Rising Unit

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Rising Unit

  • Rank
    Advanced Member
  1. Done! Have yet to see popups, thanks again. # DelFix v1.010 - Logfile created 03/03/2018 at 07:30:23 # Updated 26/04/2015 by Xplode # Username : Afton - ASUS # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis Deleted : C:\Users\Afton\Desktop\adwcleaner_7.0.8.0.exe Deleted : C:\Users\Afton\Desktop\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. I have only done a limited test browse but so far so good! Thank you!
  3. # AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 15:13:58 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Afton\AppData\Roaming\download Manager Deleted: C:\ProgramData\IObit\ASCDownloader Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader Deleted: C:\Users\All Users\IObit\ASCDownloader Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn Deleted: C:\ProgramData\\UAB Deleted: C:\Program Files (x86)\DNSPLUM Deleted: C:\ProgramData\035c42b8-00c7-1 Deleted: C:\ProgramData\035c42b8-07c5-1 Deleted: C:\ProgramData\035c42b8-11f7-0 Deleted: C:\ProgramData\035c42b8-1f61-0 Deleted: C:\ProgramData\035c42b8-25e5-0 Deleted: C:\ProgramData\035c42b8-2805-0 Deleted: C:\ProgramData\035c42b8-2e23-1 Deleted: C:\ProgramData\035c42b8-3497-0 Deleted: C:\ProgramData\035c42b8-4443-0 Deleted: C:\ProgramData\035c42b8-45b5-0 Deleted: C:\ProgramData\035c42b8-5365-0 Deleted: C:\ProgramData\035c42b8-6141-0 Deleted: C:\ProgramData\035c42b8-6255-1 Deleted: C:\ProgramData\035c42b8-66d3-0 Deleted: C:\ProgramData\035c42b8-66f3-0 Deleted: C:\ProgramData\035c42b8-72d1-1 Deleted: C:\ProgramData\035c42b8-74e5-1 Deleted: C:\ProgramData\23c32d83-6717-1 Deleted: C:\ProgramData\23c32d83-6a05-0 Deleted: C:\ProgramData\{002b54e9-412c-1} Deleted: C:\ProgramData\{01a53d1c-312c-0} Deleted: C:\ProgramData\{03bc46f9-612c-0} Deleted: C:\ProgramData\{03c72e34-212c-1} Deleted: C:\ProgramData\{060f55ec-012c-1} Deleted: C:\ProgramData\{09b725a9-012c-0} Deleted: C:\ProgramData\{0a75d451-712c-1} Deleted: C:\ProgramData\{0d141b14-012c-0} Deleted: C:\ProgramData\{139e1bbe-012c-0} Deleted: C:\ProgramData\{157e7f19-212c-1} Deleted: C:\ProgramData\{16ea4226-612c-0} Deleted: C:\ProgramData\{426f1577-612c-0} ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser Deleted: [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser Deleted: [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser Deleted: [Key] - HKCU\Software\WebDiscoverBrowser Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar Deleted: [Key] - HKCU\Software\YahooPartnerToolbar Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64 Deleted: [Key] - HKCU\Software\Link64 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4 Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Deleted: [Key] - HKLM\SOFTWARE\MimarSinan ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5334 B] - [2018/2/28 3:22:35] C:/AdwCleaner/AdwCleaner[S1].txt - [5401 B] - [2018/2/28 15:13:25] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  4. # AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 03:22:35 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 02-27-2018.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Users\Afton\AppData\Roaming\download Manager PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader Rogue.ForcedExtension, C:\ProgramData\apn Rogue.ForcedExtension, C:\ProgramData\Application Data\apn Rogue.ForcedExtension, C:\Users\All Users\apn PUP.Optional.DriverSupport, C:\ProgramData\UAB PUP.Adware.Heuristic, C:\Program Files (x86)\DNSPLUM PUP.Adware.Heuristic, C:\ProgramData\035c42b8-00c7-1 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-07c5-1 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-11f7-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-1f61-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-25e5-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2805-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2e23-1 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-3497-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-4443-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-45b5-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-5365-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6141-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6255-1 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66d3-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66f3-0 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-72d1-1 PUP.Adware.Heuristic, C:\ProgramData\035c42b8-74e5-1 PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6717-1 PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6a05-0 PUP.Adware.Heuristic, C:\ProgramData\{002b54e9-412c-1} PUP.Adware.Heuristic, C:\ProgramData\{01a53d1c-312c-0} PUP.Adware.Heuristic, C:\ProgramData\{03bc46f9-612c-0} PUP.Adware.Heuristic, C:\ProgramData\{03c72e34-212c-1} PUP.Adware.Heuristic, C:\ProgramData\{060f55ec-012c-1} PUP.Adware.Heuristic, C:\ProgramData\{09b725a9-012c-0} PUP.Adware.Heuristic, C:\ProgramData\{0a75d451-712c-1} PUP.Adware.Heuristic, C:\ProgramData\{0d141b14-012c-0} PUP.Adware.Heuristic, C:\ProgramData\{139e1bbe-012c-0} PUP.Adware.Heuristic, C:\ProgramData\{157e7f19-212c-1} PUP.Adware.Heuristic, C:\ProgramData\{16ea4226-612c-0} PUP.Adware.Heuristic, C:\ProgramData\{426f1577-612c-0} ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WebDiscoverBrowser PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser PUP.Optional.Legacy, [Key] - HKCU\Software\WebDiscoverBrowser PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64 PUP.Optional.Legacy, [Key] - HKCU\Software\Link64 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care PUP.Optional.Spoutly, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 PUP.Optional.CloudScout, [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b PUP.Optional.DNSUnlocker.ACMB2, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
