1.adition.com/ ]
C:\USERS\JOE\Cookies\AEK6P8XI.txt [ Cookie:joe@help.adbrite.com/ ]
C:\USERS\JOE\Cookies\BM3DILZW.txt [ Cookie:joe@lfstmedia.com/ ]
C:\USERS\JOE\Cookies\O19YG62R.txt [ Cookie:joe@dealtime.com/ ]
C:\USERS\JOE\Cookies\3FXQG5LY.txt [ Cookie:joe@mediaservices-d.openxenterprise.com/ ]
C:\USERS\JOE\Cookies\PSSWB44F.txt [ Cookie:joe@media.adfrontiers.com/ ]
C:\USERS\JOE\Cookies\UG1234YI.txt [ Cookie:joe@yieldmanager.net/ ]
C:\USERS\JOE\Cookies\Z9Y4LF2U.txt [ Cookie:joe@atwola.com/ ]
C:\USERS\JOE\Cookies\XBPWDNAJ.txt [ Cookie:joe@clickfuse.com/ ]
C:\USERS\JOE\Cookies\KPCEEM9O.txt [ Cookie:joe@atdmt.com/ ]
C:\USERS\JOE\Cookies\5VI4T5RL.txt [ Cookie:joe@pointroll.com/ ]
C:\USERS\JOE\Cookies\GTXF0R7B.txt [ Cookie:joe@realmedia.com/ ]
C:\USERS\JOE\Cookies\PIKG8COZ.txt [ Cookie:joe@accounts.google.com/ ]
C:\USERS\JOE\Cookies\QJIT5XWC.txt [ Cookie:joe@tribalfusion.com/ ]
C:\USERS\JOE\Cookies\ITND3KH5.txt [ Cookie:joe@invitemedia.com/ ]
C:\USERS\JOE\Cookies\XL6FL0S6.txt [ Cookie:joe@ru4.com/ ]
C:\USERS\JOE\Cookies\PA9EALWI.txt [ Cookie:joe@www.crackle.com/ ]
C:\USERS\JOE\Cookies\K1R2AAYW.txt [ Cookie:joe@indieclick.com/ ]
C:\USERS\JOE\Cookies\1CW8IJAS.txt [ Cookie:joe@fastclick.net/ ]
C:\USERS\JOE\Cookies\YBBY3077.txt [ Cookie:joe@questionmarket.com/ ]
C:\USERS\JOE\Cookies\EL16PFE2.txt [ Cookie:joe@casalemedia.com/ ]
C:\USERS\JOE\Cookies\RXIJRC6F.txt [ Cookie:joe@lucidmedia.com/ ]
C:\USERS\JOE\Cookies\IFGOB2Q0.txt [ Cookie:joe@www.adbrite.com/ ]
C:\USERS\JOE\Cookies\VDDTTU9U.txt [ Cookie:joe@adxpose.com/ ]
C:\USERS\JOE\Cookies\YGMQZA40.txt [ Cookie:joe@ar.atwola.com/ ]
C:\USERS\JOE\Cookies\CO1OBKGN.txt [ Cookie:joe@technoratimedia.com/ ]
C:\USERS\JOE\Cookies\LJW83PN3.txt [ Cookie:joe@pulse-analytics-beacon.reutersmedia.net/ ]
C:\USERS\JOE\Cookies\QRP5C242.txt [ Cookie:joe@burstnet.com/ ]
C:\USERS\JOE\Cookies\TYMBB9IQ.txt [ Cookie:joe@traffic.prod.cobaltgroup.com/ ]
C:\USERS\JOE\Cookies\2J8OLJLC.txt [ Cookie:joe@2o7.net/ ]
C:\USERS\JOE\Cookies\SCHNVJLX.txt [ Cookie:joe@jpmcedufin.112.2o7.net/ ]
C:\USERS\JOE\Cookies\Z8BS2AW8.txt [ Cookie:joe@counter.surfcounters.com/ ]
C:\USERS\JOE\Cookies\RODK3NF8.txt [ Cookie:joe@123findacar.com/ ]
C:\USERS\JOE\Cookies\XYR1W16U.txt [ Cookie:joe@kanoodle.com/ ]
C:\USERS\JOE\Cookies\P3T2XFHF.txt [ Cookie:joe@a1.interclick.com/ ]
C:\USERS\JOE\Cookies\NQQY6UY0.txt [ Cookie:joe@optimize.indieclick.com/ ]
C:\USERS\JOE\Cookies\Z3GIYTVP.txt [ Cookie:joe@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\JOE\Cookies\LSM12OAA.txt [ Cookie:joe@www.bizrate.com/ ]
C:\USERS\JOE\Cookies\9VQKDMNZ.txt [ Cookie:joe@dc.tremormedia.com/ ]
C:\USERS\JOE\Cookies\EN6R6TUC.txt [ Cookie:joe@media2.legacy.com/ ]
C:\USERS\JOE\Cookies\2FEI4O4Z.txt [ Cookie:joe@bizrate.com/ ]
C:\USERS\JOE\Cookies\C9B07PMG.txt [ Cookie:joe@stat.dealtime.com/ ]