  5. There are definitely less. I am still getting some popups, but AVG has been able to detect and block them at least.
  6. Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018 Ran by Afton (25-02-2018 12:56:50) Run:1 Running from C:\Users\Afton\Desktop Loaded Profiles: Afton & UpdatusUser (Available Profiles: Afton & Mcx1-ASUS & UpdatusUser & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION SecurityProviders: credssp.dll, AztoltuWxusx.dll GroupPolicy: Restriction <==== ATTENTION Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}: [NameServer] 82.163.143.176 82.163.142.178 URLSearchHook: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF ProfilePath: 58960918 [not found] <==== ATTENTION FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-25] (Pando Networks) CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-17] (IObit) S3 avchv; system32\DRIVERS\avchv.sys [X] S0 Lbd; system32\DRIVERS\Lbd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] 2013-10-15 02:10 - 2014-08-30 00:43 - 000000000 ____D () C:\Users\Guest\AppData\Local\Temp\avgnt.exe 2017-11-28 20:02 - 2017-11-28 20:13 - 007649280 _____ () C:\Program Files (x86)\GUT8EE7.tmp Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited) ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited) Task: {04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} - \{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} -> No File <==== ATTENTION Task: {A99F733F-847A-455F-A525-5472E65DB756} - System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => C:\Windows\system32\pcalua.exe -a C:\Users\Afton\AppData\Local\Temp\Temp1_Remote_WIN7_32_WIN7_64_5101.zip\SETUP.EXE <==== ATTENTION Task: {AFF780CD-47B4-4F68-8575-3491B560DE74} - System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE Task: {B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} - System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /autorun Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe" Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe" Task: {F82103C1-E4B1-4944-91FD-0ECF448A6D0D} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION Task: {FC8E42FA-05B1-4127-8D18-2F5D75CBF416} - \{A4708731-C006-61AD-B842-5C03F61AA453} -> No File <==== ATTENTION CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt Reboot: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully HKLM\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders => value restored successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011" => removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}\\NameServer" => removed successfully "HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86}" => removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found "HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => removed successfully C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05] => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully "HKLM\System\CurrentControlSet\Services\LiveUpdateSvc" => removed successfully LiveUpdateSvc => service removed successfully "HKLM\System\CurrentControlSet\Services\avchv" => removed successfully avchv => service removed successfully "HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully Lbd => service removed successfully "HKLM\System\CurrentControlSet\Services\SBRE" => removed successfully SBRE => service removed successfully "HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully VMnetAdapter => service removed successfully "HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully WinRing0_1_2_0 => service removed successfully C:\Users\Guest\AppData\Local\Temp\avgnt.exe => moved successfully C:\Program Files (x86)\GUT8EE7.tmp => moved successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully "HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" => removed successfully "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\LaunchSignup => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully "C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\DNSPLUM => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453} => could not remove key. ErrorCode1: 0x00000002 ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Reseting Global, OK! Reseting Interface, OK! Reseting Unicast Address, OK! Restart the computer to complete this action. ========= End of CMD: ========= Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 13:00:41) Result of scheduled keys to remove after reboot: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453}" => removed successfully ==== End of Fixlog 13:00:41 ====
  7. Hello, and thank you for your help. I have not been to Israel, so I assume that is a sign of infection. I have no particular requirements/can use automatic setting. To be honest problems started about 2 years ago. I had purchased a new laptop as this one is old anyways, but I have recently cleaned it up and have been updating everything so that I can give it to my brother to use. I am hoping this issue can be solved before giving it to him.
  8. Hello, I have been getting pop up windows in my internet browser. Often times i will try to open something from an application, but instead of going to the page selected a different page will open. I have run AVG and adaware with no resolution. FRST files attached. Thank you for the help. FRST.txt Addition.txt
  9. Everything is still lookin good. No notifications of unwanted files or anything. Thank you! ur the best.
  10. Seems good so far. Restarted, ran ccleaner again and scanned with adaware, which didn't find anything. Doing a scan with Avira right now, will let you know if anything shows up. Thank you!
  11. ComboFix 11-03-14.02 - Owner 03/15/2011 12:21:32.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2162 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Owner\Downloads\IWON(2).exe" "c:\users\Owner\Downloads\IWON.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\progra~3\iJlPaDh06504 c:\progra~3\iJlPaDh06504\iJlPaDh06504 c:\users\Owner\Downloads\IWON(2).exe c:\users\Owner\Downloads\IWON.exe . . ((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 ))))))))))))))))))))))))))))))) . . 2011-03-15 17:26 . 2011-03-15 17:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-03-15 17:26 . 2011-03-15 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-15 03:40 . 2011-03-15 03:40 -------- d-----w- c:\program files (x86)\ESET 2011-03-15 03:36 . 2011-03-15 03:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-03-15 03:35 . 2011-03-15 03:35 -------- d-----w- c:\program files (x86)\McAfee Security Scan 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-03-10 09:27 . 2011-01-10 20:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-10 09:27 . 2011-01-10 20:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\programdata\Avira 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\program files (x86)\Avira 2011-03-10 08:52 . 2011-03-09 07:47 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-10 08:42 . 2011-03-09 07:47 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-03-10 08:42 . 2011-03-10 08:42 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-03-10 08:41 . 2011-03-10 08:41 -------- d-----w- c:\users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40 . 2011-03-10 08:40 -------- dc-h--w- c:\programdata\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40 . 2011-03-10 08:41 -------- d-----w- c:\programdata\Lavasoft 2011-03-10 08:40 . 2011-03-10 08:40 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-08 13:08 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13 . 2011-03-02 06:13 -------- d-----w- c:\windows\system32\SPReview 2011-03-02 06:06 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-02 06:06 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-03-02 06:06 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-03-02 06:04 . 2010-11-20 13:28 605552 ----a-w- c:\windows\system32\winload.exe 2011-03-02 06:03 . 2010-11-20 13:32 334208 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-03-02 06:02 . 2010-11-20 13:27 78848 ----a-w- c:\windows\system32\spbcd.dll 2011-03-02 06:01 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll 2011-03-02 06:01 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll 2011-03-02 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-03-02 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-03-02 05:58 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-02 05:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-03-02 05:58 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-03-02 05:58 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-03-02 05:58 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-03-02 05:57 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-03-02 05:57 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-03-01 21:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-01 21:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-03-01 18:59 . 2011-03-01 18:59 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59 . 2011-03-01 18:59 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57 . 2011-03-11 09:16 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live 2011-02-23 21:29 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 21:29 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 06:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-03-02 06:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-02 23:11 . 2009-11-27 19:10 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 12:14 . 2011-02-09 06:08 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 09:51 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 09:20 . 2011-02-09 06:08 366592 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 07:45 . 2011-02-09 06:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-07 06:01 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-01-07 05:43 . 2011-02-09 06:08 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-05 10:34 . 2011-02-09 06:08 612864 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 06:56 . 2011-02-09 06:07 3129344 ----a-w- c:\windows\system32\win32k.sys 2011-01-05 05:55 . 2011-02-09 06:08 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2010-12-17 11:42 . 2011-02-09 06:07 214016 ----a-w- c:\windows\system32\winsrv.dll 2010-12-17 11:40 . 2011-02-09 06:08 715776 ----a-w- c:\windows\system32\kerberos.dll 2010-12-17 07:07 . 2011-02-09 06:08 542208 ----a-w- c:\windows\SysWow64\kerberos.dll . . ((((((((((((((((((((((((((((( [email protected]_18.05.16 ))))))))))))))))))))))))))))))))))))))))) . - 2011-03-10 21:06 . 2011-03-14 08:33 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-03-14 18:32 . 2011-03-15 08:01 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat - 2011-03-10 21:06 . 2011-03-14 08:33 16384 c:\windows\Temp\History\History.IE5\index.dat + 2011-03-14 18:32 . 2011-03-15 08:01 16384 c:\windows\Temp\History\History.IE5\index.dat - 2011-03-10 21:06 . 2011-03-14 08:33 16384 c:\windows\Temp\Cookies\index.dat + 2011-03-14 18:32 . 2011-03-15 08:01 16384 c:\windows\Temp\Cookies\index.dat + 2009-07-14 05:10 . 2011-03-14 18:26 46982 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-09 14:32 . 2011-03-14 18:26 15696 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1760253539-1925007565-1178277975-1000_UserData.bin + 2010-03-09 14:31 . 2011-03-14 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:31 . 2011-03-14 18:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-09 14:31 . 2011-03-14 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-09 14:32 . 2011-03-14 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:32 . 2011-03-15 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:32 . 2011-03-15 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-09 14:32 . 2011-03-14 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-10 17:49 . 2010-11-10 17:49 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\wow_helper.exe + 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll + 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe + 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll + 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe + 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe + 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe + 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll + 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll + 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll + 2010-03-31 06:24 . 2011-03-14 18:23 2584 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-03-14 18:24 . 2011-03-14 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-03-10 21:03 . 2011-03-10 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-03-10 21:03 . 2011-03-10 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-14 18:24 . 2011-03-14 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-03-09 08:27 . 2011-03-15 10:05 425426 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-03-13 08:58 627082 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-14 18:31 627082 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-14 18:31 107366 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-03-13 08:58 107366 c:\windows\system32\perfc009.dat + 2009-08-24 10:58 . 2011-03-14 18:23 627888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-08-24 10:58 . 2011-03-10 21:03 627888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-03-10 21:03 395844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-03-14 18:23 395844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-05-08 05:41 . 2011-03-14 18:23 962040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1760253539-1925007565-1178277975-1000-8192.dat - 2010-05-08 05:41 . 2011-03-10 21:03 962040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1760253539-1925007565-1178277975-1000-8192.dat + 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll + 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll + 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll + 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll + 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll + 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe + 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll + 2010-11-10 20:54 . 2010-11-10 20:54 2307584 c:\windows\Installer\1f4d836.msi + 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll + 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll + 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll + 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe + 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe + 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\1f4d837.msp + 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120] "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x] R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x] R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x] R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x] R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x] R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096] R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x] S0 spldr;Security Processor Loader Driver; [x] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24];c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-29 01:04 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x] S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-09 17152] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x] S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136] . . --- Other Services/Drivers In Memory --- . *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - IDSVia64 *Deregistered* - SymEFA *Deregistered* - SYMTDI . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch wcssvc REG_MULTI_SZ WcsPlugInService . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc msiscsi schedule SessionEnv winmgmt . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService sppuinotify . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv . . Contents of the 'Scheduled Tasks' folder . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-04 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 19:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU] "SmartMenu"="%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS winmgmt SessionEnv browser EapHost schedule hkmsvc wercplsupport ProfSvc Themes BDESVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:58404 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-15 12:29:16 ComboFix-quarantined-files.txt 2011-03-15 17:29 ComboFix2.txt 2011-03-15 03:23 ComboFix3.txt 2011-03-14 18:07 . Pre-Run: 227,706,126,336 bytes free Post-Run: 227,657,338,880 bytes free . - - End Of File - - 6CE40501D7578E51E584144057E719B5
  12. ComboFix 11-03-14.02 - Owner 03/14/2011 22:16:41.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2312 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 ))))))))))))))))))))))))))))))) . . 2011-03-15 03:21 . 2011-03-15 03:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-03-15 03:21 . 2011-03-15 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-03-10 09:27 . 2011-01-10 20:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-10 09:27 . 2011-01-10 20:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\programdata\Avira 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\program files (x86)\Avira 2011-03-10 08:52 . 2011-03-09 07:47 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-10 08:42 . 2011-03-09 07:47 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-03-10 08:42 . 2011-03-10 08:42 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-03-10 08:41 . 2011-03-10 08:41 -------- d-----w- c:\users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40 . 2011-03-10 08:40 -------- dc-h--w- c:\programdata\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40 . 2011-03-10 08:41 -------- d-----w- c:\programdata\Lavasoft 2011-03-10 08:40 . 2011-03-10 08:40 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-09 20:46 . 2011-03-09 20:46 -------- d-----w- c:\programdata\iJlPaDh06504 2011-03-08 13:08 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13 . 2011-03-02 06:13 -------- d-----w- c:\windows\system32\SPReview 2011-03-02 06:06 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-02 06:06 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-03-02 06:06 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-03-02 06:04 . 2010-11-20 13:28 605552 ----a-w- c:\windows\system32\winload.exe 2011-03-02 06:03 . 2010-11-20 13:32 334208 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-03-02 06:02 . 