ComboFix 12-05-21.06 - Joe 05/21/2012 17:26:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2482 [GMT -10:00]
Running from: c:\users\Joe\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 03:37 . 2012-05-22 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\users\Joe\AppData\Roaming\SUPERAntiSpyware.com
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-21 22:46 . 2012-05-21 22:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\programdata\Malwarebytes
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\IconF7A21AF7.exe
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\IconD7F16134.exe
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\Icon5B4E0377.exe
2012-05-20 08:21 . 2012-05-20 08:22 -------- d-----w- c:\windows\262AA9BFD1474349AA26E6254EE5B896.TMP
2012-05-20 07:47 . 2012-05-20 08:22 -------- d-----w- C:\sh4ldr
2012-05-20 07:47 . 2012-05-20 07:47 -------- d-----w- c:\program files\Enigma Software Group
2012-05-20 07:46 . 2012-05-20 08:22 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-20 07:46 . 2012-05-20 08:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-20 04:30 . 2012-05-20 04:30 -------- d-----w- c:\users\Joe\AppData\Roaming\SpeedyPC Software
2012-05-20 04:30 . 2012-05-20 04:30 -------- d-----w- c:\users\Joe\AppData\Roaming\DriverCure
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-05-11 05:36 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 05:36 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 05:36 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 05:36 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 05:36 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 05:36 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 05:35 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 05:35 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 05:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 05:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 05:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-30 23:44 . 2012-05-20 22:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-28 03:23 . 2012-04-28 03:23 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-04-28 03:23 . 2012-04-28 03:23 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 22:42 . 2012-04-02 21:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 22:42 . 2011-05-19 04:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:53 . 2012-04-02 21:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 14:50 . 2012-04-19 14:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-31 03:30 . 2011-04-21 18:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-19 15:17 . 2012-03-19 15:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-09 04:50 . 2012-03-09 04:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-09 04:37 . 2012-03-09 04:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15 . 2011-04-13 00:49 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-01 07:55 . 2012-03-01 07:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 06:46 . 2012-04-12 18:31 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 18:31 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 18:31 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 18:31 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 18:31 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 18:31 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 18:31 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 18:39 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 18:39 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 18:39 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 18:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 18:39 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 18:39 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 18:39 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 18:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 15:25 . 2012-02-22 15:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files (x86)\Download_Energy\tbDown.dll" [2010-05-21 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-15 01:27 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-05-21 01:35 2675296 ----a-w- c:\program files (x86)\Download_Energy\tbDown.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files (x86)\Download_Energy\tbDown.dll" [2010-05-21 2675296]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-08 22465104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-25 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-15 982880]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-15 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:42]
.
2012-05-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000Core.job
- c:\users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 06:08]
.
2012-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000UA.job
- c:\users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 06:08]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 16:44]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 16:44]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=109980&babsrc=HP_ss&mntrId=7c4e86d40000000000008ca9824bb3db
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C40F11FF-8CEE-433F-A4A4-425A42D72CF9}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B95192435-67f7-411a-ab34-a9237972ce70%7D&mid=6d73713ab8aa47d0a89e4149080c4e7d-564777995d76de436003235c2e7e172e849452e3&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-14%2015%3A27%3A35&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000008ca9824bb3db
FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000008ca9824bb3db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-21 17:41:37
ComboFix-quarantined-files.txt 2012-05-22 03:41
.
Pre-Run: 405,259,784,192 bytes free
Post-Run: 405,216,780,288 bytes free
.
- - End Of File - - 9C07F7FE72D8545D3942D509A91A75EB