2010-11-20 13:27 78848 ----a-w- c:\windows\system32\spbcd.dll 2011-03-02 06:01 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll 2011-03-02 06:01 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll 2011-03-02 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-03-02 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-03-02 05:58 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-02 05:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-03-02 05:58 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-03-02 05:58 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-03-02 05:58 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-03-02 05:57 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-03-02 05:57 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-03-01 21:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-01 21:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-03-01 18:59 . 2011-03-01 18:59 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59 . 2011-03-01 18:59 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57 . 2011-03-11 09:16 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live 2011-02-23 21:29 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 21:29 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 06:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-03-02 06:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-02 23:11 . 2009-11-27 19:10 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 12:14 . 2011-02-09 06:08 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 09:51 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 09:20 . 2011-02-09 06:08 366592 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 07:45 . 2011-02-09 06:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-07 06:01 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-01-07 05:43 . 2011-02-09 06:08 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-05 10:34 . 2011-02-09 06:08 612864 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 06:56 . 2011-02-09 06:07 3129344 ----a-w- c:\windows\system32\win32k.sys 2011-01-05 05:55 . 2011-02-09 06:08 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2010-12-17 11:42 . 2011-02-09 06:07 214016 ----a-w- c:\windows\system32\winsrv.dll 2010-12-17 11:40 . 2011-02-09 06:08 715776 ----a-w- c:\windows\system32\kerberos.dll 2010-12-17 07:07 . 2011-02-09 06:08 542208 ----a-w- c:\windows\SysWow64\kerberos.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\progra~3\iJlPaDh06504 ---- . 2011-03-09 20:46 . 2011-03-10 08:24 170 ----a-w- c:\progra~3\iJlPaDh06504\iJlPaDh06504 . . ((((((((((((((((((((((((((((( [email protected]_18.05.16 ))))))))))))))))))))))))))))))))))))))))) . - 2011-03-10 21:06 . 2011-03-14 08:33 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-03-14 18:32 . 2011-03-14 18:27 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-03-14 18:32 . 2011-03-14 18:27 16384 c:\windows\Temp\History\History.IE5\index.dat - 2011-03-10 21:06 . 2011-03-14 08:33 16384 c:\windows\Temp\History\History.IE5\index.dat + 2011-03-14 18:32 . 2011-03-14 18:27 16384 c:\windows\Temp\Cookies\index.dat - 2011-03-10 21:06 . 2011-03-14 08:33 16384 c:\windows\Temp\Cookies\index.dat + 2009-07-14 05:10 . 2011-03-14 18:26 46982 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-09 14:32 . 2011-03-14 18:26 15696 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1760253539-1925007565-1178277975-1000_UserData.bin + 2010-03-09 14:31 . 2011-03-14 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:31 . 2011-03-14 18:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-09 14:31 . 2011-03-10 21:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-09 14:31 . 2011-03-14 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-09 14:32 . 2011-03-14 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:32 . 2011-03-15 03:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-09 14:32 . 2011-03-15 03:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-09 14:32 . 2011-03-14 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-31 06:24 . 2011-03-14 18:23 2584 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-03-10 21:03 . 2011-03-10 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-03-14 18:24 . 2011-03-14 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-03-10 21:03 . 2011-03-10 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-14 18:24 . 2011-03-14 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-03-09 08:27 . 2011-03-15 02:23 425402 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-03-13 08:58 627082 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-14 18:31 627082 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-03-13 08:58 107366 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-03-14 18:31 107366 c:\windows\system32\perfc009.dat + 2009-08-24 10:58 . 2011-03-14 18:23 627888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-08-24 10:58 . 2011-03-10 21:03 627888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-03-10 21:03 395844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-03-14 18:23 395844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-05-08 05:41 . 2011-03-10 21:03 962040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1760253539-1925007565-1178277975-1000-8192.dat + 2010-05-08 05:41 . 2011-03-14 18:23 962040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1760253539-1925007565-1178277975-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120] "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x] R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x] R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x] R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x] R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096] R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x] S0 spldr;Security Processor Loader Driver; [x] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24];c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-29 01:04 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x] S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-09 17152] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x] S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136] . . --- Other Services/Drivers In Memory --- . *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - IDSVia64 *Deregistered* - SymEFA *Deregistered* - SYMTDI . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch wcssvc REG_MULTI_SZ WcsPlugInService . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc msiscsi schedule SessionEnv winmgmt . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService sppuinotify . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv . . Contents of the 'Scheduled Tasks' folder . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-04 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 19:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU] "SmartMenu"="%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS winmgmt SessionEnv browser EapHost schedule hkmsvc wercplsupport ProfSvc Themes BDESVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-14 22:23:39 ComboFix-quarantined-files.txt 2011-03-15 03:23 ComboFix2.txt 2011-03-14 18:07 . Pre-Run: 229,151,551,488 bytes free Post-Run: 228,861,214,720 bytes free . - - End Of File - - E3B1F9DC410612D1CAD205F985E17CBD . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Owner at 0:23:43.32 on Tue 03/15/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1853 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Owner\Downloads\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:58404 mURLSearchHooks: H - No File BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_2/DinerDash2.1.0.0.53.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - component: C:\Program Files (x86)\PriceGong\2.1.0\FF\components\PriceGongFF.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - C:\Program Files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-10 69376] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-28 146928] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-10 135336] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-10 267944] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-10 83120] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-9 1405384] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952] R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-9 17152] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736] . =============== Created Last 30 ================ . 