The log shows that you're running two AV programs and two Firewalls. One of each will have to be disabled/removed. AVG Internet Security 2012, McAfee Anti-Virus and Anti-Spyware ,AVG Internet Security 2012 and McAfee Firewall

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

I disabled Mcafee this time
ComboFix 12-05-23.06 - Joe 05/23/2012 21:39:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2410 [GMT -10:00]
Running from: c:\users\Joe\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 07:50 . 2012-05-24 07:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 13:01 . 2012-05-22 13:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-22 13:01 . 2012-05-22 13:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\users\Joe\AppData\Roaming\SUPERAntiSpyware.com
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-22 02:55 . 2012-05-22 02:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-21 22:46 . 2012-05-21 22:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\programdata\Malwarebytes
2012-05-20 20:21 . 2012-05-20 20:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\IconF7A21AF7.exe
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\IconD7F16134.exe
2012-05-20 08:22 . 2012-05-20 08:22 110080 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{262AA9BF-D147-4349-AA26-E6254EE5B896}\Icon5B4E0377.exe
2012-05-20 08:21 . 2012-05-20 08:22 -------- d-----w- c:\windows\262AA9BFD1474349AA26E6254EE5B896.TMP
2012-05-20 07:47 . 2012-05-20 08:22 -------- d-----w- C:\sh4ldr
2012-05-20 07:47 . 2012-05-20 07:47 -------- d-----w- c:\program files\Enigma Software Group
2012-05-20 07:46 . 2012-05-20 08:22 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-20 07:46 . 2012-05-20 08:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-20 04:30 . 2012-05-20 04:30 -------- d-----w- c:\users\Joe\AppData\Roaming\SpeedyPC Software
2012-05-20 04:30 . 2012-05-20 04:30 -------- d-----w- c:\users\Joe\AppData\Roaming\DriverCure
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-05-20 04:29 . 2012-05-20 04:29 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-05-11 05:36 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 05:36 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 05:36 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 05:36 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 05:36 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 05:36 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 05:35 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 05:35 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 05:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 05:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 05:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-30 23:44 . 2012-05-20 22:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-28 03:23 . 2012-04-28 03:23 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-04-28 03:23 . 2012-04-28 03:23 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 22:42 . 2012-04-02 21:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 22:42 . 2011-05-19 04:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:53 . 2012-04-02 21:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 14:50 . 2012-04-19 14:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-31 03:30 . 2011-04-21 18:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-19 15:17 . 2012-03-19 15:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-09 04:50 . 2012-03-09 04:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-09 04:37 . 2012-03-09 04:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15 . 2011-04-13 00:49 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-01 07:55 . 2012-03-01 07:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 06:46 . 2012-04-12 18:31 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 18:31 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 18:31 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 18:31 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 18:31 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 18:31 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 18:31 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 18:39 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 18:39 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 18:39 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 18:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 18:39 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 18:39 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 18:39 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 18:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-22_03.37.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-21 01:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-22 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-21 01:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 03:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 01:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-24 07:31 43492 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-13 00:06 . 2012-05-24 07:31 12232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-262397556-2078716270-3374882982-1000_UserData.bin
+ 2011-04-12 23:56 . 2012-05-24 07:29 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-12 23:56 . 2012-05-22 03:25 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 23:56 . 2012-05-24 07:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-12 23:56 . 2012-05-22 03:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 03:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-24 07:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 14:55 . 2012-04-11 14:55 41472 c:\windows\Installer\21feaf5.msi
- 2012-05-22 03:07 . 2012-05-22 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-24 07:29 . 2012-05-24 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-24 07:29 . 2012-05-24 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-22 03:07 . 2012-05-22 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-13 06:01 . 2012-05-23 14:35 460812 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-05-24 07:27 385696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-22 03:06 385696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-28 07:18 . 2012-05-20 01:57 1573428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-262397556-2078716270-3374882982-1000-12288.dat
+ 2011-04-28 07:18 . 2012-05-24 07:27 1573428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-262397556-2078716270-3374882982-1000-12288.dat
+ 2011-04-15 07:19 . 2012-05-24 07:27 44000644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-262397556-2078716270-3374882982-1000-8192.dat
+ 2012-05-22 13:01 . 2012-05-22 13:01 53217792 c:\windows\Installer\21feafc.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files (x86)\Download_Energy\tbDown.dll" [2010-05-21 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-15 01:27 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-05-21 01:35 2675296 ----a-w- c:\program files (x86)\Download_Energy\tbDown.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files (x86)\Download_Energy\tbDown.dll" [2010-05-21 2675296]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-08 22465104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-25 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-15 982880]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-15 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:42]
.
2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000Core.job
- c:\users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 06:08]
.
2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000UA.job
- c:\users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 06:08]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 16:44]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 16:44]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-20 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=109980&babsrc=HP_ss&mntrId=7c4e86d40000000000008ca9824bb3db
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C40F11FF-8CEE-433F-A4A4-425A42D72CF9}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B95192435-67f7-411a-ab34-a9237972ce70%7D&mid=6d73713ab8aa47d0a89e4149080c4e7d-564777995d76de436003235c2e7e172e849452e3&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-14%2015%3A27%3A35&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000008ca9824bb3db
FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000008ca9824bb3db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 21:53:27
ComboFix-quarantined-files.txt 2012-05-24 07:53
ComboFix2.txt 2012-05-22 03:41
.
Pre-Run: 402,827,554,816 bytes free
Post-Run: 402,547,564,544 bytes free
.
- - End Of File - - BD4EAF4DD425F08C6A9F1B716B85B223