2011-03-15 03:40:19 -------- d-----w- C:\Program Files (x86)\ESET 2011-03-15 03:35:22 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2011-03-14 17:57:21 98816 ----a-w- C:\Windows\sed.exe 2011-03-14 17:57:21 89088 ----a-w- C:\Windows\MBR.exe 2011-03-14 17:57:21 256512 ----a-w- C:\Windows\PEV.exe 2011-03-14 17:57:21 161792 ----a-w- C:\Windows\SWREG.exe 2011-03-13 03:17:15 -------- d-----w- C:\Windows\pss 2011-03-10 20:48:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-03-10 20:48:38 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 09:27:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-03-10 09:27:53 -------- d-----w- C:\Program Files (x86)\Avira 2011-03-10 09:27:53 -------- d-----w- C:\PROGRA~3\Avira 2011-03-10 08:52:08 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2011-03-10 08:42:51 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-03-10 08:42:48 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-03-10 08:41:36 -------- d-----w- C:\Users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40:58 -------- dc-h--w- C:\PROGRA~3\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40:49 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-03-09 20:46:34 -------- d-----w- C:\PROGRA~3\iJlPaDh06504 2011-03-08 13:08:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13:47 -------- d-----w- C:\Windows\System32\SPReview 2011-03-02 06:06:09 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-03-02 06:06:09 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-03-02 06:06:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-03-02 06:04:59 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-03-02 06:03:59 726528 ----a-w- C:\Windows\System32\appwiz.cpl 2011-03-02 06:02:59 98816 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2011-03-02 06:01:59 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll 2011-03-02 06:01:59 257024 ----a-w- C:\Windows\SysWow64\dpx.dll 2011-03-02 06:01:56 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-02 06:01:56 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-02 05:58:43 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-03-02 05:58:43 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-03-02 05:58:43 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-03-02 05:58:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-03-02 05:58:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-03-02 05:57:32 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-03-02 05:57:31 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-03-01 21:39:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-03-01 21:39:54 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-01 18:59:25 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59:04 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58:44 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58:44 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58:44 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57:42 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live 2011-02-23 21:29:18 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 21:29:18 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 21:29:18 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 21:29:17 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll . ==================== Find3M ==================== . 2011-03-02 06:20:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-03-02 06:20:31 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys 2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll 2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll 2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll 2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll . ============= FINISH: 0:24:33.85 =============== Threats found: C:\Users\Owner\Downloads\IWON(2).exe Win32/Toolbar.MyWebSearch application C:\Users\Owner\Downloads\IWON.exe Win32/Toolbar.MyWebSearch application
  13. ComboFix 11-03-13.02 - Owner 03/14/2011 12:58:21.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2197 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53 c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf . . ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 ))))))))))))))))))))))))))))))) . . 2011-03-14 18:05 . 2011-03-14 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-12 03:38 . 2011-03-12 03:38 516 ---ha-w- C:\aaw7boot.cmd 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 20:48 . 2011-02-03 03:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-03-10 09:27 . 2011-01-10 20:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-10 09:27 . 2011-01-10 20:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\programdata\Avira 2011-03-10 09:27 . 2011-03-10 09:27 -------- d-----w- c:\program files (x86)\Avira 2011-03-10 08:52 . 2011-03-09 07:47 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-10 08:42 . 2011-03-09 07:47 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-03-10 08:42 . 2011-03-10 08:42 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-03-10 08:41 . 2011-03-10 08:41 -------- d-----w- c:\users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40 . 2011-03-10 08:40 -------- dc-h--w- c:\programdata\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40 . 2011-03-10 08:41 -------- d-----w- c:\programdata\Lavasoft 2011-03-10 08:40 . 2011-03-10 08:40 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-09 20:46 . 2011-03-09 20:46 -------- d-----w- c:\programdata\iJlPaDh06504 2011-03-08 13:08 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13 . 2011-03-02 06:13 -------- d-----w- c:\windows\system32\SPReview 2011-03-02 06:06 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-02 06:06 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-03-02 06:06 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-03-02 06:04 . 2010-11-20 13:28 605552 ----a-w- c:\windows\system32\winload.exe 2011-03-02 06:03 . 2010-11-20 13:32 334208 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-03-02 06:02 . 2010-11-20 13:27 78848 ----a-w- c:\windows\system32\spbcd.dll 2011-03-02 06:01 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll 2011-03-02 06:01 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll 2011-03-02 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-03-02 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-03-02 05:58 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-02 05:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-03-02 05:58 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-03-02 05:58 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-03-02 05:58 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-03-02 05:57 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-03-02 05:57 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-03-01 21:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-01 21:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-03-01 18:59 . 2011-03-01 18:59 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59 . 2011-03-01 18:59 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58 . 2011-03-01 18:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58 . 2011-03-01 18:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58 . 2011-03-01 18:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57 . 2011-03-11 09:16 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live 2011-02-23 21:29 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 21:29 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-02-23 21:29 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 06:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-03-02 06:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-02 23:11 . 2009-11-27 19:10 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 12:14 . 2011-02-09 06:08 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 09:51 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 09:20 . 2011-02-09 06:08 366592 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 07:45 . 2011-02-09 06:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-07 06:01 . 2011-02-09 06:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-01-07 05:43 . 2011-02-09 06:08 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-05 10:34 . 2011-02-09 06:08 612864 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 06:56 . 2011-02-09 06:07 3129344 ----a-w- c:\windows\system32\win32k.sys 2011-01-05 05:55 . 2011-02-09 06:08 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2010-12-17 11:42 . 2011-02-09 06:07 214016 ----a-w- c:\windows\system32\winsrv.dll 2010-12-17 11:40 . 2011-02-09 06:08 715776 ----a-w- c:\windows\system32\kerberos.dll 2010-12-17 07:07 . 2011-02-09 06:08 542208 ----a-w- c:\windows\SysWow64\kerberos.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-03-28 19:53 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120] "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x] R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x] R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x] R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x] R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x] R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096] R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x] S0 spldr;Security Processor Loader Driver; [x] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24];c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-29 01:04 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x] S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-09 17152] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x] S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136] . . --- Other Services/Drivers In Memory --- . *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - IDSVia64 *Deregistered* - SymEFA *Deregistered* - SYMTDI . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch wcssvc REG_MULTI_SZ WcsPlugInService . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc msiscsi schedule SessionEnv winmgmt . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService sppuinotify . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv . . Contents of the 'Scheduled Tasks' folder . 2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 16:31] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1760253539-1925007565-1178277975-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30 22:25] . 2011-03-04 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 19:34] . 2011-03-10 c:\windows\Tasks\RegPowerClean.job - c:\program files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-04-06 19:48] . 