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 13.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:451 Go - Free:375 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 21:56.32
Path : C:\Users\Joe\Downloads\Rooter.exe
User : Joe ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (348)
Locked csrss.exe (584)
Locked wininit.exe (904)
Locked csrss.exe (932)

Results of screen317's Security Check version 0.99.36
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes Anti-Malware version 1.61.0.1400
AVG PC Tuneup
Java(TM) 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

P.S. I still have my AVG and Mcafee disabled while running security check if that's ok.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************
How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 24 18:38:14 2012

There was an error removing C:\Program Files (x86)\Java\jre6. The error returned was 120.

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_23

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 24 18:38:30 2012

There was an error removing C:\Program Files (x86)\Java\jre6. The error returned was 120.

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 24 18:39:05 2012

There was an error removing C:\Program Files (x86)\Java\jre6. The error returned was 120.

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 24 18:40:40 2012

There was an error removing C:\Program Files (x86)\Java\jre6. The error returned was 120.

------------------------------------

Finished reporting.

my computer is running better. For instance, it is not redirecting me to websites. But there are a few knicks...for instance I cannot change my desktop background. here is the online scan log:
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.05.2012_12.44.33\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.05.2012_12.44.33\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.05.2012_12.44.33\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.05.2012_12.44.33\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.05.2012_12.44.33\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\Users\Joe\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120414155714522.rsc multiple threats deleted - quarantined
C:\Users\Joe\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120519150906295.rsc multiple threats deleted - quarantined
C:\Users\Joe\Downloads\aviplayer-setup-win32.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Joe\Downloads\TDSetup.exe a variant of Win32/SoGeInstaller application cleaned by deleting - quarantined

for instance I cannot change my desktop background.

What happens when you try to change it? Please take a look at this link to see if it helps.

I don't know which option to choose from.

jcarp wrote:

I don't know which option to choose from.

The only thing I can suggest is to try all of the options.

We should do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

OTL.exe is gone for some reason. It is no longer on my desktop.

jcarp wrote:

OTL.exe is gone for some reason. It is no longer on my desktop.

Ok. Look in your C drive to see if it's there. If it's gone, that's one part done.

yeah I can't find it

jcarp wrote:

yeah I can't find it

It's easy to lose them when they're on the desktop.

Should I worry still about finding it? Or shall I just proceed? Thanks.

jcarp wrote:

Should I worry still about finding it? Or shall I just proceed? Thanks.

No worries. Just proceed with the cleanup and you should be good to go.