2011-03-10 c:\windows\Tasks\RPCReminder.job - c:\program files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2010-04-06 19:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS winmgmt SessionEnv browser EapHost schedule hkmsvc wercplsupport ProfSvc Themes BDESVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:58404 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd SafeBoot-sacsvr SafeBoot-vmms WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD00.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-14 13:07:28 ComboFix-quarantined-files.txt 2011-03-14 18:07 . Pre-Run: 229,444,747,264 bytes free Post-Run: 228,955,226,112 bytes free . - - End Of File - - 19E1AEC210606DA02FD4F6051D3383DF . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Owner at 13:30:33.13 on Mon 03/14/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2335 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Owner\Downloads\dds(2).com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:58404 mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_2/DinerDash2.1.0.0.53.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - component: C:\Program Files (x86)\PriceGong\2.1.0\FF\components\PriceGongFF.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - C:\Program Files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-10 69376] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-28 146928] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-10 135336] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-10 267944] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-10 83120] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952] R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464] R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-9 1405384] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-9 17152] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736] . =============== Created Last 30 ================ . 2011-03-14 18:22:46 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-14 17:57:21 98816 ----a-w- C:\Windows\sed.exe 2011-03-14 17:57:21 89088 ----a-w- C:\Windows\MBR.exe 2011-03-14 17:57:21 256512 ----a-w- C:\Windows\PEV.exe 2011-03-14 17:57:21 161792 ----a-w- C:\Windows\SWREG.exe 2011-03-13 03:17:15 -------- d-----w- C:\Windows\pss 2011-03-10 20:48:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-03-10 20:48:38 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 09:27:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-03-10 09:27:53 -------- d-----w- C:\Program Files (x86)\Avira 2011-03-10 09:27:53 -------- d-----w- C:\PROGRA~3\Avira 2011-03-10 08:52:08 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2011-03-10 08:42:51 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-03-10 08:42:48 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-03-10 08:41:36 -------- d-----w- C:\Users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40:58 -------- dc-h--w- C:\PROGRA~3\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40:49 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-03-09 20:46:34 -------- d-----w- C:\PROGRA~3\iJlPaDh06504 2011-03-08 13:08:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13:47 -------- d-----w- C:\Windows\System32\SPReview 2011-03-02 06:06:09 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-03-02 06:06:09 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-03-02 06:06:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-03-02 06:04:59 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-03-02 06:03:59 726528 ----a-w- C:\Windows\System32\appwiz.cpl 2011-03-02 06:02:59 98816 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2011-03-02 06:01:59 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll 2011-03-02 06:01:59 257024 ----a-w- C:\Windows\SysWow64\dpx.dll 2011-03-02 06:01:56 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-02 06:01:56 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-02 05:58:43 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-03-02 05:58:43 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-03-02 05:58:43 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-03-02 05:58:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-03-02 05:58:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-03-02 05:57:32 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-03-02 05:57:31 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-03-01 21:39:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-03-01 21:39:54 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-01 18:59:25 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59:04 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58:44 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58:44 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58:44 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57:42 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live 2011-02-23 21:29:18 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 21:29:18 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 21:29:18 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 21:29:17 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll . ==================== Find3M ==================== . 2011-03-02 06:20:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-03-02 06:20:31 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys 2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll 2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll 2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll 2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll . ============= FINISH: 13:31:51.72 ===============
  14. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv6 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 157): 0x02E4D000 \SystemRoot\system32\ntoskrnl.exe 0x02E04000 \SystemRoot\system32\hal.dll 0x00BA9000 \SystemRoot\system32\kdcom.dll 0x00CDA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D29000 \SystemRoot\system32\PSHED.dll 0x00D3D000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00EB9000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F5D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F6C000 \SystemRoot\system32\drivers\ACPI.sys 0x00FC3000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FCC000 \SystemRoot\system32\drivers\msisadrv.sys 0x00E00000 \SystemRoot\system32\drivers\pci.sys 0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E40000 \SystemRoot\System32\drivers\partmgr.sys 0x00E55000 \SystemRoot\system32\drivers\volmgr.sys 0x00D9B000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E6A000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E73000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys 0x00E99000 \SystemRoot\system32\drivers\atapi.sys 0x00FD6000 \SystemRoot\system32\drivers\ataport.SYS 0x00EA2000 \SystemRoot\system32\drivers\msahci.sys 0x00CC0000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00EAD000 \SystemRoot\system32\drivers\amdxata.sys 0x01006000 \SystemRoot\system32\drivers\fltmgr.sys 0x01052000 \SystemRoot\system32\drivers\fileinfo.sys 0x01066000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x0124C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0107B000 \SystemRoot\System32\Drivers\msrpc.sys 0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys 0x010D9000 \SystemRoot\System32\Drivers\cng.sys 0x0121B000 \SystemRoot\System32\drivers\pcw.sys 0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014F5000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x016C5000 \SystemRoot\System32\drivers\tcpip.sys 0x018C9000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01913000 \SystemRoot\system32\drivers\volsnap.sys 0x0195F000 \SystemRoot\System32\Drivers\spldr.sys 0x01967000 \SystemRoot\System32\drivers\rdyboost.sys 0x019A1000 \SystemRoot\System32\Drivers\mup.sys 0x019B3000 \SystemRoot\System32\drivers\hwpolicy.sys 0x019BC000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x019F6000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x01600000 \SystemRoot\system32\DRIVERS\disk.sys 0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01646000 \SystemRoot\system32\drivers\cdrom.sys 0x01670000 \SystemRoot\System32\Drivers\Null.SYS 0x01679000 \SystemRoot\System32\Drivers\Beep.SYS 0x01680000 \SystemRoot\System32\drivers\vga.sys 0x0168E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x016B3000 \SystemRoot\System32\drivers\watchdog.sys 0x0148B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01494000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0149D000 \SystemRoot\system32\drivers\rdprefmp.sys 0x014A6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x014B1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x014C2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x014E4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0114B000 \SystemRoot\system32\drivers\afd.sys 0x02C94000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02CE2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D08000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D17000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D32000 \SystemRoot\system32\drivers\termdd.sys 0x02D46000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02D97000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DA3000 \SystemRoot\system32\drivers\mssmbios.sys 0x02DAE000 \SystemRoot\System32\drivers\discache.sys 0x02DBD000 \SystemRoot\System32\Drivers\dfsc.sys 0x02DDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02C00000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x02C22000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02C48000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02C5E000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x048FF000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x04800000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0531E000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05364000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x05371000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x053C7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x053D8000 \SystemRoot\system32\drivers\HDAudBus.sys 0x03E08000 \SystemRoot\system32\DRIVERS\bcmwl664.sys 0x03F80000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x03FB2000 \SystemRoot\system32\drivers\i8042prt.sys 0x03FD0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x03FDC000 \SystemRoot\system32\drivers\kbdclass.sys 0x04034000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x04087000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04089000 \SystemRoot\system32\drivers\mouclass.sys 0x04098000 \SystemRoot\system32\DRIVERS\enecir.sys 0x040B4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x040C1000 \SystemRoot\system32\drivers\wmiacpi.sys 0x040CA000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x040D6000 \SystemRoot\system32\drivers\CompositeBus.sys 0x040E6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x040FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04120000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0412C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0415B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04176000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04197000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x041B1000 \SystemRoot\system32\drivers\swenum.sys 0x041B3000 \SystemRoot\system32\drivers\ks.sys 0x04000000 \SystemRoot\system32\DRIVERS\circlass.sys 0x04012000 \SystemRoot\system32\drivers\umbus.sys 0x04216000 \SystemRoot\system32\drivers\usbhub.sys 0x04270000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04285000 \SystemRoot\system32\DRIVERS\stwrt64.sys 0x04304000 \SystemRoot\system32\DRIVERS\portcls.sys 0x04341000 \SystemRoot\system32\DRIVERS\drmk.sys 0x04363000 \SystemRoot\system32\drivers\ksthunk.sys 0x05C74000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x05D96000 \SystemRoot\system32\drivers\modem.sys 0x05DA5000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x05DC9000 \SystemRoot\system32\DRIVERS\hidir.sys 0x05DDA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05DF3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05C00000 \SystemRoot\system32\drivers\kbdhid.sys 0x05C0E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05C1B000 \SystemRoot\system32\drivers\RTSTOR64.SYS 0x05C30000 \SystemRoot\system32\drivers\usbccgp.sys 0x04369000 \SystemRoot\System32\Drivers\usbvideo.sys 0x00070000 \SystemRoot\System32\win32k.sys 0x05C4D000 \SystemRoot\System32\drivers\Dxapi.sys 0x005F0000 \SystemRoot\System32\TSDDD.dll 0x00780000 \SystemRoot\System32\cdd.dll 0x04397000 \SystemRoot\system32\drivers\luafv.sys 0x043BA000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x043D7000 \SystemRoot\system32\drivers\WudfPf.sys 0x04200000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02649000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x0269C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x026AF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x026C7000 \SystemRoot\system32\drivers\HTTP.sys 0x02790000 \SystemRoot\system32\DRIVERS\bowser.sys 0x027AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x027C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x02AD3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x02B20000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x02B44000 \SystemRoot\system32\drivers\peauth.sys 0x02BEA000 \SystemRoot\System32\Drivers\secdrv.SYS 0x02A00000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x02A31000 \SystemRoot\System32\drivers\tcpipreg.sys 0x02A43000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD00.fcl 0x054AA000 \SystemRoot\System32\DRIVERS\srv2.sys 0x05515000 \SystemRoot\System32\DRIVERS\srv.sys 0x05471000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x0547C000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 0x05483000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05400000 \SystemRoot\system32\DRIVERS\monitor.sys 0x76F70000 \Windows\System32\ntdll.dll 0x47630000 \Windows\System32\smss.exe 0xFF290000 \Windows\System32\apisetschema.dll Processes (total 104): 0 System Idle Process 4 System 264 C:\Windows\System32\smss.exe 388 csrss.exe 444 C:\Windows\System32\wininit.exe 460 csrss.exe 500 C:\Windows\System32\services.exe 524 C:\Windows\System32\lsass.exe 540 C:\Windows\System32\lsm.exe 548 C:\Windows\System32\winlogon.exe 680 C:\Windows\System32\svchost.exe 780 C:\Windows\System32\svchost.exe 832 C:\Windows\System32\svchost.exe 904 C:\Windows\System32\svchost.exe 940 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe 384 C:\Windows\System32\svchost.exe 1052 C:\Windows\System32\hpservice.exe 1180 C:\Windows\System32\svchost.exe 1252 C:\Windows\System32\wlanext.exe 1260 C:\Windows\System32\conhost.exe 1396 C:\Windows\System32\spoolsv.exe 1424 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1444 C:\Windows\System32\svchost.exe 1540 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe 1568 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1680 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1712 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1788 C:\Windows\System32\svchost.exe 1828 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1880 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 1988 C:\Program Files (x86)\SMINST\BLService.exe 1032 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 1172 C:\Windows\System32\svchost.exe 1144 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 1928 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 1960 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1620 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 2088 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2244 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2252 C:\Windows\System32\conhost.exe 2532 C:\Windows\System32\svchost.exe 2740 WmiPrvSE.exe 2992 C:\Windows\System32\taskhost.exe 2256 C:\Windows\System32\dwm.exe 2404 C:\Windows\explorer.exe 2940 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3080 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 3112 C:\Windows\System32\igfxtray.exe 3124 C:\Windows\System32\hkcmd.exe 3168 C:\Windows\System32\igfxpers.exe 3268 C:\Program Files\IDT\WDM\sttray64.exe 3508 C:\Windows\ehome\ehmsas.exe 3520 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 3648 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3800 C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe 3880 C:\Windows\System32\SearchIndexer.exe 3908 C:\Program Files (x86)\WinZip\WZQKPICK.EXE 4076 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe 3164 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe 372 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe 3564 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3612 C:\Windows\System32\svchost.exe 3644 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe 3740 C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe 1464 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3096 C:\Program Files\Windows Media Player\wmpnetwk.exe 2496 C:\Program Files (x86)\iTunes\iTunesHelper.exe 2116 C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe 4148 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 4188 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 4248 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 4488 dllhost.exe 4808 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4876 C:\Program Files\iPod\bin\iPodService.exe 5036 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 4144 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3960 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 4652 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 3728 unsecapp.exe 2448 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe 4560 C:\Windows\System32\taskhost.exe 5976 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 5632 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 4868 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 1640 C:\Windows\SysWOW64\rundll32.exe 5720 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 3828 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 1076 C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe 3472 C:\Windows\System32\taskeng.exe 3092 C:\Windows\System32\taskeng.exe 5688 C:\Windows\System32\svchost.exe 5328 C:\Windows\System32\msiexec.exe 5124 C:\Windows\servicing\TrustedInstaller.exe 5668 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4388 C:\Windows\System32\wuauclt.exe 5660 taskhost.exe 2864 C:\Windows\System32\SearchProtocolHost.exe 4704 C:\Windows\System32\SearchFilterHost.exe 1724 C:\Windows\explorer.exe 6052 C:\Windows\System32\audiodg.exe 2764 C:\Users\Owner\Desktop\MBRCheck.exe 4528 C:\Windows\System32\conhost.exe 2540 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`43600000 (NTFS) PhysicalDrive0 Model Number: ST9320325AS, Rev: 0005HPM1 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done!
  15. . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Owner at 21:07:11.86 on Sat 03/12/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1779 [GMT -6:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\WinZip\WZQKPICK.EXE C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wuauclt.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Owner\Downloads\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:58404 mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - C:\Program Files (x86)\myfreezetoolbar\myfreezedx.dll BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - C:\Program Files (x86)\myfreezetoolbar\auxi\myfreezetoolbAu.dll BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - C:\Program Files (x86)\myfreezetoolbar\myfreezedx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_2/DinerDash2.1.0.0.53.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: {09268BF8-2816-4716-91CA-0B6B72460AB7} - No File SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9o6qguw5.default\ FF - component: C:\Program Files (x86)\PriceGong\2.1.0\FF\components\PriceGongFF.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - C:\Program Files (x86)\PriceGong\2.1.0\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-10 69376] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:24:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD00.fcl [2008-11-28 146928] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-10 135336] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-10 267944] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-10 83120] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-9 1405384] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952] R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-21 126464] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-9 17152] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736] . =============== Created Last 30 ================ . 2011-03-12 03:38:00 516 ---ha-w- C:\aaw7boot.cmd 2011-03-10 20:48:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-03-10 20:48:38 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-03-10 09:27:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-03-10 09:27:53 -------- d-----w- C:\Program Files (x86)\Avira 2011-03-10 09:27:53 -------- d-----w- C:\PROGRA~3\Avira 2011-03-10 08:52:08 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2011-03-10 08:42:51 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-03-10 08:42:48 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-03-10 08:41:36 -------- d-----w- C:\Users\Owner\AppData\Local\Sunbelt Software 2011-03-10 08:40:58 -------- dc-h--w- C:\PROGRA~3\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-10 08:40:49 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-03-09 20:46:34 -------- d-----w- C:\PROGRA~3\iJlPaDh06504 2011-03-08 13:08:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DDFCE07D-BB34-408E-8701-41D562EDBE63}\mpengine.dll 2011-03-02 06:13:47 -------- d-----w- C:\Windows\System32\SPReview 2011-03-02 06:06:09 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-03-02 06:06:09 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-03-02 06:06:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-03-02 06:04:59 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-03-02 06:03:59 726528 ----a-w- C:\Windows\System32\appwiz.cpl 2011-03-02 06:02:59 98816 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2011-03-02 06:01:59 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll 2011-03-02 06:01:59 257024 ----a-w- C:\Windows\SysWow64\dpx.dll 2011-03-02 06:01:56 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-02 06:01:56 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-02 05:58:43 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-03-02 05:58:43 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-03-02 05:58:43 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-03-02 05:58:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-03-02 05:58:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-03-02 05:57:32 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-03-02 05:57:31 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-03-01 21:39:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-03-01 21:39:54 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-01 18:59:25 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c790b73e1cbd8422e\InstallManager_WLE_WLE.exe 2011-03-01 18:59:04 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bb9eadf71cbd84223\MeshBetaRemover.exe 2011-03-01 18:58:44 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DSETUP.dll 2011-03-01 18:58:44 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\DXSETUP.exe 2011-03-01 18:58:44 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\afebaa6d1cbd8421b\dsetup32.dll 2011-03-01 18:58:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DSETUP.dll 2011-03-01 18:58:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\DXSETUP.exe 2011-03-01 18:58:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1f210e1cbd8421a\dsetup32.dll 2011-03-01 18:57:42 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live 2011-02-23 21:29:18 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 21:29:18 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 21:29:18 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 21:29:17 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll . ==================== Find3M ==================== . 2011-03-02 06:20:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-03-02 06:20:31 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys 2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll 2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll 2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll 2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll . ============= FINISH: 21:08:42.44 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/9/2010 2:31:55 AM System Uptime: 3/12/2011 8:57:39 AM (13 hours ago) . Motherboard: Quanta | | 3627 Processor: Intel® Core(tm)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 214.417 GiB free. D: is FIXED (NTFS) - 13 GiB total, 2.032 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP205: 3/2/2011 12:13:25 AM - Windows 7 Service Pack 1 RP206: 3/2/2011 3:58:06 AM - Windows Update RP208: 3/3/2011 12:16:15 PM - Windows Defender Checkpoint RP209: 3/4/2011 1:32:47 PM - Windows Update RP210: 3/8/2011 7:08:14 AM - Windows Update RP211: 3/9/2011 3:26:29 PM - Windows Update RP213: 3/10/2011 2:38:21 AM - Windows Defender Checkpoint RP214: 3/10/2011 3:00:11 AM - Windows Update RP215: 3/10/2011 2:46:57 PM - Installed Java(tm) 6 Update 24 RP216: 3/11/2011 3:00:26 AM - Windows Update . ==== Installed Programs ====================== . 4shared Desktop Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Ad-Aware Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1 Adobe Shockwave Player 11.5 Ancient Tri Jong Ancient Tripeaks 2 Apple Application Support Apple Software Update Avira AntiVir Personal - Free Antivirus Big Fish Games: Game Manager blinkx beat Charm Solitaire Compatibility Pack for the 2007 Office system CyberLink DVD Suite D3DX10 Diner Dash 2 Diner Dash 5: Boom ESU for Microsoft Vista EZ Cards (remove only) FeedingFrenzy FiberTwig Fortune Tiles Gold Gimp 2.6.2 Debug Gold Miner Vegas Google Chrome Google Toolbar for Internet Explorer Google Update Helper HP Active Support Library HP Common Access Service Library HP Customer Experience Enhancements HP Help and Support HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SlingPlayer HP MediaSmart TV HP MediaSmart Webcam HP Quick Launch Buttons 6.40 L1 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0126 HP Wireless Assistant HPAsset component for HP Active Support Library IDT Audio Insaniquarium Java Auto Updater Java(tm) 6 Update 24 Java(tm) 6 Update 7 Jewel Match Juno Preloader LabelPrint LetterLinker LightScribe System Software 1.14.17.1 MadCaps Magic Ball 2 Mah Jong Medley Mahjong Fortuna 2 Deluxe Mahjongg Fortuna Deluxe Malwarebytes' Anti-Malware Mariposa Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Mind Medley Monopoly by Parker Brothers Mozilla Firefox (3.6.15) Mozilla Thunderbird (3.1.7) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games My.Freeze.com Toolbar (Remove Toolbar Only) MyITLab ActiveX Installer 2, 9, 8, 65535 Mystery P.I. - The Lottery Ticket NetZero Preloader Peggle Deluxe Plants vs. Zombies PMB PopDrop Power2Go PowerDirector PriceGong 2.1.0 QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Shangri La 2 Deluxe Skype™ 4.2 Slingbox - Watch Your TV Anywhere SlingPlayer Slots Spelling Dictionaries Support For Adobe Reader 9 Spirit of Wandering The Legend SPORE Creature Creator Trial Edition Spybot - Search & Destroy Steam Team Fortress 2 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2492475) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Vogue Tales WildWords Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Winferno Registry Power Cleaner WinRAR archiver WinZip Word Slinger Yahoo! Software Update Zenerchi . ==== Event Viewer Messages From Past Week ======== . 3/8/2011 2:10:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 3/7/2011 2:59:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/6/2011 11:57:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVIDGRAPENTIN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{25BC18DB-48A7-4F19-9C35-92ABBD091A7E}. The master browser is stopping or an election is being forced. 3/12/2011 7:04:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 3/11/2011 3:02:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979). 3/11/2011 3:02:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Groove 2007 (KB2494047). 3/10/2011 3:28:17 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 3/10/2011 3:03:39 PM, Error: hpdskflt [1001] - 3/10/2011 3:02:14 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/10/2011 3:02:07 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 3/10/2011 2:41:18 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File ===========================